Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Windows Update Error - 0x80072EFF [Solved]

Started by Kalishnakov , Jun 19 2010 12:16 AM

This topic is locked

#1
Kalishnakov

Posted 19 June 2010 - 12:16 AM

Member

Member
12 posts

My problem consists of mainly the Windows Update website. When I try to access http://update.microsoft.com, IE or FireFox says it cannot display the page. However, I've managed to access http://www.update.mi...v6/default.aspx and upon checking my computer, it gives me the error number: 0x80072EFF. I had thought the problem lied within the activeX component of my browser (since Windows Update requires an activeX installation), but I have managed to get www.pcpitstop.com/testax.asp working whereas previously I was unable to even see the site because IE 8 would close the tab, recover it multiple times and then state that I was unable to access the site.

My system runs on Windows XP PRO 32bit version with service pack 3. I'm not sure as to when this has started happening, but it must have been within the last couple months? I noticed that some of my auto updates were not being installed so I tried to go to the Windows Update website to do so. I run plenty of programs on my system and have Norton Internet Security 2010 (all features turn on including firewall, antivirus, various browser protections, etc), MBAM, Spybot (w/ SDHelper). I recently ran the TFC.exe application I found here to get rid of temp files and have begun scanning some more in safe mode as I write this.

I have seen some of the responses from your technicians and I am highly impressed. Please let me know how I should proceed to fixing this dilemma. I have found this on the web: http://social.answer...c6-fee774ca52b5 which seems very similar to my problem. I hope to not resort to formatting my computer, 'cause I have too many files that need to be backed up.

UPDATE: I have noticed this IP 213.163.89.xxx, xxx ranging from 105 to 107, keeps trying to access my computer and is triggered from IE activity. It attacks consistently for a couple minutes and gives up. I believe it redirects me to sites such as: http://corporationin....com/search.php. Also, I'm unable to click on any picture links on IE, but that's probably associated with my IE settings? For example, the only way to post a new reply or post, is to click on the icon before it finishes loading. If it's already loaded, then there appears to be no link, but I can still see the reply button.

Edited by Kalishnakov, 19 June 2010 - 04:54 PM.

#2
Kalishnakov

Posted 20 June 2010 - 02:34 AM

Member

Topic Starter
Member
12 posts

Still currently looking for help. I also notice I have several symptoms that others are experiencing.

#3
Kalishnakov

Posted 20 June 2010 - 06:41 PM

Member

Topic Starter
Member
12 posts

I'm not sure as to what the standard is in this forum, but I've included all logs that may be of some use. Let me know if I should include anything else.

Thanks.

GMER.log wouldn't upload so I'll paste it here:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-20 19:46:05
Windows 5.1.2600 Service Pack 3
Running: dvtjc6y0.exe; Driver: C:\DOCUME~1\A2Z\LOCALS~1\Temp\ugtdrpow.sys

---- System - GMER 1.0.15 ----

SSDT 881D8A80 ZwAlertResumeThread
SSDT 881D8630 ZwAlertThread
SSDT 8A592770 ZwAllocateVirtualMemory
SSDT 8A596008 ZwAssignProcessToJobObject
SSDT 8A4578C0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA50E7210]
SSDT 8A5610C0 ZwCreateMutant
SSDT 8A569008 ZwCreateSymbolicLinkObject
SSDT 8A5800B0 ZwCreateThread
SSDT 8A565050 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA50E7490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA50E79F0]
SSDT 881C4660 ZwDuplicateObject
SSDT splc.sys ZwEnumerateKey [0xB9EC5DA4]
SSDT splc.sys ZwEnumerateValueKey [0xB9EC6132]
SSDT 8A4A6A28 ZwFreeVirtualMemory
SSDT 89624538 ZwImpersonateAnonymousToken
SSDT 8820E538 ZwImpersonateThread
SSDT 8A02E848 ZwLoadDriver
SSDT 8A444558 ZwMapViewOfSection
SSDT 8A5670D0 ZwOpenEvent
SSDT splc.sys ZwOpenKey [0xB9EA70C0]
SSDT 8A592C48 ZwOpenProcess
SSDT 881E0320 ZwOpenProcessToken
SSDT 8A564008 ZwOpenSection
SSDT 8A43D9B8 ZwOpenThread
SSDT 8A59C300 ZwProtectVirtualMemory
SSDT splc.sys ZwQueryKey [0xB9EC620A]
SSDT splc.sys ZwQueryValueKey [0xB9EC608A]
SSDT 8961B6F8 ZwResumeThread
SSDT 8A4444E0 ZwSetContextThread
SSDT 8A599770 ZwSetInformationProcess
SSDT 8A5650D0 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA50E7C40]
SSDT 8A567050 ZwSuspendProcess
SSDT 8820D898 ZwSuspendThread
SSDT 8961B250 ZwTerminateProcess
SSDT 8A586260 ZwTerminateThread
SSDT 881E0770 ZwUnmapViewOfSection
SSDT 8A592320 ZwWriteVirtualMemory

INT 0x63 ? 8A8D0BF8
INT 0x63 ? 8A8D0BF8
INT 0x63 ? 8A8D0BF8
INT 0x63 ? 8A8D0BF8
INT 0x63 ? 8A8D0BF8
INT 0x83 ? 8A8D3BF8
INT 0x83 ? 8A5BDBF8
INT 0x84 ? 8A5BDBF8
INT 0x94 ? 8A5BDBF8
INT 0xA4 ? 8A5BDBF8
INT 0xA4 ? 8A5BDBF8
INT 0xA4 ? 8A5BDBF8
INT 0xA4 ? 8A5BDBF8
INT 0xB4 ? 8A5BDBF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2D54 805045F0 4 Bytes CALL DA3CCFF7
? splc.sys The system cannot find the file specified. !
.rsrc C:\WINDOWS\system32\drivers\jraid.sys entry point in ".rsrc" section [0xBA102F14]
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB7A0E000, 0x1C5D38, 0xE8000020]
.text USBPORT.SYS!USBPORT_RegisterUSBPortDriver + FFFFCCEC B79EAA6E 1 Byte [00]
.text USBPORT.SYS!DllUnload B79ED8AC 5 Bytes JMP 8A5BD1D8

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1436] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[1436] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006F000A
.text C:\WINDOWS\System32\svchost.exe[1436] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006D000C
.text C:\WINDOWS\System32\svchost.exe[1436] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E1000A
.text C:\WINDOWS\Explorer.EXE[2776] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B8000A
.text C:\WINDOWS\Explorer.EXE[2776] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[2776] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA8042] splc.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA813E] splc.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA80C0] splc.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA8800] splc.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA86D6] splc.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB7E9C] splc.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A85F1F8

