Solved Win32/Heur Virus

Status
Not open for further replies.

City3000

Posts: 23   +0
Hi,

My PC seems to have been infected with the Win32/Heur virus, AVG popped up a message while I was scanning using Malwarebytes telling me of two cases of the Heur32 virus, both as system32\logoff.exe in Explore.exe and Malwarebytes...\mbam.exe. There was also a virus in the system volume folder aswell.

I don't know whether it is related or not but my pc has had problems booting and has often been freezing on startup.

I have followed the 8 steps and these are the results:
-----------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5098

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/11/2010 23:38:37
mbam-log-2010-11-12 (23-38-37).txt

Scan type: Quick scan
Objects scanned: 135705
Time elapsed: 6 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
----------------

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-12 23:25:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\fasttx2k1Port2Path0Target0Lun0 Promise_ rev.1.10
Running: 0djcum5d.exe; Driver: C:\DOCUME~1\Alan\LOCALS~1\Temp\kxdcifod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

----------------------
DDS (Ver_10-11-10.01) - NTFSx86
Run by Alan at 23:39:46.54 on 12/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.379 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
svchost.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Alan\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Flock Update] "c:\documents and settings\alan\local settings\application data\flock\update\FlockUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CTHelper] CTHELPER.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\web2~1\office12\REFIEBAR.DLL
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261575492890
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258455318328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C92FAE80-87D0-431D-BA75-3E7A64F5069F} - hxxps://media.blinkbox.com/Licensing/Blinkbox.Licensing.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = :\windows\syste

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alan\applic~1\mozilla\firefox\profiles\jl009ewv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1807261&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.bcfc.co.uk/page/Home/0,,10327,00.html
FF - component: c:\documents and settings\alan\application data\mozilla\firefox\profiles\jl009ewv.default\extensions\{ec4df147-b8bd-4b8c-99de-2f618d391d41}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\alan\application data\mozilla\firefox\profiles\jl009ewv.default\extensions\{ec4df147-b8bd-4b8c-99de-2f618d391d41}\components\RadioWMPCore.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\alan\local settings\application data\flock\update\1.2.213.0\npFlockOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-12 64288]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2003-9-5 77056]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-10-8 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-10-8 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-10-8 243024]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
R1 vobcom;vobcom;c:\windows\system32\drivers\vobcom.sys [2001-10-4 9728]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [2003-8-27 187392]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-10-9 308136]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2009-2-18 2560]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S2 gupdate1c99a946454e94;Google Update Service (gupdate1c99a946454e94);c:\program files\google\update\GoogleUpdate.exe [2009-3-1 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1352832]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [2002-12-13 64000]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-10-8 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]
S4 iteraid;iteraid; [x]
S4 Si3112r;Si3112r; [x]

=============== Created Last 30 ================

2010-11-12 10:25:52 -------- d-sh--w- C:\found.000
2010-10-28 20:52:39 421888 ----a-w- c:\windows\system32\ac3filter.acm
2010-10-28 20:52:30 -------- d-----w- c:\program files\XP Codec Pack
2010-10-26 12:40:34 -------- d-----w- c:\docume~1\alan\locals~1\applic~1\Sports Interactive
2010-10-20 11:12:28 -------- d-----w- c:\program files\common files\ODBC
2010-10-20 10:38:48 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-20 10:38:48 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-20 10:38:24 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

==================== Find3M ====================

2010-11-12 23:15:57 1249 --sha-w- c:\windows\system32\mmf.sys
2010-10-12 13:59:08 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-10-12 13:59:08 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-10-12 13:58:03 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-10-09 10:32:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-10-08 12:42:08 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-10-08 12:42:08 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 04:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 02:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-14 21:38:06 1249 --sha-w- c:\windows\system32\mmf(2)(8).sys
2010-09-14 15:25:16 1249 --sha-w- c:\windows\system32\mmf(3)(8).sys
2010-09-14 09:16:21 1249 --sha-w- c:\windows\system32\mmf(4)(8).sys
2010-09-13 09:03:11 1249 --sha-w- c:\windows\system32\mmf(5)(7).sys
2010-09-12 22:50:26 1249 --sha-w- c:\windows\system32\mmf(6)(7).sys
2010-09-12 11:41:00 1249 --sha-w- c:\windows\system32\mmf(7)(7).sys
2010-09-11 20:24:53 1249 --sha-w- c:\windows\system32\mmf(8)(7).sys
2010-09-11 11:12:26 1249 --sha-w- c:\windows\system32\mmf(9)(6).sys
2010-09-10 23:14:54 1249 --sha-w- c:\windows\system32\mmf(10)(7).sys
2010-09-10 09:36:35 1249 --sha-w- c:\windows\system32\mmf(11)(6).sys
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 12:05:49 1249 --sha-w- c:\windows\system32\mmf(12)(6).sys
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 09:28:42 1249 --sha-w- c:\windows\system32\mmf(13)(5).sys
2010-09-07 15:06:28 1249 --sha-w- c:\windows\system32\mmf(14)(4).sys
2010-09-07 14:57:01 1249 --sha-w- c:\windows\system32\mmf(15)(4).sys
2010-09-07 14:51:51 1249 --sha-w- c:\windows\system32\mmf(16)(3).sys
2010-09-07 14:49:17 1249 --sha-w- c:\windows\system32\mmf(17)(3).sys
2010-09-07 14:43:47 1249 --sha-w- c:\windows\system32\mmf(18)(3).sys
2010-09-07 14:29:27 1249 --sha-w- c:\windows\system32\mmf(19)(3).sys
2010-09-07 14:22:26 1249 --sha-w- c:\windows\system32\mmf(20)(3).sys
2010-09-07 14:15:37 1249 --sha-w- c:\windows\system32\mmf(21)(3).sys
2010-09-07 14:10:37 1249 --sha-w- c:\windows\system32\mmf(22)(3).sys
2010-09-07 14:02:33 1249 --sha-w- c:\windows\system32\mmf(23)(3).sys
2010-09-07 13:59:51 1249 --sha-w- c:\windows\system32\mmf(24)(4).sys
2010-09-07 13:33:33 1249 --sha-w- c:\windows\system32\mmf(25)(3).sys
2010-09-07 09:29:29 1249 --sha-w- c:\windows\system32\mmf(26)(3).sys
2010-09-06 10:02:54 1249 --sha-w- c:\windows\system32\mmf(27)(3).sys
2010-09-06 09:53:06 1249 --sha-w- c:\windows\system32\mmf(28)(3).sys
2010-09-06 09:33:09 1249 --sha-w- c:\windows\system32\mmf(29)(3).sys
2010-09-05 11:53:07 1249 --sha-w- c:\windows\system32\mmf(30)(3).sys
2010-09-05 10:10:27 1249 --sha-w- c:\windows\system32\mmf(31)(2).sys
2010-09-04 07:38:26 1249 --sha-w- c:\windows\system32\mmf(32)(2).sys
2010-09-03 09:38:12 1249 --sha-w- c:\windows\system32\mmf(33)(2).sys
2010-09-02 09:16:50 1249 --sha-w- c:\windows\system32\mmf(34)(2).sys
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 10:30:58 1249 --sha-w- c:\windows\system32\mmf(35)(2).sys
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 09:30:14 1249 --sha-w- c:\windows\system32\mmf(36)(2).sys
2010-08-30 09:22:26 1249 --sha-w- c:\windows\system32\mmf(37)(2).sys
2010-08-29 11:12:32 1249 --sha-w- c:\windows\system32\mmf(38)(2).sys
2010-08-28 10:36:00 1249 --sha-w- c:\windows\system32\mmf(39)(2).sys
2010-08-27 12:09:24 1249 --sha-w- c:\windows\system32\mmf(40)(2).sys
2010-08-27 11:20:33 1249 --sha-w- c:\windows\system32\mmf(41)(2).sys
2010-08-27 10:31:45 1249 --sha-w- c:\windows\system32\mmf(2)(5).sys
2010-08-27 10:07:54 1249 --sha-w- c:\windows\system32\mmf(3)(5).sys
2010-08-27 09:42:54 1249 --sha-w- c:\windows\system32\mmf(4)(5).sys
2010-08-27 09:26:06 1249 --sha-w- c:\windows\system32\mmf(5)(4).sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 11:18:14 1249 --sha-w- c:\windows\system32\mmf(6)(4).sys
2010-08-25 10:00:59 1249 --sha-w- c:\windows\system32\mmf(7)(4).sys
2010-08-24 09:04:05 1249 --sha-w- c:\windows\system32\mmf(8)(4).sys
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-23 09:03:38 1249 --sha-w- c:\windows\system32\mmf(9)(4).sys
2010-08-22 09:25:21 1249 --sha-w- c:\windows\system32\mmf(10)(4).sys
2010-08-21 16:50:10 1249 --sha-w- c:\windows\system32\mmf(11)(3).sys
2010-08-20 08:52:19 1249 --sha-w- c:\windows\system32\mmf(12)(3).sys
2010-08-19 09:16:36 1249 --sha-w- c:\windows\system32\mmf(13)(3).sys
2010-08-18 09:24:10 1249 --sha-w- c:\windows\system32\mmf(14)(3).sys
2010-08-17 15:32:08 1249 --sha-w- c:\windows\system32\mmf(15)(2).sys
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 09:47:45 1249 --sha-w- c:\windows\system32\mmf(16)(2).sys
2010-08-16 09:18:15 1249 --sha-w- c:\windows\system32\mmf(17)(2).sys
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-15 10:10:02 1249 --sha-w- c:\windows\system32\mmf(18)(2).sys

============= FINISH: 23:40:19.03 ===============

------------------------
DDS (Ver_10-11-10.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 22/01/2009 19:10:23
System Uptime: 11/12/2010 23:14:37 (-696 hours ago)

Motherboard: ASUSTeK Computer Inc. | | A8V Deluxe
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket 939 | 2202/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 279 GiB total, 164.864 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Network Controller
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_130F1043&REV_01\3&267A616A&0&48
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_130F1043&REV_01\3&267A616A&0&48
Service:

==== System Restore Points ===================

RP1: 12/11/2010 20:40:08 - System Checkpoint

==== Installed Programs ======================

888poker
Ad-Aware
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Web Standard
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Output Module
Adobe PDF Library Files CS4
Adobe PDistiller
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
AviSynth 2.5
Baseball Mogul 2011
Bonjour
CCleaner
CDBurnerXP
Championship Manager 01-02
CMTacticus
Connect
Creative Audio Console
Creative MediaSource
Creative Software AutoUpdate
Critical Update for Windows Media Player 11 (KB959772)
EA SPORTS(TM) Cricket 07
Flock (3.0.6.4253)
Football Manager 2011 Demo
GIMP 2.6.8
Google Chrome
Google Earth
Google Update Helper
Google Updater
HHD Software Free Hex Editor Neo 4.81
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 970c series (Remove only)
inSSIDer
installation
iPhone Configuration Utility
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 7
kuler
Line-up Viewer
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft DirectX SDK (June 2008)
Microsoft Expression Web 2
Microsoft Expression Web 2 MUI (English)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.12)
MP3 Player Recovery Tool
Netscape Navigator (9.0.0.6)
NHL Eastside Hockey Manager 2007
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
OpenOffice.org 3.0
Opera 10.63
Paint.NET v3.36
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
PokerStars
PowerMenu 1.51
PS3 Video 9 5.04
QuickTime
Rapport
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spotify
Steam
Suite Shared Configuration CS4
System Requirements Lab
TEW2010
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Expression Web 2 (KB957827)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Snooper v2.23.01
Vista For DUMMIES
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.8a
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 4.1 beta5
WinRAR archiver
XP Codec Pack
YouTube Downloader App 2.03