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 8A5C81F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A8611F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A8611F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A8611F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A8611F8
Device \Driver\usbuhci \Device\USBPDO-1 8A5C81F8
Device \Driver\usbuhci \Device\USBPDO-2 8A5C81F8
Device \Driver\usbehci \Device\USBPDO-3 8A5C71F8
Device \Driver\usbuhci \Device\USBPDO-4 8A5C81F8

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-5 8A5C81F8
Device \Driver\usbuhci \Device\USBPDO-6 8A5C81F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A8D11F8
Device \Driver\usbehci \Device\USBPDO-7 8A5C71F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A8D11F8
Device \Driver\Cdrom \Device\CdRom0 8A4D11F8
Device \Driver\Cdrom \Device\CdRom1 8A4D11F8
Device \Driver\atapi \Device\Ide\IdePort0 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-19 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 89F431F8
Device \Driver\NetBT \Device\NetbiosSmb 89F431F8

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 8A5C81F8
Device \Driver\usbuhci \Device\USBFDO-1 8A5C81F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89FF4500
Device \Driver\usbuhci \Device\USBFDO-2 8A5C81F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89FF4500
Device \Driver\usbehci \Device\USBFDO-3 8A5C71F8
Device \Driver\usbuhci \Device\USBFDO-4 8A5C81F8
Device \Driver\Ftdisk \Device\FtControl 8A8D11F8
Device \Driver\usbuhci \Device\USBFDO-5 8A5C81F8
Device \Driver\usbuhci \Device\USBFDO-6 8A5C81F8
Device \Driver\usbehci \Device\USBFDO-7 8A5C71F8
Device \Driver\JRAID \Device\Scsi\JRAID1 8A8601F8
Device \FileSystem\Cdfs \Cdfs 896CD1F8
Device -> \Driver\atapi \Device\Harddisk0\DR0 8A748EC5

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0D 0xCE 0xF1 0x36 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0D 0xCE 0xF1 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x04 0xA0 0x83 0xF5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3D 0x32 0x4D 0x4F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0D 0xCE 0xF1 0x36 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x04 0xA0 0x83 0xF5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3D 0x32 0x4D 0x4F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0D 0xCE 0xF1 0x36 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAC 0x11 0x5C 0x04 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE7 0x2D 0xD8 0x43 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x3B 0x54 0x3F 0xC2 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0D 0xCE 0xF1 0x36 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAC 0x11 0x5C 0x04 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE7 0x2D 0xD8 0x43 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x3B 0x54 0x3F 0xC2 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0D 0xCE 0xF1 0x36 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\jraid.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Attached Files

mbam_log_2010_06_19__22_58_13_.txt 896bytes 381 downloads
DDS.txt 14.53KB 368 downloads
Attach.txt 2.12KB 429 downloads

#4
Kalishnakov

Posted 21 June 2010 - 03:03 AM

Member

Topic Starter
Member
12 posts

Let me know if i should include a hijackthis or OTL log.

#5
SweetTech

Posted 21 June 2010 - 11:02 AM

Sir SpamAlot

Retired Staff
7,671 posts

Hello,

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
Please make sure to carefully read any instruction that I give you.
Reading too lightly will cause you to miss important steps, which could have destructive effects.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message to me on here.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Running TDSSKiller

Please Note: If you have a previous version of TDSSKiller downloaded please delete it now and download a fresh copy using the links provided below.

Download TDSSKiller from one of the links below:

Zipped Version or Executable (Not Zipped) Version

Note: If you download the TDSSKiller.zip version you will first need to unzip (extract) the file to your computer before running it.

Please ensure that you save the TDSSKiller file to you desktop.

If TDSSKiller asks you to close all programs please allow it to do so.

If you see the following:
To finalize removal of infection and avoid loosing of data program will reboot your PC now.
Close all programs and choose Y to restart or N to continue.

Please enter Y and allow TDSSKiller to reboot your computer.

Once completed it will create a log in your C:\ drive. An example of a log file is: C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post the content of the TDSSKiller log.

NEXT:

Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

NEXT:

Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that is produced after running TDSSKiller.
3. The log that is produced after running the ComboFix scan.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

#6
Kalishnakov

Posted 21 June 2010 - 02:06 PM

Member

Topic Starter
Member
12 posts

Both logs have been provided.

Comments/inquiries have been moved to latest post.

Attached Files

TDSSKiller.2.3.2.0_21.06.2010_14.22.53_log.txt 44.86KB 486 downloads
combofix.txt 28.63KB 410 downloads

Edited by Kalishnakov, 21 June 2010 - 04:06 PM.

#7
SweetTech

Posted 21 June 2010 - 02:10 PM

Sir SpamAlot

Retired Staff
7,671 posts

Please post the logs. Do not attach them.

#8
Kalishnakov

Posted 21 June 2010 - 04:00 PM

Member

Topic Starter
Member
12 posts

Logs have been posted below. I would like to note that my Internet Explorer 8 occasionally crashes, but most prominent is the inability to click on pictured links, for example, search engine image results. I have yet to really test the system, but other than that, I think it is working alright. Windows Update has begun updating automatically again.

A recap of what I posted previously:
1. I did not install recovery console, because my system was unable to get an internet connection. Although I am unfamiliar with it, should I install the console?
2. While running DDS and GMER, I had killed many startup processes like MSN, Skype, ATI Tool Tray, MBAM, deactivated Norton, etc. so DDS may not have seen all running processes in my typical bootup.
3. I do not recall having System Restore enabled, but I believe ComboFix enabled it.
4. I was previously infected with ANTIMALWARE DOCTOR, but I think I got rid of it.
5. Is there a big security difference between Firefox and IE8?
6. When I access msconfig, I get the following message: "An Access Denied error was returned while attempting to change a service. You may need to log on using an Administrator account to make the specified changes."
7. Microsoft Update works now.
8. No more IP attacks so far.

Interestingly enough, I just scanned with Malwarebytes' and there appears to be a trojan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4222

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21/06/2010 7:50:24 PM
mbam-log-2010-06-21 (19-50-24).txt

Scan type: Full scan (C:\|F:\|)
Objects scanned: 322912
Time elapsed: 1 hour(s), 25 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{19987cee-dee8-49dc-98ec-f21380aa9e68} (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{19987cee-dee8-49dc-98ec-f21380aa9e6a} (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{19987cee-dee8-49dc-98ec-f21380aa9e6b} (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\DivX\DivX Plus DirectShow Filters\daac.ax (Trojan.Dropper) -> Quarantined and deleted successfully.

Now onto the TDSSKiller log and the CombatFix log
TDSSKILLER.2.3.2.0_21.06.2010_14.22.53_log:

14:22:53:437 3508 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
14:22:53:437 3508 ================================================================================
14:22:53:437 3508 SystemInfo:

14:22:53:437 3508 OS Version: 5.1.2600 ServicePack: 3.0
14:22:53:437 3508 Product type: Workstation
14:22:53:437 3508 ComputerName: AMZ
14:22:53:437 3508 UserName: A2Z
14:22:53:437 3508 Windows directory: C:\WINDOWS
14:22:53:437 3508 Processor architecture: Intel x86
14:22:53:437 3508 Number of processors: 2
14:22:53:437 3508 Page size: 0x1000
14:22:53:453 3508 Boot type: Normal boot
14:22:53:453 3508 ================================================================================
14:22:53:781 3508 Initialize success
14:22:53:781 3508
14:22:53:781 3508 Scanning Services ...
14:22:54:078 3508 Raw services enum returned 408 services
14:22:54:093 3508
14:22:54:093 3508 Scanning Drivers ...
14:22:54:546 3508 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:22:54:578 3508 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:22:54:625 3508 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:22:54:656 3508 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
14:22:54:734 3508 Amfilter (f826b306d88c2cea3e64d1be7e83bb73) C:\WINDOWS\system32\DRIVERS\Amfilter.sys
14:22:54:750 3508 Amusbprt (c861a356af7277f6ae23cc70b0a9559c) C:\WINDOWS\system32\DRIVERS\Amusbprt.sys
14:22:54:765 3508 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:22:54:828 3508 AsIO (663f2fb92608073824ee3106886120f3) C:\WINDOWS\system32\drivers\AsIO.sys
14:22:54:859 3508 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
14:22:54:890 3508 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:22:54:921 3508 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:22:54:968 3508 AtcL001 (19f277bc4ce5689f20f347a6b8aa8c42) C:\WINDOWS\system32\DRIVERS\atl01_xp.sys
14:22:55:078 3508 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:22:55:218 3508 ATIAVAIW (befb648d5a40b816d66283b571bbe38a) C:\WINDOWS\system32\DRIVERS\atinavt2.sys
14:22:55:250 3508 atitray (029cbc24a51ef75f3da94467dc22b5f1) C:\Program Files\ATI Tray Tools\atitray.sys
14:22:55:281 3508 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:22:55:296 3508 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:22:55:312 3508 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
14:22:55:343 3508 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:22:55:515 3508 BHDrvx86 (87c00decc19bd995217a4a5fdd4d638c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100522.001\BHDrvx86.sys
14:22:55:562 3508 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:22:55:578 3508 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:22:55:640 3508 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys
14:22:55:687 3508 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:22:55:703 3508 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:22:55:734 3508 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
14:22:55:734 3508 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:22:55:812 3508 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
14:22:55:828 3508 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:22:55:859 3508 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:22:55:906 3508 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
14:22:55:906 3508 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:22:55:937 3508 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:22:55:953 3508 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:22:56:031 3508 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:22:56:046 3508 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:22:56:062 3508 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:22:56:093 3508 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:22:56:093 3508 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:22:56:125 3508 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:22:56:140 3508 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:22:56:156 3508 fsfilter (0f2295c4f6de4a101d240a6e6496ec19) C:\WINDOWS\system32\DRIVERS\fsfilter.sys
14:22:56:171 3508 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:22:56:187 3508 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:22:56:218 3508 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:22:56:234 3508 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:22:56:265 3508 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:22:56:296 3508 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:22:56:328 3508 hidusbf (34f0823be25aed4992fd9fcf587f50d5) C:\WINDOWS\system32\DRIVERS\hidusbf.sys
14:22:56:375 3508 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
14:22:56:437 3508 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
14:22:56:515 3508 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:22:56:531 3508 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:22:56:718 3508 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100617.005\IDSxpx86.sys
14:22:56:734 3508 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:22:56:859 3508 IntcAzAudAddService (cbddab14249b2f05407fc09ab8fffb88) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:22:57:000 3508 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:22:57:015 3508 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:22:57:062 3508 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:22:57:078 3508 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:22:57:093 3508 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:22:57:125 3508 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:22:57:140 3508 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:22:57:171 3508 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:22:57:187 3508 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
14:22:57:203 3508 JRAID (7789baa564b17e1d48c67b388868956c) C:\WINDOWS\system32\DRIVERS\jraid.sys
14:22:57:203 3508 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\jraid.sys. Real md5: 7789baa564b17e1d48c67b388868956c, Fake md5: 8f55efd8b7d99465c16d06b345d50ca9
14:22:57:203 3508 File "C:\WINDOWS\system32\DRIVERS\jraid.sys" infected by TDSS rootkit ... 14:22:57:546 3508 Backup copy found, using it..
14:22:57:609 3508 will be cured on next reboot
14:22:57:687 3508 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:22:57:703 3508 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:22:57:734 3508 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
14:22:57:765 3508 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:22:57:796 3508 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:22:57:843 3508 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\WINDOWS\system32\drivers\libusb0.sys
14:22:57:875 3508 LtcyCfgWDM (969fefbba01f8b28fcbf238ae717a94a) C:\WINDOWS\system32\DRIVERS\LtcyCfgWDM.sys
14:22:57:890 3508 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys
14:22:57:921 3508 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
14:22:57:968 3508 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:22:58:015 3508 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:22:58:046 3508 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:22:58:062 3508 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:22:58:078 3508 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:22:58:093 3508 Moufiltr (956bd3a1db91f7e2b9153ee7600d5648) C:\WINDOWS\system32\DRIVERS\Moufiltr.sys
14:22:58:125 3508 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:22:58:140 3508 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:22:58:171 3508 MouseCap (d0ac7ac40fff21056b1a3401361958ca) C:\WINDOWS\system32\Drivers\MouseCap.sys
14:22:58:187 3508 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