==== Event Viewer Messages From Past Week ========

12/11/2010 23:13:14, error: Service Control Manager [7034] - The NMSAccessU service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:14, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:13, error: Service Control Manager [7034] - The LicCtrl Service service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:13, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:12, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:12, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:12, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/11/2010 23:13:11, error: Service Control Manager [7034] - The Rapport Management Service service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:11, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:11, error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:11, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/11/2010 19:52:53, error: NetBT [4321] - The name "ANNIE :0" could not be registered on the Interface with IP address 192.168.2.2. The machine with the IP address 192.168.2.6 did not allow the name to be claimed by this machine.
12/11/2010 15:48:02, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip
12/11/2010 15:48:02, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2010 15:48:02, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2010 15:48:02, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2010 15:48:02, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2010 15:48:02, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2010 15:48:02, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2010 15:47:12, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/11/2010 15:46:47, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/11/2010 15:46:44, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/11/2010 12:40:28, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
11/11/2010 01:13:48, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 0011D8710DC1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
09/11/2010 10:25:56, error: NetBT [4321] - The name "ANNIE :0" could not be registered on the Interface with IP address 192.168.2.3. The machine with the IP address 192.168.2.4 did not allow the name to be claimed by this machine.
08/11/2010 19:53:59, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 0011D8710DC1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
05/11/2010 11:41:01, error: fasttx2k [9] - The device, \Device\Scsi\fasttx2k1, did not respond within the timeout period.
05/11/2010 11:33:35, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service service to connect.
05/11/2010 11:33:35, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

---------------------

Many Thanks

Alan
 
Welcome aboard
yahooo.gif


Please, observe following rules:

  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 146):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF7B1C000 \WINDOWS\system32\KDCOM.DLL
0xF7A2C000 \WINDOWS\system32\BOOTVID.dll
0xF74ED000 ACPI.sys
0xF7B1E000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74DC000 pci.sys
0xF761C000 isapnp.sys
0xF762C000 ohci1394.sys
0xF763C000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7B20000 viaide.sys
0xF789C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF764C000 MountMgr.sys
0xF74BD000 ftdisk.sys
0xF78A4000 PartMgr.sys
0xF765C000 VolSnap.sys
0xF74A5000 atapi.sys
0xF747E000 fasttx2k.sys
0xF7466000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7453000 viasraid.sys
0xF766C000 disk.sys
0xF767C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7433000 fltmgr.sys
0xF7421000 sr.sys
0xF768C000 Lbd.sys
0xF740A000 KSecDD.sys
0xF737D000 Ntfs.sys
0xF7350000 NDIS.sys
0xF78AC000 viaagp1.sys
0xF769C000 RapportKELL.sys
0xF7B22000 \WINDOWS\System32\Drivers\USBD.SYS
0xF7336000 Mup.sys
0xF76AC000 gagp30kx.sys
0xF76BC000 AVGIDSEH.Sys
0xF4E44000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF4E30000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6C4B000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF4E05000 \SystemRoot\system32\DRIVERS\yukonwxp.sys
0xF4D85000 \SystemRoot\system32\drivers\ctaud2k.sys
0xF0F6B000 \SystemRoot\system32\drivers\portcls.sys
0xF250C000 \SystemRoot\system32\drivers\drmk.sys
0xF0F48000 \SystemRoot\system32\drivers\ks.sys
0xF0F14000 \SystemRoot\system32\drivers\ctoss2k.sys
0xF79A4000 \SystemRoot\system32\drivers\ctprxy2k.sys
0xF253C000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xEDDAE000 \SystemRoot\system32\DRIVERS\HSFBS2S2.sys
0xEDCAF000 \SystemRoot\system32\DRIVERS\HSFDPSP2.sys
0xEDC07000 \SystemRoot\system32\DRIVERS\HSFCXTS2.sys
0xF79B4000 \SystemRoot\System32\Drivers\Modem.SYS
0xF24BC000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF79AC000 \SystemRoot\system32\drivers\Asapiw2k.sys
0xF24AC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF249C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF79BC000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF79C4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xEDBE3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7B40000 \SystemRoot\System32\Drivers\vulfnth.sys
0xF79CC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF79D4000 \SystemRoot\system32\DRIVERS\fdc.sys
0xEDBCF000 \SystemRoot\system32\DRIVERS\parport.sys
0xF248C000 \SystemRoot\system32\DRIVERS\serial.sys
0xEEA77000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF247C000 \SystemRoot\system32\DRIVERS\processr.sys
0xF7C92000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF6C1B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xEEA73000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xEDBB8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6C0B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6BFB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF79E4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xEDBA7000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6BEB000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7A0C000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF13CC000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF58F1000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF13C4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF2A21000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B42000 \SystemRoot\system32\DRIVERS\swenum.sys
0xEDB49000 \SystemRoot\system32\DRIVERS\update.sys
0xEEA6B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF58E1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEBA1E000 \SystemRoot\system32\drivers\hap16v2k.sys
0xEB914000 \SystemRoot\system32\drivers\ha10kx2k.sys
0xEB8E5000 \SystemRoot\system32\drivers\emupia2k.sys
0xEB8BC000 \SystemRoot\system32\drivers\ctsfm2k.sys
0xEB820000 \SystemRoot\system32\drivers\ctac32k.sys
0xEB805000 \SystemRoot\System32\drivers\COMMONFX.SYS
0xEB777000 \SystemRoot\System32\drivers\CTSBLFX.SYS
0xEB6EC000 \SystemRoot\System32\drivers\CTAUDFX.SYS
0xEDE4E000 \SystemRoot\System32\Drivers\vulfntr.sys
0xEDFCC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF2A19000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF29E9000 \SystemRoot\System32\Drivers\vobcom.SYS
0xF7B56000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C2C000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B58000 \SystemRoot\System32\Drivers\Beep.SYS
0xF29E1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7A1C000 \SystemRoot\System32\drivers\vga.sys
0xF7B5A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B5C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF29D9000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF2A09000 \SystemRoot\System32\Drivers\Npfs.SYS
0xEB699000 \SystemRoot\System32\Drivers\vobiw.SYS
0xEDE2E000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEB686000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEB62D000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEB5F3000 \SystemRoot\System32\Drivers\avgtdix.sys
0xEB5CD000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEDF9C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEDF8C000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xEB5A5000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEB583000 \SystemRoot\System32\drivers\afd.sys
0xEDF7C000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEB558000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEB52F000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
0xF1394000 \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys
0xEB4BF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xEDF6C000 \SystemRoot\System32\Drivers\Fips.SYS
0xF138C000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xEB48B000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF29F1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF7ADC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF6C2B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7AE4000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF7AF0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF781C000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF7B08000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0xEB464000 \SystemRoot\System32\Drivers\dump_fasttx2k.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xF72FA000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79FC000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CFD000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB8788000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB853C000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB8437000 \SystemRoot\system32\drivers\wdmaud.sys
0xB8628000 \SystemRoot\system32\drivers\sysaudio.sys
0xB81FC000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7B6A000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB81EB000 \SystemRoot\System32\Drivers\adfs.SYS
0xB8092000 \SystemRoot\System32\Drivers\HTTP.sys
0xB7F4A000 \SystemRoot\system32\DRIVERS\srv.sys
0xB80F3000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 49):
0 System Idle Process
4 System
680 C:\WINDOWS\system32\smss.exe
768 csrss.exe
792 C:\WINDOWS\system32\winlogon.exe
836 C:\WINDOWS\system32\services.exe
848 C:\WINDOWS\system32\lsass.exe
992 C:\WINDOWS\system32\nvsvc32.exe
1076 C:\WINDOWS\system32\svchost.exe
1156 svchost.exe
1252 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
1292 C:\WINDOWS\system32\svchost.exe
1356 svchost.exe
1376 C:\Program Files\AVG\AVG9\avgchsvx.exe
1396 C:\Program Files\AVG\AVG9\avgrsx.exe
1484 svchost.exe
1732 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1824 C:\WINDOWS\explorer.exe
212 C:\WINDOWS\system32\spoolsv.exe
260 C:\Program Files\Creative\Shared Files\CTAudSvc.exe
1404 svchost.exe
1388 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1476 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1520 C:\Program Files\Bonjour\mDNSResponder.exe
1556 C:\WINDOWS\system32\CTSVCCDA.EXE
480 C:\WINDOWS\system32\svchost.exe
508 C:\Program Files\Java\jre6\bin\jqs.exe
572 C:\WINDOWS\Runservice.exe
724 C:\Program Files\CDBurnerXP\NMSAccessU.exe
472 C:\WINDOWS\system32\svchost.exe
1816 C:\WINDOWS\system32\MsPMSPSv.exe
1580 C:\Program Files\AVG\AVG9\avgnsx.exe
2320 wmpnetwk.exe
2596 C:\WINDOWS\system32\wuauclt.exe
2904 C:\WINDOWS\system32\wscntfy.exe
3040 alg.exe
3472 C:\WINDOWS\system32\rundll32.exe
3576 C:\WINDOWS\system32\CtHelper.exe
3612 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3776 C:\Program Files\iTunes\iTunesHelper.exe
3788 C:\WINDOWS\system32\rundll32.exe
3800 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
3812 C:\PROGRA~1\AVG\AVG9\avgtray.exe
3840 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
3856 C:\WINDOWS\system32\ctfmon.exe
3904 C:\Program Files\Windows Media Player\wmpnscfg.exe
2120 C:\Program Files\iPod\bin\iPodService.exe
2496 C:\Program Files\Mozilla Firefox\firefox.exe
3628 C:\Documents and Settings\Alan\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: Promise1+0 Stripe/RAID0, Rev: 1.10

Size Device Name MBR Status
--------------------------------------------
279 GB \\.\PhysicalDrive0 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
 
Looks good :)

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
2010/11/13 02:15:09.0281 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/13 02:15:09.0281 ================================================================================
2010/11/13 02:15:09.0281 SystemInfo:
2010/11/13 02:15:09.0281
2010/11/13 02:15:09.0281 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/13 02:15:09.0281 Product type: Workstation
2010/11/13 02:15:09.0281 ComputerName: YOUR-52F45BFAC
2010/11/13 02:15:09.0281 UserName: Alan
2010/11/13 02:15:09.0281 Windows directory: C:\WINDOWS
2010/11/13 02:15:09.0281 System windows directory: C:\WINDOWS
2010/11/13 02:15:09.0281 Processor architecture: Intel x86
2010/11/13 02:15:09.0281 Number of processors: 1
2010/11/13 02:15:09.0281 Page size: 0x1000
2010/11/13 02:15:09.0281 Boot type: Normal boot
2010/11/13 02:15:09.0281 ================================================================================
2010/11/13 02:15:09.0906 !crdlk
2010/11/13 02:15:09.0937 Initialize success
2010/11/13 02:15:16.0406 ================================================================================
2010/11/13 02:15:16.0406 Scan started
2010/11/13 02:15:16.0406 Mode: Manual;
2010/11/13 02:15:16.0406 ================================================================================
2010/11/13 02:15:17.0187 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/13 02:15:17.0296 ACPIEC (98b8d5400352471bb00148489b24a685) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/13 02:15:17.0406 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
2010/11/13 02:15:17.0578 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/13 02:15:17.0718 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/13 02:15:18.0140 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/13 02:15:18.0234 ASAPIW2K (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\drivers\Asapiw2k.sys
2010/11/13 02:15:18.0546 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/13 02:15:18.0593 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/13 02:15:18.0718 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/13 02:15:18.0843 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/13 02:15:19.0000 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2010/11/13 02:15:19.0109 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/11/13 02:15:19.0171 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/11/13 02:15:19.0250 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/11/13 02:15:19.0390 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/13 02:15:19.0500 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/13 02:15:19.0640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/13 02:15:19.0765 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/13 02:15:19.0828 cdrdrv (a438e08fc07fe75326250b0b707df8ed) C:\WINDOWS\system32\Drivers\Cdrdrv.sys
2010/11/13 02:15:19.0906 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/13 02:15:20.0156 COMMONFX (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\system32\drivers\COMMONFX.SYS
2010/11/13 02:15:20.0203 COMMONFX.SYS (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\System32\drivers\COMMONFX.SYS
2010/11/13 02:15:20.0437 ctac32k (357c534b38019b597f51c8bf7186c118) C:\WINDOWS\system32\drivers\ctac32k.sys
2010/11/13 02:15:20.0531 ctaud2k (691f8259a1f9c983356d8db2cde8043c) C:\WINDOWS\system32\drivers\ctaud2k.sys
2010/11/13 02:15:20.0609 CTAUDFX (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\system32\drivers\CTAUDFX.SYS
2010/11/13 02:15:20.0703 CTAUDFX.SYS (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\System32\drivers\CTAUDFX.SYS
2010/11/13 02:15:20.0796 ctdvda2k (8545d70b0335a05498f34e7e3f8ca9a2) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2010/11/13 02:15:20.0890 CTERFXFX (16f448354067914e7deaea709011bd60) C:\WINDOWS\system32\drivers\CTERFXFX.SYS
2010/11/13 02:15:21.0000 CTERFXFX.SYS (16f448354067914e7deaea709011bd60) C:\WINDOWS\System32\drivers\CTERFXFX.SYS
2010/11/13 02:15:21.0062 ctprxy2k (4d71541283aea28fb839007be90b5fc7) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2010/11/13 02:15:21.0125 CTSBLFX (64c83684661be137023f5186a612cf34) C:\WINDOWS\system32\drivers\CTSBLFX.SYS
2010/11/13 02:15:21.0187 CTSBLFX.SYS (64c83684661be137023f5186a612cf34) C:\WINDOWS\System32\drivers\CTSBLFX.SYS
2010/11/13 02:15:21.0250 ctsfm2k (632194572ebde8d461728cf382a7e964) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2010/11/13 02:15:21.0531 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/13 02:15:21.0625 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/13 02:15:21.0734 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/13 02:15:21.0828 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/13 02:15:21.0921 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/13 02:15:22.0062 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/13 02:15:22.0187 emupia (bacd9cc06d7a787e529e7ebf56b671aa) C:\WINDOWS\system32\drivers\emupia2k.sys
2010/11/13 02:15:22.0343 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/13 02:15:22.0484 fasttx2k (3acbc73531dedd69837fe73b1623d49c) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
2010/11/13 02:15:22.0578 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/13 02:15:22.0640 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/13 02:15:22.0703 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/13 02:15:22.0781 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/13 02:15:22.0890 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/13 02:15:22.0953 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/13 02:15:23.0015 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2010/11/13 02:15:23.0125 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/11/13 02:15:23.0187 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/11/13 02:15:23.0281 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/13 02:15:23.0437 ha10kx2k (70606233f3ed0e53cb3ea17f846d6a4f) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2010/11/13 02:15:23.0531 hap16v2k (a0c69ad2a61e576b0207acdd9626e167) C:\WINDOWS\system32\drivers\hap16v2k.sys
2010/11/13 02:15:23.0625 hap17v2k (2ee89452c574d259ada4fc9fc1c07243) C:\WINDOWS\system32\drivers\hap17v2k.sys
2010/11/13 02:15:23.0718 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/13 02:15:24.0046 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
2010/11/13 02:15:24.0171 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
2010/11/13 02:15:24.0312 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/13 02:15:24.0609 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/13 02:15:24.0750 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/13 02:15:24.0937 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/13 02:15:25.0031 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/13 02:15:25.0109 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/13 02:15:25.0171 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/13 02:15:25.0265 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/13 02:15:25.0421 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/13 02:15:25.0500 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/13 02:15:25.0687 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/13 02:15:25.0750 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/13 02:15:25.0812 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/13 02:15:25.0890 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/13 02:15:26.0015 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/11/13 02:15:26.0203 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/11/13 02:15:26.0359 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/13 02:15:26.0484 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/13 02:15:26.0546 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/13 02:15:26.0640 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/13 02:15:26.0703 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/13 02:15:26.0828 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/13 02:15:26.0906 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/13 02:15:27.0062 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/13 02:15:27.0156 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/13 02:15:27.0296 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/13 02:15:27.0406 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/13 02:15:27.0484 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/13 02:15:27.0531 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/13 02:15:27.0640 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/13 02:15:27.0734 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/13 02:15:27.0796 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/13 02:15:27.0843 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/13 02:15:27.0906 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/13 02:15:27.0984 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/13 02:15:28.0046 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/13 02:15:28.0187 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/13 02:15:28.0296 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/11/13 02:15:28.0453 NPF (c5f0202a00227aecb69e722c52385ffc) C:\WINDOWS\system32\drivers\npf.sys
2010/11/13 02:15:28.0531 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/13 02:15:28.0593 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/13 02:15:28.0734 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/13 02:15:29.0109 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/13 02:15:29.0703 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/13 02:15:29.0765 NwlnkFwd (12b662d585285e69479d38b68c447728) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/13 02:15:29.0859 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/13 02:15:29.0937 ossrv (ae896073e1bbf98fefc2ec52f62c0fba) C:\WINDOWS\system32\drivers\ctoss2k.sys
2010/11/13 02:15:30.0000 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/13 02:15:30.0078 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/13 02:15:30.0140 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/13 02:15:30.0203 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/13 02:15:30.0421 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/13 02:15:30.0890 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/13 02:15:30.0953 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/13 02:15:31.0031 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/13 02:15:31.0093 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/13 02:15:31.0578 RapportCerberus_19917 (539fbdcff37a24102c507092b333ec2b) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys
2010/11/13 02:15:31.0671 RapportKELL (b64262f33c53d690ed662fde57102b10) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2010/11/13 02:15:31.0750 RapportPG (c9b8a131aaf77d969cbc3987537b319d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2010/11/13 02:15:31.0828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/13 02:15:31.0921 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/13 02:15:31.0984 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/13 02:15:32.0031 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/13 02:15:32.0109 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/13 02:15:32.0218 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/13 02:15:32.0312 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/13 02:15:32.0421 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/13 02:15:32.0625 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/13 02:15:32.0734 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/13 02:15:32.0796 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/13 02:15:32.0875 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/13 02:15:33.0187 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/13 02:15:33.0250 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/13 02:15:33.0421 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/13 02:15:33.0562 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/13 02:15:33.0609 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/13 02:15:34.0000 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/13 02:15:34.0109 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/13 02:15:34.0234 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/13 02:15:34.0328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/13 02:15:34.0406 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/13 02:15:34.0593 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/13 02:15:34.0734 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/13 02:15:34.0859 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/11/13 02:15:34.0953 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/13 02:15:35.0015 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/13 02:15:35.0078 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/13 02:15:35.0171 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/13 02:15:35.0250 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/13 02:15:35.0421 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/13 02:15:35.0515 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/13 02:15:35.0562 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/13 02:15:35.0640 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
2010/11/13 02:15:35.0703 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/13 02:15:35.0765 viasraid (45469fa05947d75874316649a22878d4) C:\WINDOWS\system32\DRIVERS\viasraid.sys
2010/11/13 02:15:35.0875 vobcom (705c36bc6e13fdb304486898d6d8512b) C:\WINDOWS\system32\drivers\vobcom.sys
2010/11/13 02:15:35.0937 vobiw (2a6097dc321d79ebfd5da31e5a2d4cb1) C:\WINDOWS\system32\drivers\vobiw.sys
2010/11/13 02:15:36.0015 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/13 02:15:36.0125 vulfnths (c9a8ba443f809b70bccccd60cc73fa5c) C:\WINDOWS\System32\Drivers\vulfnth.sys
2010/11/13 02:15:36.0187 vulfntrs (2d8c55889616f7767e9fb8adee37a02a) C:\WINDOWS\System32\Drivers\vulfntr.sys
2010/11/13 02:15:36.0265 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/13 02:15:36.0406 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/13 02:15:36.0578 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
2010/11/13 02:15:36.0843 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/13 02:15:36.0968 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/13 02:15:37.0140 yukonwxp (dee4899b4ac10a673b2df0cdd135167e) C:\WINDOWS\system32\DRIVERS\yukonwxp.sys
2010/11/13 02:15:37.0437 ================================================================================
2010/11/13 02:15:37.0437 Scan finished
2010/11/13 02:15:37.0437 ================================================================================
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 10-11-12.05 - Alan 13/11/2010 15:18:14.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.631 [GMT 0:00]
Running from: c:\documents and settings\Alan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Fonts\CONSOLAZ.TTF
c:\windows\Fonts\GOTHIC.TTF
c:\windows\Fonts\opens___.ttf
c:\windows\Fonts\serifet.fon
c:\windows\regedit.com
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\taskmgr.com

----- BITS: Possible infected sites -----

hxxp://update.flock.com
Infected copy of c:\windows\twunk_32.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\twunk_32.exe

Infected copy of c:\windows\system32\logoff.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\logoff.exe

Infected copy of c:\windows\system32\mrinfo.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\mrinfo.exe

Infected copy of c:\windows\system32\msg.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\msg.exe

Infected copy of c:\windows\system32\msswchx.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\msswchx.exe

Infected copy of c:\windows\system32\nbtstat.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\nbtstat.exe

Infected copy of c:\windows\system32\ntsd.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\ntsd.exe

Infected copy of c:\windows\system32\rasdial.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\rasdial.exe

Infected copy of c:\windows\system32\recover.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\recover.exe

Infected copy of c:\windows\system32\route.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\route.exe

Infected copy of c:\windows\system32\rsmui.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\rsmui.exe

Infected copy of c:\windows\system32\sfc.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\sfc.exe

Infected copy of c:\windows\system32\tcmsetup.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\tcmsetup.exe

Infected copy of c:\windows\system32\tcpsvcs.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\tcpsvcs.exe

Infected copy of c:\windows\system32\tftp.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\tftp.exe

Infected copy of c:\windows\system32\tracert6.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\tracert6.exe

c:\windows\system32\usrmlnka.exe . . . is infected!!

c:\windows\system32\usrprbda.exe . . . is infected!!

Infected copy of c:\windows\system32\verifier.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\verifier.exe

Infected copy of c:\windows\system32\vssadmin.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\vssadmin.exe

.
((((((((((((((((((((((((( Files Created from 2010-10-13 to 2010-11-13 )))))))))))))))))))))))))))))))
.