14:22:58:203 3508 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:22:58:234 3508 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:22:58:250 3508 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:22:58:281 3508 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:22:58:296 3508 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:22:58:296 3508 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:22:58:328 3508 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:22:58:359 3508 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:22:58:390 3508 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
14:22:58:390 3508 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
14:22:58:421 3508 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:22:58:562 3508 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100619.005\NAVENG.SYS
14:22:58:593 3508 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100619.005\NAVEX15.SYS
14:22:58:687 3508 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:22:58:718 3508 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:22:58:734 3508 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:22:58:750 3508 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:22:58:765 3508 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:22:58:781 3508 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
14:22:58:796 3508 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:22:58:812 3508 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:22:58:843 3508 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:22:58:859 3508 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
14:22:58:890 3508 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
14:22:58:906 3508 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:22:58:937 3508 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
14:22:58:968 3508 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:22:59:031 3508 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:22:59:046 3508 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:22:59:062 3508 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:22:59:078 3508 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:22:59:093 3508 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
14:22:59:109 3508 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:22:59:125 3508 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:22:59:156 3508 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:22:59:187 3508 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:22:59:203 3508 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:22:59:250 3508 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:22:59:265 3508 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:22:59:281 3508 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:22:59:296 3508 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:22:59:343 3508 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:22:59:359 3508 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:22:59:359 3508 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:22:59:375 3508 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:22:59:390 3508 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:22:59:390 3508 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:22:59:406 3508 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:22:59:421 3508 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
14:22:59:453 3508 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:22:59:515 3508 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:22:59:546 3508 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
14:22:59:546 3508 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
14:22:59:562 3508 SCDEmu (23aa53256ce05b975398b78a33474265) C:\WINDOWS\system32\drivers\SCDEmu.sys
14:22:59:593 3508 SDTHOOK (f88d17b93621eeb8bef33b81e3af9207) C:\WINDOWS\system32\DRIVERS\SDTHOOK.sys
14:22:59:609 3508 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:22:59:640 3508 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:22:59:640 3508 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:22:59:656 3508 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:22:59:687 3508 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:22:59:703 3508 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:22:59:765 3508 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\WINDOWS\system32\Drivers\sptd.sys
14:22:59:765 3508 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e
14:22:59:781 3508 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:22:59:828 3508 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS
14:22:59:843 3508 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS
14:22:59:890 3508 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
14:22:59:921 3508 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:22:59:953 3508 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:22:59:968 3508 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:23:00:015 3508 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS
14:23:00:031 3508 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS
14:23:00:078 3508 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
14:23:00:109 3508 SymIM (fcde811209f6e05720676effa36e9a38) C:\WINDOWS\system32\DRIVERS\SymIM.sys
14:23:00:109 3508 SymIMMP (fcde811209f6e05720676effa36e9a38) C:\WINDOWS\system32\DRIVERS\SymIM.sys
14:23:00:125 3508 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS
14:23:00:171 3508 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS
14:23:00:218 3508 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:23:00:265 3508 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:23:00:296 3508 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:23:00:312 3508 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:23:00:312 3508 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:23:00:343 3508 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:23:00:390 3508 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:23:00:437 3508 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:23:00:484 3508 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:23:00:500 3508 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:23:00:531 3508 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:23:00:546 3508 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:23:00:578 3508 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:23:00:609 3508 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:23:00:625 3508 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:23:00:640 3508 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
14:23:00:671 3508 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:23:00:687 3508 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:23:00:718 3508 W8335XP (7e34bdb4707dcae858091be94ba346fb) C:\WINDOWS\system32\DRIVERS\Mrv8000c.sys
14:23:00:734 3508 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:23:00:765 3508 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
14:23:00:796 3508 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:23:00:843 3508 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
14:23:00:890 3508 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:23:01:078 3508 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:23:01:140 3508 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:23:01:140 3508 Reboot required for cure complete..
14:23:01:578 3508 Cure on reboot scheduled successfully
14:23:01:578 3508
14:23:01:578 3508 Completed
14:23:01:578 3508
14:23:01:578 3508 Results:
14:23:01:578 3508 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:23:01:578 3508 File objects infected / cured / cured on reboot: 1 / 0 / 1
14:23:01:578 3508
14:23:01:640 3508 KLMD(ARK) unloaded successfully