2010-11-12 10:25 . 2010-11-12 10:25 -------- d-----w- C:\found.000
2010-10-28 20:52 . 2008-07-09 09:05 421888 ----a-w- c:\windows\system32\ac3filter.acm
2010-10-28 20:52 . 2010-10-28 20:52 -------- d-----w- c:\program files\XP Codec Pack
2010-10-26 12:40 . 2010-10-26 12:40 -------- d-----w- c:\documents and settings\Alan\Local Settings\Application Data\Sports Interactive
2010-10-20 10:38 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-20 10:38 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-20 10:38 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-08 12:42 . 2009-01-22 19:43 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-10-08 12:42 . 2009-01-22 19:43 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-10-03 22:43 . 2010-10-03 22:43 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-09-18 11:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 04:50 . 2010-10-08 19:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 02:29 . 2009-02-26 15:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2004-08-04 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

------- Sigcheck -------

[-] 2004-08-04 . 98B8D5400352471BB00148489B24A685 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Flock Update"="c:\documents and settings\Alan\Local Settings\Application Data\Flock\Update\FlockUpdate.exe" [2010-10-09 136312]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 196608]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\PES\\Pro Evolution Soccer 6.5\\PES6.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\football manager 2010\\fm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\football manager 2011 demo\\fm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/02/2009 12:21 64288]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [03/10/2010 22:43 59240]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [05/09/2003 10:25 77056]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [03/10/2010 22:54 34792]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 22:43 169320]
R1 vobcom;vobcom;c:\windows\system32\drivers\vobcom.sys [04/10/2001 11:53 9728]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [27/08/2003 17:48 187392]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [18/02/2009 14:13 2560]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/10/2010 22:43 767208]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [18/03/2010 19:39 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [18/03/2010 19:39 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [18/03/2010 19:39 566360]
S2 gupdate1c99a946454e94;Google Update Service (gupdate1c99a946454e94);c:\program files\Google\Update\GoogleUpdate.exe [01/03/2009 17:34 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/07/2010 08:55 1352832]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 05:46 284016]
S3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [13/12/2002 18:33 64000]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [18/03/2010 19:39 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [08/10/2010 12:42 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [18/03/2010 19:39 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [18/03/2010 19:39 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [18/03/2010 19:39 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [18/03/2010 19:39 566360]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23/12/2008 15:35 50704]
S4 iteraid;iteraid; [x]
S4 Si3112r;Si3112r; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-11-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 08:55]

2010-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-11-11 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-1960408961-261903793-839522115-1004Core.job
- c:\documents and settings\Alan\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-10-09 16:09]

2010-11-13 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-1960408961-261903793-839522115-1004UA.job
- c:\documents and settings\Alan\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-10-09 16:09]

2010-11-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-16 11:54]

2010-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 17:34]

2010-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 17:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
DPF: {C92FAE80-87D0-431D-BA75-3E7A64F5069F} - hxxps://media.blinkbox.com/Licensing/Blinkbox.Licensing.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Alan\Application Data\Mozilla\Firefox\Profiles\jl009ewv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1807261&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.bcfc.co.uk/page/Home/0,,10327,00.html
FF - component: c:\documents and settings\Alan\Application Data\Mozilla\Firefox\Profiles\jl009ewv.default\extensions\{ec4df147-b8bd-4b8c-99de-2f618d391d41}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Alan\Application Data\Mozilla\Firefox\Profiles\jl009ewv.default\extensions\{ec4df147-b8bd-4b8c-99de-2f618d391d41}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Alan\Local Settings\Application Data\Flock\Update\1.2.213.0\npFlockOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
HKLM-Run-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Notify-avgrsstarter - avgrsstx.dll
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-TEW2010 - c:\progra~1\GDS\TEW2010\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-13 15:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-261903793-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:9a,7b,8d,aa,2b,05,42,4b,0a,8d,b6,cc,97,83,6f,09,c8,11,b9,5f,4f,
3f,e0,7f,8a,2b,da,c6,77,51,0b,08,ce,2f,86,ac,58,b2,b8,80,51,ef,44,7c,b2,da,\
"rkeysecu"=hex:e0,38,ec,89,b4,9c,5c,a6,5b,f1,bf,9a,67,50,56,f2

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10j_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10j_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,04,7d,73,7b,41,5e,94,
fd
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:58,92,5a,34,3f,c6,a5,c5
"3"=hex:5a,be,a6,ca,06,6b,9b,f3,26,3f,a1,ce,ba,ef,0d,65,4c,65,7d,fd,4c,90,ab,
a8,43,82,3c,0a,6c,6e,18,cd,10,8b,9f,d5,38,e1,0c,ba,73,d8,c4,23,58,46,7b,58,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,3f,80,7f,ac,40,bb,20,05,87,89,be,8f,36,9e,41,37,\
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
63,a0,2f,06,c2,a3,e9,62,70,d1,3e,e6,57,b7,98,40,c9,e4,cc,88,e6,39,d6,95,f5,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:11,19,97,f6,71,dc,bc,c7,69,57,a8,3e,7b,08,e5,c3,51,09,05,02,88,d1,bf,
b5,d0,8f,2d,97,10,a7,ba,b6,a0,3b,5b,45,14,5a,c6,04,d6,c5,01,7f,c3,e4,11,99,\
"13"=hex:56,46,54,01,20,42,ec,ce,68,12,f6,21,8d,fc,1d,ad,67,f2,5e,b5,00,27,dc,
c1
"14"=hex:44,0a,8b,5f,ad,d2,be,fd,bd,b9,f5,d5,d6,56,dd,33
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:7a,d7,0a,91,06,3e,ad,7d,7d,db,4b,05,cd,a2,d7,a7
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:03,c9,76,81,77,ff,85,23,d5,66,a5,bd,08,6d,3f,d5,f8,b1,73,ed,95,e5,bf,
b6,03,76,78,59,2e,39,03,9a,d2,56,09,d5,f0,a0,da,f2,fc,e0,dc,ad,7e,83,11,f0,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3228)
c:\windows\system32\WININET.dll
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-11-13 15:36:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-13 15:36

Pre-Run: 178,621,272,064 bytes free
Post-Run: 178,517,250,048 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F29288DA05D93CAA75021569D8258EF8
 
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    Code:
    :filefind
    usrprbda.exe
    usrmlnka.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

========================================================================

Delete your Combofix file, download fresh one, run it and post new log.
 
SystemLook 04.09.10 by jpshortstuff
Log created at 17:11 on 13/11/2010 by Alan
Administrator - Elevation successful

========== filefind ==========

Searching for "usrprbda.exe"
C:\WINDOWS\system32\usrprbda.exe --a---- 61508 bytes [22:37 17/08/2001] [12:00 04/08/2004] 8080870A18966C313EED441158210082

Searching for "usrmlnka.exe"
C:\WINDOWS\system32\usrmlnka.exe --a---- 77891 bytes [22:37 17/08/2001] [12:00 04/08/2004] 7BBD7758BBCFCA087373510F97309B17

-= EOF =-

-----------------------

ComboFix 10-11-12.06 - Alan 13/11/2010 17:15:29.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.576 [GMT 0:00]
Running from: c:\documents and settings\Alan\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://update.flock.com
c:\windows\system32\usrmlnka.exe . . . is infected!!

c:\windows\system32\usrprbda.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-10-13 to 2010-11-13 )))))))))))))))))))))))))))))))
.

2010-11-13 15:40 . 2010-08-02 16:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-13 15:40 . 2010-08-02 16:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-13 15:40 . 2010-06-17 15:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-13 15:40 . 2010-11-13 15:40 -------- d-----w- c:\program files\Avira
2010-11-13 15:40 . 2010-11-13 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-11-13 15:40 . 2010-06-17 15:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-11-12 10:25 . 2010-11-12 10:25 -------- d-----w- C:\found.000
2010-10-28 20:52 . 2008-07-09 09:05 421888 ----a-w- c:\windows\system32\ac3filter.acm
2010-10-28 20:52 . 2010-10-28 20:52 -------- d-----w- c:\program files\XP Codec Pack
2010-10-26 12:40 . 2010-10-26 12:40 -------- d-----w- c:\documents and settings\Alan\Local Settings\Application Data\Sports Interactive
2010-10-20 10:38 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-20 10:38 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-20 10:38 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-08 12:42 . 2009-01-22 19:43 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-10-08 12:42 . 2009-01-22 19:43 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-10-03 22:43 . 2010-10-03 22:43 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-09-18 11:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 04:50 . 2010-10-08 19:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 02:29 . 2009-02-26 15:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2004-08-04 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

------- Sigcheck -------

[-] 2004-08-04 . 98B8D5400352471BB00148489B24A685 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-11-13_15.31.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-13 15:40 . 2010-06-17 15:27 28520 c:\windows\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Flock Update"="c:\documents and settings\Alan\Local Settings\Application Data\Flock\Update\FlockUpdate.exe" [2010-10-09 136312]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 196608]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\PES\\Pro Evolution Soccer 6.5\\PES6.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\football manager 2010\\fm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\football manager 2011 demo\\fm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/02/2009 12:21 64288]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [03/10/2010 22:43 59240]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [05/09/2003 10:25 77056]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [03/10/2010 22:54 34792]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 22:43 169320]
R1 vobcom;vobcom;c:\windows\system32\drivers\vobcom.sys [04/10/2001 11:53 9728]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [27/08/2003 17:48 187392]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [13/11/2010 15:40 135336]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/10/2010 22:43 767208]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [18/03/2010 19:39 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [18/03/2010 19:39 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [18/03/2010 19:39 566360]
S2 gupdate1c99a946454e94;Google Update Service (gupdate1c99a946454e94);c:\program files\Google\Update\GoogleUpdate.exe [01/03/2009 17:34 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/07/2010 08:55 1352832]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [18/02/2009 14:13 2560]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 05:46 284016]
S3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [13/12/2002 18:33 64000]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [18/03/2010 19:39 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [08/10/2010 12:42 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [18/03/2010 19:39 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [18/03/2010 19:39 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [18/03/2010 19:39 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [18/03/2010 19:39 566360]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23/12/2008 15:35 50704]
S4 iteraid;iteraid; [x]
S4 Si3112r;Si3112r; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
.
Contents of the 'Scheduled Tasks' folder

2010-11-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 08:55]

2010-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-11-13 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-1960408961-261903793-839522115-1004Core.job
- c:\documents and settings\Alan\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-10-09 16:09]

2010-11-13 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-1960408961-261903793-839522115-1004UA.job
- c:\documents and settings\Alan\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-10-09 16:09]

2010-11-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-16 11:54]

2010-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 17:34]

2010-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 17:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
DPF: {C92FAE80-87D0-431D-BA75-3E7A64F5069F} - hxxps://media.blinkbox.com/Licensing/Blinkbox.Licensing.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Alan\Application Data\Mozilla\Firefox\Profiles\jl009ewv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1807261&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.bcfc.co.uk/page/Home/0,,10327,00.html
FF - component: c:\documents and settings\Alan\Application Data\Mozilla\Firefox\Profiles\jl009ewv.default\extensions\{ec4df147-b8bd-4b8c-99de-2f618d391d41}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Alan\Application Data\Mozilla\Firefox\Profiles\jl009ewv.default\extensions\{ec4df147-b8bd-4b8c-99de-2f618d391d41}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Alan\Local Settings\Application Data\Flock\Update\1.2.213.0\npFlockOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-13 17:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-261903793-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:9a,7b,8d,aa,2b,05,42,4b,0a,8d,b6,cc,97,83,6f,09,c8,11,b9,5f,4f,
3f,e0,7f,8a,2b,da,c6,77,51,0b,08,ce,2f,86,ac,58,b2,b8,80,51,ef,44,7c,b2,da,\
"rkeysecu"=hex:e0,38,ec,89,b4,9c,5c,a6,5b,f1,bf,9a,67,50,56,f2