ComboFix log:

ComboFix 10-06-20.06 - A2Z 21/06/2010 14:46:18.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1342 [GMT -4:00]
Running from: c:\documents and settings\A2Z\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\nfr.assembly
c:\windows\system32\nfr.gpref

.
((((((((((((((((((((((((( Files Created from 2010-05-21 to 2010-06-21 )))))))))))))))))))))))))))))))
.

2010-06-19 02:50 . 2010-06-19 02:50 45056 ----a-w- c:\windows\system32\t6Ts2p4X.dll
2010-06-19 02:49 . 2010-06-19 02:49 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-06-19 02:01 . 2010-06-19 02:01 -------- d-----w- c:\program files\ERUNT
2010-06-18 07:19 . 2010-06-18 07:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-18 01:44 . 2010-06-18 01:44 138968 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-18 01:44 . 2010-06-18 01:44 214592 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-18 01:44 . 2010-06-18 01:44 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-17 19:32 . 2010-06-19 06:35 -------- d-----w- c:\program files\ATI Tray Tools
2010-06-17 18:46 . 2010-02-11 01:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-06-17 18:45 . 2010-06-17 19:30 -------- d-----w- c:\program files\ATI Technologies
2010-06-17 18:39 . 2010-06-17 18:40 -------- d-----w- c:\program files\Driver Cleaner Pro
2010-06-17 18:15 . 2010-06-17 18:16 -------- d-----w- c:\program files\Driver Sweeper
2010-06-17 16:01 . 2010-06-17 16:01 62633 ----a-w- c:\windows\prio197uninstall.exe
2010-06-17 15:56 . 2010-06-17 15:56 -------- d-----w- c:\documents and settings\A2Z\Local Settings\Application Data\In The Money
2010-06-17 15:07 . 2010-06-18 08:11 -------- d-----w- c:\program files\muBlinder
2010-06-17 14:31 . 2010-06-17 14:31 -------- d-----w- c:\program files\DIFX
2010-06-17 14:31 . 2010-06-17 14:31 -------- d-----w- c:\program files\USB TV
2010-06-17 14:31 . 2009-02-04 02:31 170496 ----a-w- c:\windows\system32\drivers\atinavt2.sys
2010-06-17 10:14 . 2010-06-17 10:14 -------- d-----w- c:\program files\SystemRequirementsLab
2010-06-16 10:01 . 2010-06-16 10:01 -------- d-----w- c:\documents and settings\A2Z\Application Data\Blitware
2010-06-09 10:44 . 2010-06-09 10:44 -------- d-----w- c:\documents and settings\A2Z\Local Settings\Application Data\PunkBuster
2010-06-09 08:00 . 2010-06-09 08:00 -------- d-----w- c:\documents and settings\A2Z\Local Settings\Application Data\Temp
2010-06-09 08:00 . 2010-06-09 08:00 -------- d-----w- c:\documents and settings\A2Z\Local Settings\Application Data\Equilab
2010-06-07 04:51 . 2010-06-07 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-01 04:23 . 2010-06-01 04:23 -------- d-----w- c:\documents and settings\A2Z\Local Settings\Application Data\TechSmith
2010-06-01 04:22 . 2010-06-01 04:22 -------- d-----w- c:\windows\system32\QuickTime
2010-06-01 04:22 . 2010-06-01 04:22 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-06-01 04:22 . 2010-06-01 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2010-06-01 04:22 . 2010-06-01 04:22 -------- d-----w- c:\program files\TechSmith
2010-05-23 21:44 . 2010-05-06 04:01 47408 ----a-r- c:\windows\system32\drivers\SymIM.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 18:28 . 2009-10-25 03:22 -------- d-----w- c:\documents and settings\A2Z\Application Data\Skype
2010-06-21 18:25 . 2007-09-06 20:15 46208 ----a-w- c:\windows\system32\drivers\jraid.sys
2010-06-21 01:18 . 2007-09-07 19:24 -------- d-----w- c:\program files\DivX
2010-06-20 02:25 . 2007-09-06 21:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-20 00:00 . 2009-12-09 00:44 -------- d-----w- c:\documents and settings\A2Z\Application Data\FrostWire
2010-06-19 23:48 . 2007-09-07 19:28 -------- d-----w- c:\program files\Java
2010-06-19 21:11 . 2007-09-06 19:50 70920 ----a-w- c:\documents and settings\A2Z\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-19 06:59 . 2008-03-03 05:43 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-19 05:41 . 2009-11-30 07:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-19 05:11 . 2008-03-27 04:03 -------- d-----w- c:\documents and settings\A2Z\Application Data\uTorrent
2010-06-18 02:30 . 2008-03-02 09:55 -------- d-----w- c:\program files\CCleaner
2010-06-17 18:46 . 2007-09-06 19:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-17 18:24 . 2009-08-20 01:11 -------- d-----w- c:\documents and settings\A2Z\Application Data\ATI
2010-06-17 17:26 . 2010-02-06 08:11 193344 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-17 11:04 . 2010-06-17 11:04 63488 ----a-w- c:\documents and settings\A2Z\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-15 03:48 . 2009-11-29 08:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 09:28 . 2010-06-09 09:28 139152 ----a-w- c:\documents and settings\A2Z\Application Data\PnkBstrK.sys
2010-06-09 09:28 . 2010-06-09 09:28 139152 ----a-w- c:\documents and settings\A2Z\Application Data\PnkBstrK.sys
2010-06-07 04:56 . 2010-06-07 04:56 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-07 04:56 . 2010-06-07 04:56 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-07 04:56 . 2010-06-07 04:56 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-07 04:56 . 2010-06-07 04:56 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-07 04:56 . 2010-06-07 04:56 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 84062 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-07 04:54 . 2010-06-07 04:54 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-07 04:54 . 2010-06-07 04:54 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-07 04:54 . 2010-02-01 01:22 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-07 04:51 . 2010-06-07 04:56 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-07 04:51 . 2010-06-07 04:51 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-06-07 04:51 . 2010-06-07 04:56 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-30 01:06 . 2009-02-24 23:44 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-30 01:02 . 2008-03-27 04:03 -------- d-----w- c:\program files\uTorrent
2010-05-23 22:34 . 2010-05-23 22:34 48388 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-05-23 22:34 . 2010-02-28 06:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-05-16 08:05 . 2009-10-13 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-29 19:39 . 2009-11-29 08:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-11-29 08:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 18:40 . 2007-09-07 19:24 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-04-27 18:40 . 2007-09-07 19:24 123888 -c----w- c:\windows\system32\pxcpyi64.exe
2010-04-27 18:40 . 2007-09-07 19:24 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-27 18:40 . 2007-09-07 19:24 126448 -c----w- c:\windows\system32\pxinsi64.exe
2008-03-01 06:51 . 2008-03-01 06:51 5240347 -csha-w- c:\windows\PAHud-Install-v1.18.exe
2009-12-21 05:25 . 2009-05-15 07:40 170610976 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-21 05:25 . 2009-05-15 07:40 4341536 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6A91056-83E0-4C6E-8DCC-43FC0DFE7A0A}]
2010-06-19 02:50 45056 ----a-w- c:\windows\system32\t6Ts2p4X.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"AtiTrayTools"="c:\program files\ATI Tray Tools\atitray.exe" [2010-04-22 883200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-07-04 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2009-07-04 1953792]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-04-09 1423360]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"muBlinder"="c:\program files\muBlinder\muBlinder.exe" [2010-02-24 1462784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\prio.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^A2Z^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\A2Z\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Configuration Utility HW.51.lnk]
backup=c:\windows\pss\Wireless Configuration Utility HW.51.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2009-07-04 07:40 299008 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 17:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-20 14:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-07-04 07:43 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\A2Z\\Desktop\\utorrent.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/11/2007 7:47 PM 722416]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [20/05/2010 7:44 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [20/05/2010 7:44 PM 173104]
R1 atitray;atitray;c:\program files\ATI Tray Tools\atitray.sys [22/04/2010 12:15 AM 19232]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [20/05/2010 7:44 PM 501888]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/10/2009 10:24 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 10:24 PM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [20/05/2010 7:44 PM 116784]
R2 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100522.001\BHDrvx86.sys [22/05/2010 2:16 PM 691248]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29/11/2009 4:24 AM 304464]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [20/05/2010 7:44 PM 126392]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [13/03/2009 6:50 AM 65536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [17/06/2010 5:17 AM 102448]
R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [06/09/2007 2:59 PM 4544]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100617.005\IDSXpx86.sys [18/06/2010 6:06 PM 331640]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [17/02/2009 10:44 PM 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29/11/2009 4:23 AM 20952]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [06/09/2007 9:59 PM 38656]
S3 B-Service;B-Service;c:\documents and settings\A2Z\Application Data\Mikogo\B-Service.exe [15/01/2010 5:07 PM 185640]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 11:58 AM 11336]
S3 fsfilter;Fighting Stick Filter Driver;c:\windows\system32\drivers\fsfilter.sys [28/02/2009 8:06 PM 4992]
S3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [26/12/2005 12:24 AM 6656]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
S3 MouseCap;MouseCapture Driver;c:\windows\system32\drivers\MouseCap.sys [08/08/2005 2:44 PM 6640]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 4:22 PM 34064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 10:24 PM 12872]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [02/03/2008 10:31 AM 44928]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-06-21 c:\windows\Tasks\Auslogics Console Defragmentation.job
- c:\program files\Auslogics\BoostSpeed\cdefrag.exe [2009-07-04 18:54]