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10j_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10j_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,04,7d,73,7b,41,5e,94,
fd
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:58,92,5a,34,3f,c6,a5,c5
"3"=hex:5a,be,a6,ca,06,6b,9b,f3,26,3f,a1,ce,ba,ef,0d,65,4c,65,7d,fd,4c,90,ab,
a8,43,82,3c,0a,6c,6e,18,cd,10,8b,9f,d5,38,e1,0c,ba,73,d8,c4,23,58,46,7b,58,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,3f,80,7f,ac,40,bb,20,05,87,89,be,8f,36,9e,41,37,\
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
63,a0,2f,06,c2,a3,e9,62,70,d1,3e,e6,57,b7,98,40,c9,e4,cc,88,e6,39,d6,95,f5,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:11,19,97,f6,71,dc,bc,c7,69,57,a8,3e,7b,08,e5,c3,51,09,05,02,88,d1,bf,
b5,d0,8f,2d,97,10,a7,ba,b6,a0,3b,5b,45,14,5a,c6,04,d6,c5,01,7f,c3,e4,11,99,\
"13"=hex:56,46,54,01,20,42,ec,ce,68,12,f6,21,8d,fc,1d,ad,67,f2,5e,b5,00,27,dc,
c1
"14"=hex:44,0a,8b,5f,ad,d2,be,fd,bd,b9,f5,d5,d6,56,dd,33
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:7a,d7,0a,91,06,3e,ad,7d,7d,db,4b,05,cd,a2,d7,a7
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:03,c9,76,81,77,ff,85,23,d5,66,a5,bd,08,6d,3f,d5,f8,b1,73,ed,95,e5,bf,
b6,03,76,78,59,2e,39,03,9a,d2,56,09,d5,f0,a0,da,f2,fc,e0,dc,ad,7e,83,11,f0,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-11-13 17:29:01
ComboFix-quarantined-files.txt 2010-11-13 17:28
ComboFix2.txt 2010-11-13 17:07
ComboFix3.txt 2010-11-13 15:36

Pre-Run: 178,124,906,496 bytes free
Post-Run: 178,107,420,672 bytes free

- - End Of File - - 9F7B721A0ED8CE092CE56CD888BCC5B3
 
Let's look one more time for replacement for those infected files...

Download OTL to your Desktop.
Double click on the icon to run it
Run OTL with following settings:

  • Check Scan All Users.
  • For Processes choose none.
  • For Modules choose none.
  • For Services choose none.
  • For Drivers choose none.
  • For Standard Registry choose none.
  • For Extra Registry choose none.
  • For Files Created Within choose none.
  • For Files Modified Within choose none.
  • Under Custom Scans/Fixes paste:
Code:
/md5start
usrprbda.exe
usrmlnka.exe
/md5stop
  • Finally hit Run Scan and wait for the log to open.
  • Please post the content of the log into your next reply.
 
OTL logfile created on: 13/11/2010 17:46:01 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Alan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 553.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.47 Gb Total Space | 165.90 Gb Free Space | 59.36% Space Free | Partition Type: NTFS
Drive E: | 260.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: YOUR-52F45BFAC | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Custom Scans ==========



< MD5 for: USRMLNKA.EXE >
[2004/08/04 12:00:00 | 000,077,891 | ---- | M] () MD5=7BBD7758BBCFCA087373510F97309B17 -- C:\WINDOWS\system32\usrmlnka.exe

< MD5 for: USRPRBDA.EXE >
[2004/08/04 12:00:00 | 000,061,508 | ---- | M] (U.S. Robotics Corporation) MD5=8080870A18966C313EED441158210082 -- C:\WINDOWS\system32\usrprbda.exe

< End of report >
 
Still no luck...

Let's double check...

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
- C:\WINDOWS\system32\usrprbda.exe
- C:\WINDOWS\system32\usrmlnka.exe
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.
 
Hi, Is this all you need from the results?

File name:
usrprbda.exe
Submission date:
2010-11-13 18:04:12 (UTC)
Current status:
queued (#14) queued analysing finished
Result:
0/ 43 (0.0%)

and

File name:
usrmlnka.exe
Submission date:
2010-11-13 18:08:59 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 42 (0.0%)
 
I went with Avira, here are the results:

Avira AntiVir Personal
Report file date: 13 November 2010 19:33

Scanning for 3043866 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : YOUR-52F45BFAC

Version information:
BUILD.DAT : 10.0.0.592 31823 Bytes 09/08/2010 11:00:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 02/08/2010 16:09:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 13:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 02/08/2010 16:10:00
LUKERES.DLL : 10.0.0.1 12648 Bytes 11/02/2010 00:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 10:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 20:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 18:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 17:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 12:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 16:10:03
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 16:10:04
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 16:10:06
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 15:41:15
VBASE009.VDF : 7.10.13.80 2265600 Bytes 02/11/2010 15:41:19
VBASE010.VDF : 7.10.13.81 2048 Bytes 02/11/2010 15:41:19
VBASE011.VDF : 7.10.13.82 2048 Bytes 02/11/2010 15:41:19
VBASE012.VDF : 7.10.13.83 2048 Bytes 02/11/2010 15:41:19
VBASE013.VDF : 7.10.13.116 147968 Bytes 04/11/2010 15:41:19
VBASE014.VDF : 7.10.13.147 146944 Bytes 07/11/2010 15:41:19
VBASE015.VDF : 7.10.13.180 123904 Bytes 09/11/2010 15:41:19
VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 15:41:20
VBASE017.VDF : 7.10.13.212 2048 Bytes 11/11/2010 15:41:20
VBASE018.VDF : 7.10.13.213 2048 Bytes 11/11/2010 15:41:20
VBASE019.VDF : 7.10.13.214 2048 Bytes 11/11/2010 15:41:20
VBASE020.VDF : 7.10.13.215 2048 Bytes 11/11/2010 15:41:20
VBASE021.VDF : 7.10.13.216 2048 Bytes 11/11/2010 15:41:20
VBASE022.VDF : 7.10.13.217 2048 Bytes 11/11/2010 15:41:20
VBASE023.VDF : 7.10.13.218 2048 Bytes 11/11/2010 15:41:20
VBASE024.VDF : 7.10.13.219 2048 Bytes 11/11/2010 15:41:20
VBASE025.VDF : 7.10.13.220 2048 Bytes 11/11/2010 15:41:20
VBASE026.VDF : 7.10.13.221 2048 Bytes 11/11/2010 15:41:20
VBASE027.VDF : 7.10.13.222 2048 Bytes 11/11/2010 15:41:20
VBASE028.VDF : 7.10.13.223 2048 Bytes 11/11/2010 15:41:20
VBASE029.VDF : 7.10.13.224 2048 Bytes 11/11/2010 15:41:20
VBASE030.VDF : 7.10.13.225 2048 Bytes 11/11/2010 15:41:20
VBASE031.VDF : 7.10.13.237 73728 Bytes 13/11/2010 19:32:12
Engineversion : 8.2.4.98
AEVDF.DLL : 8.1.2.1 106868 Bytes 02/08/2010 16:09:54
AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 13/11/2010 15:41:26
AESCN.DLL : 8.1.6.1 127347 Bytes 02/08/2010 16:09:53
AESBX.DLL : 8.1.3.1 254324 Bytes 02/08/2010 16:09:53
AERDL.DLL : 8.1.9.2 635252 Bytes 13/11/2010 15:41:25
AEPACK.DLL : 8.2.3.11 471416 Bytes 13/11/2010 15:41:25
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 02/08/2010 16:09:52
AEHEUR.DLL : 8.1.2.41 3043703 Bytes 13/11/2010 15:41:24
AEHELP.DLL : 8.1.14.0 246134 Bytes 13/11/2010 15:41:22
AEGEN.DLL : 8.1.3.24 401781 Bytes 13/11/2010 15:41:22
AEEMU.DLL : 8.1.2.0 393588 Bytes 02/08/2010 16:09:49
AECORE.DLL : 8.1.17.0 196982 Bytes 13/11/2010 15:41:22
AEBB.DLL : 8.1.1.0 53618 Bytes 02/08/2010 16:09:48
AVWINLL.DLL : 10.0.0.0 19304 Bytes 02/08/2010 16:09:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 02/08/2010 16:09:55
AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 15:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 02/08/2010 16:09:55
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 02/08/2010 16:09:56
AVARKT.DLL : 10.0.0.14 227176 Bytes 02/08/2010 16:09:54
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 02/08/2010 16:09:55
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 15:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 02/08/2010 16:09:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 15:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 14:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 02/08/2010 16:10:08

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 13 November 2010 19:33

Starting search for hidden objects.
C:\Documents and Settings\Alan\My Documents\Downloads\New Folder\fp9_archive\9r48
C:\Documents and Settings\Alan\My Documents\Downloads\New Folder\fp9_archive\9r48
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-1960408961-261903793-839522115-1004\Software\SecuROM\License information\datasecu
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-1960408961-261903793-839522115-1004\Software\SecuROM\License information\rkeysecu
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\1
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\2
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\3
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC\1
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC\2
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC\3
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC\4
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC\5
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC\6
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC\7
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC\8
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC\9
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC\18
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC\10
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC\11
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC\12
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC\13
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC\14
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC\24
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC\26
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC\27
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC\19
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC\22
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC\15
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'vssvc.exe' - '35' Module(s) have been scanned
Scan process 'avscan.exe' - '67' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'iPodService.exe' - '29' Module(s) have been scanned
Scan process 'avcenter.exe' - '68' Module(s) have been scanned
Scan process 'WMPNSCFG.exe' - '30' Module(s) have been scanned
Scan process 'avshadow.exe' - '25' Module(s) have been scanned
Scan process 'rundll32.exe' - '38' Module(s) have been scanned
Scan process 'avgnt.exe' - '55' Module(s) have been scanned
Scan process 'Acrotray.exe' - '30' Module(s) have been scanned
Scan process 'WMPNetwk.exe' - '66' Module(s) have been scanned
Scan process 'hpztsb04.exe' - '27' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '72' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '14' Module(s) have been scanned
Scan process 'jusched.exe' - '21' Module(s) have been scanned
Scan process 'CTHELPER.EXE' - '48' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'NMSAccessU.exe' - '14' Module(s) have been scanned
Scan process 'runservice.exe' - '11' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'CTSvcCDA.EXE' - '9' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '29' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'sched.exe' - '44' Module(s) have been scanned
Scan process 'CTAudSvc.exe' - '25' Module(s) have been scanned
Scan process 'spoolsv.exe' - '57' Module(s) have been scanned
Scan process 'Explorer.EXE' - '98' Module(s) have been scanned
Scan process 'svchost.exe' - '48' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '163' Module(s) have been scanned
Scan process 'RapportMgmtService.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '38' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '72' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1729' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Program Files\KONAMI\Pro Evolution Soccer 6\kitserver\bootserv.dll
[DETECTION] Is the TR/Vapsup.znr Trojan
C:\Program Files\PES\ProEvolution Soccer6_5byPEPATCHING.COM.part01.rar
[0] Archive type: RAR
[DETECTION] Is the TR/Spy.Wemon.YZ Trojan
--> Pro Evolution Soccer 6.5\Alternative Files\Online Files\Direct IP GoalServer PES 6.5\GoalServer6.exe
[DETECTION] Is the TR/Spy.Wemon.YZ Trojan
--> Pro Evolution Soccer 6.5\Alternative Files\Online Files\Direct IP GoalServer PES 6.5\PSL Client GS6 v1.22.exe
[DETECTION] Is the TR/Agent.46080.K Trojan
--> Pro Evolution Soccer 6.5\Alternative Files\Online Files\Direct IP GoalServer PES 6.5\PSL Host GS6 v1.22.exe
[DETECTION] Is the TR/Gendal.46592.G Trojan
C:\Program Files\PES\ProEvolution Soccer6_5byPEPATCHING.COM.part35.rar
[0] Archive type: RAR
[DETECTION] Is the TR/Vapsup.znr Trojan
--> Pro Evolution Soccer 6.5\kitserver\bootserv.dll
[DETECTION] Is the TR/Vapsup.znr Trojan
C:\Program Files\PES\Pro Evolution Soccer 6.5\kitserver\bootserv.dll
[DETECTION] Is the TR/Vapsup.znr Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\msg.exe.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{D24CDFF4-3433-4719-882C-19F9B9417E3B}\RP6\A0001209.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