2010-06-21 c:\windows\Tasks\User_Feed_Synchronization-{8825A66C-7C4C-45E0-BB90-454FA438416D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ca.yahoo.com/?fr=fp-yie8
mWindow Title =
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Download All Files by HiDownload
IE: Download by HiDownload
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: live.com\onecare
Trusted Zone: microsoft.com\www.update
TCP: {E5B762EC-A66A-450B-8639-611B22592849} = 192.168.2.1
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {14E35D5F-DEBA-4DB3-B2ED-17542BA12D1F} - hxxp://www.tanhoalap.blogdns.com/AVC_AX_DVR.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A}
FF - ProfilePath - c:\documents and settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p=
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.ca
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBattlerapPlugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
SafeBoot-klmdb.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-21 14:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spns.sys >>UNKNOWN [0x8A873938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba11cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e66cb8
\Driver\atapi -> atapi.sys @ 0xb9dfbb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1214440339-1532298954-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\A2Z\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\A2Z\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\A2Z\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1620)
c:\windows\system32\WININET.dll
c:\program files\ATI Tray Tools\raphook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\RTHDCPL.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~3\rapimgr.exe
.
**************************************************************************
.
Completion time: 2010-06-21 15:01:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-21 19:01

Pre-Run: 211,660,062,720 bytes free
Post-Run: 211,472,617,472 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 953B492DD3BCE7DD96719EE2D6523ED1

Okay, so a couple new things I've noticed:
My start menu icons display as links instead of menus (menu was my standard).

Edited by Kalishnakov, 21 June 2010 - 09:22 PM.

#9
SweetTech

Posted 21 June 2010 - 09:24 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hello,

The issues you are experiencing with Norton are most likely because it is currently disabled. Please make your way through this fix and post the requested logs.

ComboFix Script

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::

File::
c:\windows\system32\t6Ts2p4X.dll

DDS::
uInternet Settings,ProxyServer = http=localhost:7171
IE: Download All Files by HiDownload
IE: Download by HiDownload
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A}

RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT:

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT:

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

NEXT:

OTL Custom Scan

We need to run an OTL Custom Scan

Please reopen on your desktop.
Copy and Paste the following bolded text into the textbox.

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /180
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
Push
A report will open. Copy and Paste that report in your next reply.

NEXT:

Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the ComboFix scan.
3. The log that was produced after running the updated MalwareBytes' Anti-Malware scan.
4. The log that was produced after running the ESET Online Virus Scanner.
5. The log that was produced after running the OTL scan.
6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Cheers,
SweetTech.

#10
Kalishnakov

Posted 22 June 2010 - 02:14 AM

Member

Topic Starter
Member
12 posts

1. For the ESET scan, as soon as it started scanning, I unplugged the internet connection on purpose. I hope that did not mess the results up, but I am pleased to say that there have been nothing found. Is there anything else I can do to ensure that I am rid of most, if not all, malware? Your help has been very appreciated and I am amazed at how you break down the lengthy logs.
I've previously pointed out that if I view the service tab in MSCONFIG and press OK, I'll be prompted with a Access Denied Error. Also, I changed my Start Menu icons to menus instead of being links, but it did not save on reboot. I am inclined to think that either I did not reboot properly when I had just changed the menu settings(I do recall my computer being stuck during bootup once) or that me tampering with the registry (allowed permissions) to uninstall an old version of Adobe Reader that previously would not uninstall itself because of registry access issues has locked it?

2. ComboFix 10-06-21.01 - A2Z 22/06/2010 0:53.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1304 [GMT -4:00]
Running from: c:\documents and settings\A2Z\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\A2Z\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\windows\system32\t6Ts2p4X.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\t6Ts2p4X.dll

.
((((((((((((((((((((((((( Files Created from 2010-05-22 to 2010-06-22 )))))))))))))))))))))))))))))))
.

2010-06-21 23:52 . 2010-06-21 23:52 193344 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-21 19:53 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-19 02:49 . 2010-06-19 02:49 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-06-19 02:01 . 2010-06-19 02:01 -------- d-----w- c:\program files\ERUNT
2010-06-18 07:19 . 2010-06-18 07:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-18 01:44 . 2010-06-18 01:44 138968 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-18 01:44 . 2010-06-18 01:44 214592 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-18 01:44 . 2010-06-18 01:44 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-17 19:32 . 2010-06-19 06:35 -------- d-----w- c:\program files\ATI Tray Tools
2010-06-17 18:46 . 2010-02-11 01:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-06-17 18:45 . 2010-06-17 19:30 -------- d-----w- c:\program files\ATI Technologies
2010-06-17 18:39 . 2010-06-17 18:40 -------- d-----w- c:\program files\Driver Cleaner Pro
2010-06-17 18:15 . 2010-06-17 18:16 -------- d-----w- c:\program files\Driver Sweeper
2010-06-17 16:01 . 2010-06-17 16:01 62633 ----a-w- c:\windows\prio197uninstall.exe
2010-06-17 15:56 . 2010-06-17 15:56 -------- d-----w- c:\documents and settings\A2Z\Local Settings\Application Data\In The Money
2010-06-17 15:07 . 2010-06-22 04:39 -------- d-----w- c:\program files\muBlinder
2010-06-17 14:31 . 2010-06-17 14:31 -------- d-----w- c:\program files\DIFX
2010-06-17 14:31 . 2010-06-17 14:31 -------- d-----w- c:\program files\USB TV
2010-06-17 14:31 . 2009-02-04 02:31 170496 ----a-w- c:\windows\system32\drivers\atinavt2.sys
2010-06-17 10:14 . 2010-06-17 10:14 -------- d-----w- c:\program files\SystemRequirementsLab
2010-06-16 10:01 . 2010-06-16 10:01 -------- d-----w- c:\documents and settings\A2Z\Application Data\Blitware
2010-06-09 10:44 . 2010-06-09 10:44 -------- d-----w- c:\documents and settings\A2Z\Local Settings\Application Data\PunkBuster
2010-06-09 08:00 . 2010-06-09 08:00 -------- d-----w- c:\documents and settings\A2Z\Local Settings\Application Data\Temp
2010-06-09 08:00 . 2010-06-09 08:00 -------- d-----w- c:\documents and settings\A2Z\Local Settings\Application Data\Equilab
2010-06-07 04:51 . 2010-06-07 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-01 04:23 . 2010-06-01 04:23 -------- d-----w- c:\documents and settings\A2Z\Local Settings\Application Data\TechSmith
2010-06-01 04:22 . 2010-06-01 04:22 -------- d-----w- c:\windows\system32\QuickTime
2010-06-01 04:22 . 2010-06-01 04:22 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-06-01 04:22 . 2010-06-01 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2010-06-01 04:22 . 2010-06-01 04:22 -------- d-----w- c:\program files\TechSmith
2010-05-23 21:44 . 2010-05-06 04:01 47408 ----a-r- c:\windows\system32\drivers\SymIM.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-22 05:01 . 2009-10-25 03:22 -------- d-----w- c:\documents and settings\A2Z\Application Data\Skype
2010-06-22 04:04 . 2009-12-09 00:44 -------- d-----w- c:\documents and settings\A2Z\Application Data\FrostWire
2010-06-21 20:13 . 2010-01-02 02:56 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-21 20:08 . 2009-10-13 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-21 18:25 . 2007-09-06 20:15 46208 ----a-w- c:\windows\system32\drivers\jraid.sys
2010-06-21 01:18 . 2007-09-07 19:24 -------- d-----w- c:\program files\DivX
2010-06-20 02:25 . 2007-09-06 21:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-19 23:48 . 2007-09-07 19:28 -------- d-----w- c:\program files\Java
2010-06-19 21:11 . 2007-09-06 19:50 70920 ----a-w- c:\documents and settings\A2Z\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-19 06:59 . 2008-03-03 05:43 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-19 05:41 . 2009-11-30 07:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-19 05:11 . 2008-03-27 04:03 -------- d-----w- c:\documents and settings\A2Z\Application Data\uTorrent
2010-06-18 02:30 . 2008-03-02 09:55 -------- d-----w- c:\program files\CCleaner
2010-06-17 18:46 . 2007-09-06 19:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-17 18:24 . 2009-08-20 01:11 -------- d-----w- c:\documents and settings\A2Z\Application Data\ATI
2010-06-17 11:04 . 2010-06-17 11:04 63488 ----a-w- c:\documents and settings\A2Z\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-15 03:48 . 2009-11-29 08:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 09:28 . 2010-06-09 09:28 139152 ----a-w- c:\documents and settings\A2Z\Application Data\PnkBstrK.sys
2010-06-09 09:28 . 2010-06-09 09:28 139152 ----a-w- c:\documents and settings\A2Z\Application Data\PnkBstrK.sys
2010-06-07 04:56 . 2010-06-07 04:56 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-07 04:56 . 2010-06-07 04:56 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-07 04:56 . 2010-06-07 04:56 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-07 04:56 . 2010-06-07 04:56 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-07 04:56 . 2010-06-07 04:56 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 84062 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-07 04:54 . 2010-06-07 04:54 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-07 04:54 . 2010-06-07 04:54 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-07 04:54 . 2010-02-01 01:22 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-07 04:51 . 2010-06-07 04:56 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-07 04:51 . 2010-06-07 04:51 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-06-07 04:51 . 2010-06-07 04:56 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-30 01:06 . 2009-02-24 23:44 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-30 01:02 . 2008-03-27 04:03 -------- d-----w- c:\program files\uTorrent
2010-05-23 22:34 . 2010-05-23 22:34 48388 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-05-23 22:34 . 2010-02-28 06:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-05-06 10:41 . 2004-08-04 01:07 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 01:07 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2009-11-29 08:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-11-29 08:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 18:40 . 2007-09-07 19:24 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-04-27 18:40 . 2007-09-07 19:24 123888 -c----w- c:\windows\system32\pxcpyi64.exe
2010-04-27 18:40 . 2007-09-07 19:24 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-27 18:40 . 2007-09-07 19:24 126448 -c----w- c:\windows\system32\pxinsi64.exe
2010-04-20 05:30 . 2004-08-04 01:07 285696 ----a-w- c:\windows\system32\atmfd.dll
2008-03-01 06:51 . 2008-03-01 06:51 5240347 -csha-w- c:\windows\PAHud-Install-v1.18.exe
2009-12-21 05:25 . 2009-05-15 07:40 170610976 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-21 05:25 . 2009-05-15 07:40 4341536 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"AtiTrayTools"="c:\program files\ATI Tray Tools\atitray.exe" [2010-04-22 883200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-07-04 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2009-07-04 1953792]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-04-09 1423360]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"muBlinder"="c:\program files\muBlinder\muBlinder.exe" [2010-02-24 1462784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\prio.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^A2Z^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\A2Z\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Configuration Utility HW.51.lnk]
backup=c:\windows\pss\Wireless Configuration Utility HW.51.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2009-07-04 07:40 299008 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 17:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-20 14:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-07-04 07:43 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\A2Z\\Desktop\\utorrent.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/11/2007 7:47 PM 722416]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [20/05/2010 7:44 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [20/05/2010 7:44 PM 173104]
R1 atitray;atitray;c:\program files\ATI Tray Tools\atitray.sys [22/04/2010 12:15 AM 19232]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [20/05/2010 7:44 PM 501888]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/10/2009 10:24 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 10:24 PM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [20/05/2010 7:44 PM 116784]
R2 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100522.001\BHDrvx86.sys [22/05/2010 2:16 PM 691248]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29/11/2009 4:24 AM 304464]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [20/05/2010 7:44 PM 126392]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [13/03/2009 6:50 AM 65536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [17/06/2010 5:17 AM 102448]
R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [06/09/2007 2:59 PM 4544]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100617.005\IDSXpx86.sys [18/06/2010 6:06 PM 331640]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [17/02/2009 10:44 PM 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29/11/2009 4:23 AM 20952]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [06/09/2007 9:59 PM 38656]
S3 B-Service;B-Service;c:\documents and settings\A2Z\Application Data\Mikogo\B-Service.exe [15/01/2010 5:07 PM 185640]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 11:58 AM 11336]
S3 fsfilter;Fighting Stick Filter Driver;c:\windows\system32\drivers\fsfilter.sys [28/02/2009 8:06 PM 4992]
S3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [26/12/2005 12:24 AM 6656]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
S3 MouseCap;MouseCapture Driver;c:\windows\system32\drivers\MouseCap.sys [08/08/2005 2:44 PM 6640]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 4:22 PM 34064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 10:24 PM 12872]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [02/03/2008 10:31 AM 44928]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-06-21 c:\windows\Tasks\Auslogics Console Defragmentation.job
- c:\program files\Auslogics\BoostSpeed\cdefrag.exe [2009-07-04 18:54]