Beginning disinfection:
C:\System Volume Information\_restore{D24CDFF4-3433-4719-882C-19F9B9417E3B}\RP6\A0001209.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4f97aea6.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\msg.exe.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '57498144.qua'.
C:\Program Files\PES\Pro Evolution Soccer 6.5\kitserver\bootserv.dll
[DETECTION] Is the TR/Vapsup.znr Trojan
[NOTE] The file was moved to the quarantine directory under the name '051edba8.qua'.
C:\Program Files\PES\ProEvolution Soccer6_5byPEPATCHING.COM.part35.rar
[DETECTION] Is the TR/Vapsup.znr Trojan
[NOTE] The file was moved to the quarantine directory under the name '63299469.qua'.
C:\Program Files\PES\ProEvolution Soccer6_5byPEPATCHING.COM.part01.rar
[DETECTION] Is the TR/Gendal.46592.G Trojan
[NOTE] The file was moved to the quarantine directory under the name '26adb9a6.qua'.
C:\Program Files\KONAMI\Pro Evolution Soccer 6\kitserver\bootserv.dll
[DETECTION] Is the TR/Vapsup.znr Trojan
[NOTE] The file was moved to the quarantine directory under the name '59b68bc9.qua'.


End of the scan: 13 November 2010 21:58
Used time: 2:22:49 Hour(s)

The scan has been done completely.

34610 Scanned directories
954415 Files were scanned
8 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
6 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
954407 Files not concerned
12112 Archives were scanned
0 Warnings
6 Notes
637641 Objects were scanned with rootkit scan
27 Hidden objects were found
 
Good :)

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
I only had one notepad window open, the OTL.txt. It has more than 50,000 characters, will post in parts.

OTL logfile created on: 14/11/2010 01:25:19 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Alan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 522.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.47 Gb Total Space | 165.89 Gb Free Space | 59.36% Space Free | Partition Type: NTFS
Drive E: | 260.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: YOUR-52F45BFAC | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/14 01:23:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan\Desktop\OTL.exe
PRC - [2010/10/03 22:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/18 18:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2010/02/12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/02/18 14:13:38 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
PRC - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 22:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2001/11/29 19:44:05 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe


========== Modules (SafeList) ==========

MOD - [2010/11/14 01:23:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan\Desktop\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/07/09 15:24:26 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2010/07/07 22:52:42 | 002,307,688 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2010/03/18 18:17:48 | 000,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/08 12:42:37 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/10/03 22:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/07/12 08:55:38 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2010/02/07 13:55:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/18 14:13:38 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2008/12/23 15:35:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/10/03 22:54:04 | 000,034,792 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys -- (RapportCerberus_19917)
DRV - [2010/10/03 22:43:44 | 000,169,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/10/03 22:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/08/02 16:10:08 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/08/02 16:10:08 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/07/12 08:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/07/09 22:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/03/18 19:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 19:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 19:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 19:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 19:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 19:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 19:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 19:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 19:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/03/18 19:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 19:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2010/03/18 19:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 19:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2010/03/18 19:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 19:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2010/03/18 19:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 19:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2010/03/18 19:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2008/12/23 15:35:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/13 18:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 17:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 12:00:00 | 000,032,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2003/11/28 18:34:40 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2003/11/10 06:30:00 | 000,174,464 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yukonwxp.sys -- (yukonwxp)
DRV - [2003/09/05 10:25:14 | 000,077,056 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viasraid.sys -- (viasraid)
DRV - [2003/08/27 17:48:50 | 000,187,392 | ---- | M] (VOB Computersysteme GmbH) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\vobIW.sys -- (vobiw)
DRV - [2003/08/06 10:43:04 | 000,159,744 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/12/13 18:33:52 | 000,064,000 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Cdrdrv.sys -- (cdrdrv)
DRV - [2001/10/04 11:53:16 | 000,009,728 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vobcom.sys -- (vobcom)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A 4C AB 1C 95 7E CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "OTIB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1807261&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.bcfc.co.uk/page/Home/0,,10327,00.html"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ec4df147-b8bd-4b8c-99de-2f618d391d41}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/12 11:25:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/12 11:25:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2010/10/09 16:07:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2010/10/09 16:07:31 | 000,000,000 | ---D | M]

[2010/10/09 15:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Mozilla\Extensions
[2010/10/09 15:43:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010/11/13 14:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\jl009ewv.default\extensions
[2010/11/12 10:57:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\jl009ewv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/15 10:46:57 | 000,000,000 | ---D | M] (OTIB Toolbar) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\jl009ewv.default\extensions\{ec4df147-b8bd-4b8c-99de-2f618d391d41}
[2010/02/18 15:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\jl009ewv.default\extensions\smarterwiki@wikiatic.com
[2010/10/09 15:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Mozilla\SeaMonkey\Profiles\7wbexik9.default\extensions
[2009/02/13 15:06:05 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\jl009ewv.default\searchplugins\ask.xml
[2010/06/08 16:44:48 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\jl009ewv.default\searchplugins\conduit.xml
[2010/09/15 12:01:24 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\jl009ewv.default\searchplugins\dictionary.xml
[2010/09/15 12:01:04 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\jl009ewv.default\searchplugins\imdb.xml
[2010/09/15 12:01:20 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\jl009ewv.default\searchplugins\wikipedia-eng.xml
[2009/02/13 15:06:05 | 000,000,567 | ---- | M] () -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\jl009ewv.default\searchplugins\yahoo.xml
[2010/11/13 14:43:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/08 19:00:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/09 11:56:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/27 05:24:34 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/27 05:24:34 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/27 05:24:34 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/10/27 05:24:34 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/11/13 17:25:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe ()
O4 - HKCU..\Run: [Flock Update] C:\Documents and Settings\Alan\Local Settings\Application Data\Flock\Update\FlockUpdate.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Web 2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1261575492890 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1258455318328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C92FAE80-87D0-431D-BA75-3E7A64F5069F} https://media.blinkbox.com/Licensing/Blinkbox.Licensing.cab (ComplianceChecker Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/22 19:08:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/05/18 18:52:24 | 000,000,051 | RH-- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/13 17:44:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alan\Desktop\OTL.exe
[2010/11/13 17:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Application Data\Avira
[2010/11/13 15:40:08 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/11/13 15:40:08 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/11/13 15:40:08 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/11/13 15:40:08 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/11/13 15:40:07 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/11/13 15:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/11/13 15:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/11/13 15:14:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/13 15:11:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/13 15:11:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/13 15:11:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/13 15:11:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/13 15:11:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/13 13:17:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/13 02:14:52 | 001,330,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Alan\Desktop\TDSSKiller.exe
[2010/11/12 20:41:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Alan\Recent
[2010/11/12 10:25:52 | 000,000,000 | ---D | C] -- C:\found.000
[2010/10/28 20:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\XP Codec Pack
[2010/10/26 12:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Local Settings\Application Data\Sports Interactive
[2010/10/23 14:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Music 1
[2010/10/20 11:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/03/18 18:18:32 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004/11/24 19:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

========== Files - Modified Within 30 Days ==========

[2010/11/14 01:23:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan\Desktop\OTL.exe
[2010/11/14 01:14:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\FlockUpdateTaskUserS-1-5-21-1960408961-261903793-839522115-1004UA.job
[2010/11/14 00:47:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/13 22:47:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/13 19:30:51 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/11/13 19:30:41 | 000,001,249 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2010/11/13 19:30:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/13 19:29:20 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000C-00001102-00000004-20021102}.rfx
[2010/11/13 19:29:20 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000C-00001102-00000004-20021102}.rfx
[2010/11/13 19:29:20 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000C-00001102-00000004-20021102}.rfx
[2010/11/13 19:29:20 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000C-00001102-00000004-20021102}.rfx
[2010/11/13 19:29:20 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000C-00001102-00000004-20021102}.rfx
[2010/11/13 17:25:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/13 17:14:22 | 003,909,080 | R--- | M] () -- C:\Documents and Settings\Alan\Desktop\ComboFix.exe
[2010/11/13 17:14:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\FlockUpdateTaskUserS-1-5-21-1960408961-261903793-839522115-1004Core.job
[2010/11/13 17:11:12 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\SystemLook.exe
[2010/11/13 15:40:16 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/11/13 15:31:32 | 004,931,715 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000C-00001102-00000004-20021102}.CDF
[2010/11/13 15:31:32 | 004,931,715 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000C-00001102-00000004-20021102}.BAK
[2010/11/13 15:14:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/13 15:10:53 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/11/12 11:25:41 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Alan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/12 11:25:41 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/12 11:20:19 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/10 12:49:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/08 23:42:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/08 10:55:10 | 001,330,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Alan\Desktop\TDSSKiller.exe
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/05 01:48:31 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/11/03 15:39:26 | 000,015,918 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\HUT.ods
[2010/11/01 11:05:41 | 000,432,664 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/01 11:05:41 | 000,067,428 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/01 00:59:48 | 000,021,679 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\uht.xlsx
[2010/10/28 20:52:40 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\Media Player Classic.lnk
[2010/10/26 11:40:58 | 000,006,494 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\Alans ChristmasandBirthday List.odt
[2010/10/20 11:47:28 | 002,026,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/15 13:32:38 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Alan\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/10/15 13:32:38 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
 
========== Files Created - No Company Name ==========

[2010/11/13 17:14:15 | 003,909,080 | R--- | C] () -- C:\Documents and Settings\Alan\Desktop\ComboFix.exe
[2010/11/13 17:11:12 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\SystemLook.exe
[2010/11/13 16:34:04 | 000,000,956 | ---- | C] () -- C:\Documents and Settings\Alan\SystemLook.txt
[2010/11/13 15:40:16 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/11/13 15:14:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/13 15:14:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/13 15:11:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/13 15:11:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/13 15:11:36 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/13 15:11:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/13 15:11:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/13 03:14:07 | 004,931,715 | ---- | C] () -- C:\WINDOWS\{00000000-00000000-0000000C-00001102-00000004-20021102}.BAK
[2010/11/12 15:50:20 | 000,001,164 | ---- | C] () -- C:\Documents and Settings\Alan\avgrep.txt
[2010/11/12 11:25:41 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/12 11:25:41 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/01 12:39:09 | 000,015,918 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\HUT.ods
[2010/10/28 20:52:40 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\Media Player Classic.lnk
[2010/10/28 20:52:39 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.acm
[2010/10/23 14:24:29 | 000,950,272 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\LaunchU3.exe
[2010/10/23 14:24:02 | 000,084,612 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\RegisterPlanGR245917[1].pdf
[2010/10/23 14:23:54 | 000,256,778 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Pearce.rtf
[2010/09/14 15:22:52 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\pcouffin.log
[2010/03/18 19:40:56 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\CTGAME.SYS
[2010/03/18 18:59:54 | 000,050,439 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2010/03/18 18:59:50 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/03/18 18:19:58 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2009/12/03 19:39:28 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/12/03 18:04:08 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/17 15:51:13 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/07/08 14:10:56 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(9)(6).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(9)(5).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(9)(4).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(9)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(9)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(8)(8).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(8)(7).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(8)(6).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(8)(5).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(8)(4).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(8)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(8)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(7)(8).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(7)(7).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(7)(6).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(7)(5).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(7)(4).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(7)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(7)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(6)(8).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(6)(7).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(6)(6).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(6)(5).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(6)(4).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(6)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(6)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(5)(8).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(5)(7).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(5)(6).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(5)(5).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(5)(4).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(5)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(5)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(42)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(41)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(40)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(4)(9).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(4)(8).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(4)(7).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(4)(6).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(4)(5).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(4)(4).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(4)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(4)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(39)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(38)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(37)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(37)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(36)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(35)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(34)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(33)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(32)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(31)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(30)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(30)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(9).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(8).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(7).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(6).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(5).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(4).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(29)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(29)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(28)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(28)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(27)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(27)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(26)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(26)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(25)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(25)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(24)(4).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(24)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(24)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(23)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(23)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(22)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(22)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(21)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(21)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(20)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(20)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(9).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(8).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(7).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(6).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(5).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(4).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(19)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(19)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(18)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(18)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(17)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(17)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(16)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(16)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(15)(4).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(15)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(15)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(14)(4).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(14)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(14)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(13)(5).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(13)(4).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(13)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(13)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(12)(6).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(12)(5).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(12)(4).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(12)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(12)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(11)(6).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(11)(5).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(11)(4).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(11)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(11)(2).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(10)(7).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(10)(6).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(10)(5).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(10)(4).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(10)(3).sys
[2009/02/18 14:13:39 | 000,001,249 | -HS- | C] () -- C:\WINDOWS\System32\mmf(10)(2).sys
[2009/02/18 14:13:38 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2009/01/22 19:36:05 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2009/01/22 19:21:08 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/22 19:04:12 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\cdmodem.dll
[2009/01/22 18:59:16 | 000,006,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\enum1394.sys
[2009/01/22 18:50:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/22 18:50:01 | 000,085,020 | ---- | C] () -- C:\WINDOWS\System32\dgsetup.dll
[2009/01/22 18:50:01 | 000,024,661 | ---- | C] () -- C:\WINDOWS\System32\spxcoins.dll
[2009/01/22 18:50:01 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\irclass.dll
[2009/01/22 18:50:00 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\EqnClass.Dll
[2008/12/23 15:33:18 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/12/19 15:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/17 17:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 17:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 17:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 17:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 16:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/08/13 19:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2004/10/03 17:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/04 12:00:00 | 001,355,776 | ---- | C] () -- C:\WINDOWS\System32\msvbvm50.dll
[2004/08/04 12:00:00 | 000,565,760 | ---- | C] () -- C:\WINDOWS\System32\msvcp50.dll
[2004/08/04 12:00:00 | 000,414,208 | ---- | C] () -- C:\WINDOWS\System32\setupdll.dll
[2004/08/04 12:00:00 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\neth.dll
[2004/08/04 12:00:00 | 000,177,856 | ---- | C] () -- C:\WINDOWS\System32\typelib.dll
[2004/08/04 12:00:00 | 000,169,520 | ---- | C] () -- C:\WINDOWS\System32\ole2disp.dll
[2004/08/04 12:00:00 | 000,153,008 | ---- | C] () -- C:\WINDOWS\System32\ole2nls.dll
[2004/08/04 12:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\wiavusd.dll
[2004/08/04 12:00:00 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\rasmontr.dll
[2004/08/04 12:00:00 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\sdpblb.dll
[2004/08/04 12:00:00 | 000,126,912 | ---- | C] () -- C:\WINDOWS\System32\msvideo.dll
[2004/08/04 12:00:00 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\oledlg.dll
[2004/08/04 12:00:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\scardssp.dll
[2004/08/04 12:00:00 | 000,108,464 | ---- | C] () -- C:\WINDOWS\System32\netapi.dll
[2004/08/04 12:00:00 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\msaatext.dll
[2004/08/04 12:00:00 | 000,094,784 | ---- | C] () -- C:\WINDOWS\twain.dll
[2004/08/04 12:00:00 | 000,082,432 | ---- | C] () -- C:\WINDOWS\System32\ufat.dll
[2004/08/04 12:00:00 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\mprddm.dll
[2004/08/04 12:00:00 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\msaudite.dll
[2004/08/04 12:00:00 | 000,063,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\nwlnknb.sys
[2004/08/04 12:00:00 | 000,061,168 | ---- | C] () -- C:\WINDOWS\System32\msacm.dll
[2004/08/04 12:00:00 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\msratelc.dll
[2004/08/04 12:00:00 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\ntlanui.dll
[2004/08/04 12:00:00 | 000,055,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\nwlnkspx.sys
[2004/08/04 12:00:00 | 000,049,179 | ---- | C] () -- C:\WINDOWS\System32\sqlwoa.dll
[2004/08/04 12:00:00 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\pmspl.dll
[2004/08/04 12:00:00 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\msports.dll
[2004/08/04 12:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\webhits.dll
[2004/08/04 12:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ntmsevt.dll
[2004/08/04 12:00:00 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\narrhook.dll
[2004/08/04 12:00:00 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\mssign32.dll
[2004/08/04 12:00:00 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\pifmgr.dll
[2004/08/04 12:00:00 | 000,034,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\rawwan.sys
[2004/08/04 12:00:00 | 000,032,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\nwlnkfwd.sys
[2004/08/04 12:00:00 | 000,030,720 | ---- | C] () -- C:\WINDOWS\System32\plustab.dll
[2004/08/04 12:00:00 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\scredir.dll
[2004/08/04 12:00:00 | 000,024,603 | ---- | C] () -- C:\WINDOWS\System32\sqlwid.dll
[2004/08/04 12:00:00 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\sfmapi.dll
[2004/08/04 12:00:00 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\rasmxs.dll
[2004/08/04 12:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\w32topl.dll
[2004/08/04 12:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\rpcns4.dll
[2004/08/04 12:00:00 | 000,020,535 | ---- | C] () -- C:\WINDOWS\System32\vfpodbc.dll
[2004/08/04 12:00:00 | 000,019,200 | ---- | C] () -- C:\WINDOWS\System32\tapi.dll
[2004/08/04 12:00:00 | 000,018,944 | ---- | C] () -- C:\WINDOWS\vmmreg32.dll
[2004/08/04 12:00:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\ureg.dll
[2004/08/04 12:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\vss_ps.dll
[2004/08/04 12:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\prflbmsg.dll
[2004/08/04 12:00:00 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\sysinv.dll
[2004/08/04 12:00:00 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\serwvdrv.dll
[2004/08/04 12:00:00 | 000,014,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\smclib.sys
[2004/08/04 12:00:00 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\sisbkup.dll
[2004/08/04 12:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\umdmxfrm.dll
[2004/08/04 12:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\msswch.dll
[2004/08/04 12:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\perfts.dll
[2004/08/04 12:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\mmdrv.dll
[2004/08/04 12:00:00 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.dll
[2004/08/04 12:00:00 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\panmap.dll
[2004/08/04 12:00:00 | 000,010,112 | ---- | C] () -- C:\WINDOWS\System32\modex.dll
[2004/08/04 12:00:00 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\rsvpperf.dll
[2004/08/04 12:00:00 | 000,009,008 | ---- | C] () -- C:\WINDOWS\System32\ver.dll
[2004/08/04 12:00:00 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\psnppagn.dll
[2004/08/04 12:00:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ncxpnt.dll
[2004/08/04 12:00:00 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\routetab.dll
[2004/08/04 12:00:00 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\svcpack.dll
[2004/08/04 12:00:00 | 000,005,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootmdm.sys
[2004/08/04 12:00:00 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\tapiperf.dll
[2004/08/04 12:00:00 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\skdll.dll
[2004/08/04 12:00:00 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\mll_qic.dll
[2004/08/04 12:00:00 | 000,004,208 | ---- | C] () -- C:\WINDOWS\System32\storage.dll
[2002/02/27 17:28:16 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2002/02/27 17:28:16 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2002/02/27 17:28:14 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2002/02/27 17:28:14 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2002/02/27 17:28:14 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2001/08/17 22:36:34 | 000,077,883 | ---- | C] () -- C:\WINDOWS\System32\usrrtosa.dll
[2001/08/17 22:36:34 | 000,061,500 | ---- | C] () -- C:\WINDOWS\System32\usrcntra.dll
[2001/08/17 22:36:34 | 000,053,305 | ---- | C] () -- C:\WINDOWS\System32\usrlbva.dll
[2001/08/17 22:36:34 | 000,049,211 | ---- | C] () -- C:\WINDOWS\System32\usrvpa.dll
[2001/08/17 22:36:34 | 000,049,211 | ---- | C] () -- C:\WINDOWS\System32\usrsdpia.dll
[2001/08/17 22:36:34 | 000,049,209 | ---- | C] () -- C:\WINDOWS\System32\usrv80a.dll
[2001/08/17 22:36:34 | 000,045,116 | ---- | C] () -- C:\WINDOWS\System32\usrvoica.dll
[2001/08/17 22:36:34 | 000,041,019 | ---- | C] () -- C:\WINDOWS\System32\usrsvpia.dll
[2001/08/17 22:36:32 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\sprio800.dll
[2001/08/17 22:36:32 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\sprio600.dll
[2001/08/17 22:36:32 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\spnike.dll
[2001/08/17 14:06:22 | 000,021,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\tsbvcap.sys
[2001/08/17 14:02:14 | 000,058,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\vdmindvd.sys
[2001/08/17 14:01:34 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\tosdvd.sys
[2001/08/17 13:24:46 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\riodrv.sys
[2001/08/17 13:24:46 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\rio8drv.sys
[2001/08/17 13:24:44 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\nikedrv.sys

========== LOP Check ==========

[2010/10/08 16:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\AVG10
[2009/05/11 12:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Canneverbe_Limited
[2009/03/27 23:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\DonationCoder
[2009/09/11 07:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\GetRightToGo
[2010/09/15 10:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\ImgBurn
[2009/01/23 17:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\InterVideo
[2010/10/09 16:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Netscape
[2010/02/08 12:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\NVD
[2009/03/03 15:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\OpenOffice.org
[2010/10/07 19:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Opera
[2010/10/15 13:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Out of the Park Developments
[2010/10/06 12:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\PacificPoker
[2010/02/19 12:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Red Kawa
[2010/11/01 11:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\SoftGrid Client
[2010/10/26 12:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Sports Interactive
[2010/11/06 19:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Spotify
[2010/04/06 11:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\SystemRequirementsLab
[2010/02/08 12:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\TP
[2010/05/04 11:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Trusteer
[2010/10/07 20:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\uTorrent
[2010/11/13 15:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/13 15:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/08 16:55:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/03/27 23:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DonationCoder
[2010/10/08 16:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/05/20 17:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MicroWorld
[2009/09/02 19:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Out of the Park Developments
[2009/10/29 20:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2010/05/04 11:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/02/25 12:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2010/04/02 12:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/16 20:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/21 09:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/09/15 10:46:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/11/10 12:49:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/11/13 17:14:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\Tasks\FlockUpdateTaskUserS-1-5-21-1960408961-261903793-839522115-1004Core.job
[2010/11/14 01:14:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\Tasks\FlockUpdateTaskUserS-1-5-21-1960408961-261903793-839522115-1004UA.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/11/13 19:30:25 | 000,173,820 | ---- | M] () -- C:\aaw7boot.log
[2009/01/22 19:08:26 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/11/13 15:10:53 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/11/13 15:14:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/11/13 17:29:02 | 000,019,514 | ---- | M] () -- C:\ComboFix.txt
[2009/01/22 19:08:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/06/22 10:41:58 | 000,000,856 | ---- | M] () -- C:\flashplayer.xpt
[2010/10/09 16:10:19 | 000,025,249 | ---- | M] () -- C:\FlockInstaller.log
[2009/01/22 19:08:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/01/22 19:08:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/01/24 12:31:45 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/13 19:30:29 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/11/13 02:36:39 | 000,041,748 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_13.11.2010_02.15.09_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/01/22 19:08:02 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 10:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/01/22 18:44:12 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/01/22 18:44:12 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/01/22 18:44:12 | 000,925,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/02/12 13:33:08 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/02/12 13:36:53 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Alan\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/01/22 19:14:10 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Alan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2009/02/21 15:40:17 | 035,124,856 | ---- | M] ( ) -- C:\Documents and Settings\Alan\Desktop\AdbeRdr90_en_US.exe
[2009/06/30 18:14:47 | 159,687,633 | ---- | M] (Lindersoft ) -- C:\Documents and Settings\Alan\Desktop\BaseballMogul2010Setup.exe
[2003/10/21 20:27:36 | 023,458,819 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\cm0102v3968.exe
[2009/04/27 13:52:12 | 023,458,816 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\cm0102_3968.exe
[2001/10/15 20:09:22 | 003,123,739 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\cmt.EXE
[2010/11/13 17:14:22 | 003,909,080 | R--- | M] () -- C:\Documents and Settings\Alan\Desktop\ComboFix.exe
[2009/07/07 14:30:31 | 007,936,736 | ---- | M] (Mozilla) -- C:\Documents and Settings\Alan\Desktop\Firefox Setup 3.5.exe
[2009/04/16 11:54:13 | 001,075,864 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\Google Updater.exe
[2009/03/01 17:34:34 | 000,547,480 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Alan\Desktop\GoogleEarthSetup.exe
[2009/02/26 15:02:33 | 015,984,024 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\jre-6u7-windows-i586-p.exe
[2009/06/10 16:12:55 | 006,992,232 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\mlbnexdefinstall.exe
[2009/03/03 15:15:34 | 149,353,184 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\OOo_3.0.1_Win32Intel_install_wJRE_en-US.exe
[2010/11/14 01:23:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan\Desktop\OTL.exe
[2009/04/16 14:41:02 | 000,112,582 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\PowerMenuSetup_1_5_1.exe
[2009/06/18 10:18:43 | 001,951,432 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Alan\Desktop\ppviewer.exe
[2008/09/09 17:14:32 | 000,659,456 | ---- | M] (Graeme Kelly) -- C:\Documents and Settings\Alan\Desktop\SaveGame_Editor.exe
[2009/03/14 15:31:44 | 004,909,440 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Alan\Desktop\Silverlight.2.0.exe
[2003/01/03 20:33:04 | 000,072,722 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\StartupCPL.exe
[2010/11/13 17:11:12 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\SystemLook.exe
[2009/07/25 22:33:37 | 000,610,304 | ---- | M] (Speed Guide Inc.) -- C:\Documents and Settings\Alan\Desktop\TCPOptimizer.exe
[2010/11/08 10:55:10 | 001,330,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Alan\Desktop\TDSSKiller.exe
[2009/03/27 23:04:36 | 003,379,200 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\URLSnooperSetup.exe
[2009/03/01 11:47:23 | 016,320,472 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\vlc-0.9.8a-win32.exe
[2009/04/22 14:45:46 | 000,318,904 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Alan\Desktop\wmpfirefoxplugin.exe
[2009/03/19 22:20:12 | 007,751,011 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\XP-Codec-Pack-2.4.6.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2009/01/23 14:37:02 | 075,837,104 | ---- | M] (NVIDIA Corporation ) -- C:\Documents and Settings\Alan\My Documents\181.22_geforce_winxp_32bit_english_whql.exe
[2009/01/23 16:00:56 | 028,914,866 | ---- | M] (NVIDIA Corporation) -- C:\Documents and Settings\Alan\My Documents\71.89_win2kxp_international.exe
[2010/05/20 17:47:31 | 086,349,632 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\mwav.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/02/12 13:36:54 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Alan\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/07/22 18:39:17 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Alan\Cookies\desktop.ini
[2010/11/13 22:00:03 | 000,016,384 | -HS- | M] () -- C:\Documents and Settings\Alan\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 00:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 14:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 17:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 00:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 18:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 18:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 18:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users\Desktop:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users\Application Data\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:الهريرة

< End of report >
 
Please, make sure, "word wrap" is disabled in Notepad.

=======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    [2009/02/13 15:06:05 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\jl009ewv.default\searchplugins\ask.xml
    O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2009/02/18 14:13:38 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
    [2010/10/08 16:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\AVG10
    [2010/11/13 15:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2010/11/13 15:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    @Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users\Desktop:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3 K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
    @Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users\Application Data\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1 XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
    @Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:الهريرة
    
    :Services
    
    :Reg
    
    :Files
    C:\WINDOWS\System32\mmf*.sys
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\jl009ewv.default\searchplugins\ask.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\mmfs.dll moved successfully.
C:\Documents and Settings\Alan\Application Data\AVG10\cfgall folder moved successfully.
C:\Documents and Settings\Alan\Application Data\AVG10 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10\log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10\cfgall folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
Unable to delete ADS C:\Documents and Settings\All Users\Desktop:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3 K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1 XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV .
ADS C:\Documents and Settings\All Users\DRM:الهريرة deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\System32\mmf(10)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(10)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(10)(4).sys moved successfully.
C:\WINDOWS\System32\mmf(10)(5).sys moved successfully.
C:\WINDOWS\System32\mmf(10)(6).sys moved successfully.
C:\WINDOWS\System32\mmf(10)(7).sys moved successfully.
C:\WINDOWS\System32\mmf(11)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(11)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(11)(4).sys moved successfully.
C:\WINDOWS\System32\mmf(11)(5).sys moved successfully.
C:\WINDOWS\System32\mmf(11)(6).sys moved successfully.
C:\WINDOWS\System32\mmf(12)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(12)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(12)(4).sys moved successfully.
C:\WINDOWS\System32\mmf(12)(5).sys moved successfully.
C:\WINDOWS\System32\mmf(12)(6).sys moved successfully.
C:\WINDOWS\System32\mmf(13)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(13)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(13)(4).sys moved successfully.
C:\WINDOWS\System32\mmf(13)(5).sys moved successfully.
C:\WINDOWS\System32\mmf(14)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(14)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(14)(4).sys moved successfully.
C:\WINDOWS\System32\mmf(15)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(15)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(15)(4).sys moved successfully.
C:\WINDOWS\System32\mmf(16)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(16)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(17)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(17)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(18)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(18)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(19)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(19)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(2)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(2)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(2)(4).sys moved successfully.
C:\WINDOWS\System32\mmf(2)(5).sys moved successfully.
C:\WINDOWS\System32\mmf(2)(6).sys moved successfully.
C:\WINDOWS\System32\mmf(2)(7).sys moved successfully.
C:\WINDOWS\System32\mmf(2)(8).sys moved successfully.
C:\WINDOWS\System32\mmf(2)(9).sys moved successfully.
C:\WINDOWS\System32\mmf(20)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(20)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(21)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(21)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(22)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(22)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(23)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(23)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(24)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(24)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(24)(4).sys moved successfully.
C:\WINDOWS\System32\mmf(25)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(25)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(26)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(26)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(27)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(27)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(28)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(28)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(29)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(29)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(3)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(3)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(3)(4).sys moved successfully.
C:\WINDOWS\System32\mmf(3)(5).sys moved successfully.
C:\WINDOWS\System32\mmf(3)(6).sys moved successfully.
C:\WINDOWS\System32\mmf(3)(7).sys moved successfully.
C:\WINDOWS\System32\mmf(3)(8).sys moved successfully.
C:\WINDOWS\System32\mmf(3)(9).sys moved successfully.
C:\WINDOWS\System32\mmf(30)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(30)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(31)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(32)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(33)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(34)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(35)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(36)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(37)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(37)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(38)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(39)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(4)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(4)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(4)(4).sys moved successfully.
C:\WINDOWS\System32\mmf(4)(5).sys moved successfully.
C:\WINDOWS\System32\mmf(4)(6).sys moved successfully.
C:\WINDOWS\System32\mmf(4)(7).sys moved successfully.
C:\WINDOWS\System32\mmf(4)(8).sys moved successfully.
C:\WINDOWS\System32\mmf(4)(9).sys moved successfully.
C:\WINDOWS\System32\mmf(40)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(41)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(42)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(5)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(5)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(5)(4).sys moved successfully.
C:\WINDOWS\System32\mmf(5)(5).sys moved successfully.
C:\WINDOWS\System32\mmf(5)(6).sys moved successfully.
C:\WINDOWS\System32\mmf(5)(7).sys moved successfully.
C:\WINDOWS\System32\mmf(5)(8).sys moved successfully.
C:\WINDOWS\System32\mmf(6)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(6)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(6)(4).sys moved successfully.
C:\WINDOWS\System32\mmf(6)(5).sys moved successfully.
C:\WINDOWS\System32\mmf(6)(6).sys moved successfully.
C:\WINDOWS\System32\mmf(6)(7).sys moved successfully.
C:\WINDOWS\System32\mmf(6)(8).sys moved successfully.
C:\WINDOWS\System32\mmf(7)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(7)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(7)(4).sys moved successfully.
C:\WINDOWS\System32\mmf(7)(5).sys moved successfully.
C:\WINDOWS\System32\mmf(7)(6).sys moved successfully.
C:\WINDOWS\System32\mmf(7)(7).sys moved successfully.
C:\WINDOWS\System32\mmf(7)(8).sys moved successfully.
C:\WINDOWS\System32\mmf(8)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(8)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(8)(4).sys moved successfully.
C:\WINDOWS\System32\mmf(8)(5).sys moved successfully.
C:\WINDOWS\System32\mmf(8)(6).sys moved successfully.
C:\WINDOWS\System32\mmf(8)(7).sys moved successfully.
C:\WINDOWS\System32\mmf(8)(8).sys moved successfully.
C:\WINDOWS\System32\mmf(9)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(9)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(9)(4).sys moved successfully.
C:\WINDOWS\System32\mmf(9)(5).sys moved successfully.
C:\WINDOWS\System32\mmf(9)(6).sys moved successfully.
C:\WINDOWS\System32\mmf.sys moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alan
->Temp folder emptied: 399 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 91860321 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1194 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 88.00 mb


[EMPTYFLASH]

User: Alan
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11142010_020946

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Avira AntiVir Personal - Free Antivirus
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 22
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Mozilla Firefox (3.6.12) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
 
We need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
 
I have ran the ESET scan and found no threats, however I just noticed my Avira Antivirus was not turned off. Will I need to run it again with the Avira turned off?
 
No. Did you run JavaRa?

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.
 
No. Did you run JavaRa?

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.
 
Status
Not open for further replies.
Back