2010-06-22 c:\windows\Tasks\User_Feed_Synchronization-{8825A66C-7C4C-45E0-BB90-454FA438416D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ca.yahoo.com/?fr=fp-yie8
mWindow Title =
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Download All Files by HiDownload
IE: Download by HiDownload
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: live.com\onecare
Trusted Zone: microsoft.com\www.update
TCP: {E5B762EC-A66A-450B-8639-611B22592849} = 192.168.2.1
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {14E35D5F-DEBA-4DB3-B2ED-17542BA12D1F} - hxxp://www.tanhoalap.blogdns.com/AVC_AX_DVR.cab
FF - ProfilePath - c:\documents and settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p=
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.ca
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{C6A91056-83E0-4C6E-8DCC-43FC0DFE7A0A} - c:\windows\system32\t6Ts2p4X.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-22 01:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spqi.sys >>UNKNOWN [0x8A881938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba11cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e66cb8
\Driver\atapi -> atapi.sys @ 0xb9dfbb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1214440339-1532298954-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\A2Z\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\A2Z\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\A2Z\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3224)
c:\windows\system32\WININET.dll
c:\program files\ATI Tray Tools\raphook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~3\rapimgr.exe
.
**************************************************************************
.
Completion time: 2010-06-22 01:08:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-22 05:08
ComboFix2.txt 2010-06-21 19:01

Pre-Run: 210,861,359,104 bytes free
Post-Run: 211,044,470,784 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - AC521127F474AB97DEAFBF66887C652D

3. Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4223

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22/06/2010 1:23:30 AM
mbam-log-2010-06-22 (01-23-30).txt

Scan type: Quick scan
Objects scanned: 161301
Time elapsed: 6 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

4. ESET Scan did not find anything, thus, no log produced.

5. OTL logfile created on: 22/06/2010 3:55:15 AM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\A2Z\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 196.52 Gb Free Space | 84.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 220.87 Gb Free Space | 47.42% Space Free | Partition Type: NTFS
Drive G: | 3.72 Gb Total Space | 3.71 Gb Free Space | 99.53% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMZ
Current User Name: A2Z
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/21 12:41:10 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A2Z\Desktop\OTL.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/22 00:20:00 | 000,883,200 | ---- | M] (Ray Adams) -- C:\Program Files\ATI Tray Tools\atitray.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
PRC - [2009/04/11 02:30:25 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2009/03/13 06:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009/03/13 06:48:48 | 003,678,208 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/09 14:49:00 | 001,423,360 | ---- | M] () -- C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
PRC - [2006/11/13 14:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 14:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005/03/09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe

========== Modules (SafeList) ==========

MOD - [2010/06/21 12:41:10 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A2Z\Desktop\OTL.exe
MOD - [2010/05/14 01:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll
MOD - [2009/12/14 06:12:00 | 000,187,904 | ---- | M] () -- C:\Program Files\ATI Tray Tools\raphook.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/02/09 05:25:18 | 000,010,264 | ---- | M] (O&K Software) -- C:\WINDOWS\system32\prio.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)
SRV - [2010/01/15 17:07:42 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Documents and Settings\A2Z\Application Data\Mikogo\B-Service.exe -- (B-Service)
SRV - [2009/11/06 10:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/07/04 03:51:48 | 000,421,888 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxbtcoms.exe -- (lxbt_device)
SRV - [2009/07/04 03:39:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2009/04/11 02:30:25 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2009/03/13 06:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2007/11/29 02:27:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/11/06 16:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2005/03/09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/06/21 14:25:04 | 000,046,208 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2010/06/15 05:42:28 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/28 22:56:54 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/28 22:56:54 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/28 15:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100617.005\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/22 14:16:04 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100522.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/05/10 19:31:17 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100621.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/10 19:31:16 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100621.022\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/05/06 00:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/05/06 00:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/22 00:15:04 | 000,019,232 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\ATI Tray Tools\atitray.sys -- (atitray)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/04/05 22:08:56 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/04/05 22:08:56 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys -- (ccHP)
DRV - [2010/02/11 03:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/12/21 21:08:36 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/30 05:42:37 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/05 18:06:13 | 000,328,752 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS -- (SymDS)
DRV - [2009/07/26 22:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/07/04 03:51:36 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/04/11 02:30:25 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/03 22:31:16 | 000,170,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2008/05/06 02:01:50 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/11/06 16:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/06/05 11:56:40 | 000,044,928 | ---- | M] (Panda Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SDTHOOK.SYS -- (SDTHOOK)
DRV - [2007/03/15 10:12:02 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2007/03/10 14:29:56 | 000,004,992 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fsfilter.sys -- (fsfilter)
DRV - [2006/11/08 21:19:18 | 000,004,544 | ---- | M] (SweetLow) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusbf.sys -- (hidusbf)
DRV - [2006/10/18 15:12:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/02/07 15:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/12/26 00:24:00 | 000,006,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LtcyCfgWDM.sys -- (LtcyCfgWDM)
DRV - [2005/09/21 04:26:36 | 000,006,656 | R--- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter)
DRV - [2005/09/21 04:25:40 | 000,012,800 | R--- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt)
DRV - [2005/08/08 14:44:04 | 000,006,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MouseCap.sys -- (MouseCap)
DRV - [2005/08/06 15:13:12 | 000,009,661 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Moufiltr.sys -- (Moufiltr)
DRV - [2005/03/09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2005/01/03 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/12/24 00:43:38 | 000,253,440 | R--- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mrv8000c.sys -- (W8335XP)
DRV - [2004/08/13 14:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/?fr=fp-yie8
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....r=ytff-tyc8&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc8"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc8"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.ca"
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.30
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:8.6.7.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://ca.search.yah...h?fr=mcafee&p="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 7171

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/05/25 23:55:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/01/17 19:28:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/06 23:19:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/19 22:25:10 | 000,000,000 | ---D | M]

[2009/05/02 22:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A2Z\Application Data\Mozilla\Extensions
[2009/05/02 22:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A2Z\Application Data\Mozilla\Extensions\[email protected]
[2010/06/19 02:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\extensions
[2010/06/18 03:02:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/14 08:07:27 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/04 00:06:23 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/29 02:11:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/20 23:59:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/30 01:12:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/06/09 05:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\extensions\[email protected]
[2009/10/31 23:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\extensions\[email protected]
[2010/06/19 19:49:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/18 03:19:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/01/27 16:59:42 | 000,018,432 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npBattlerapPlugin2.dll
[2010/06/18 03:19:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2009/12/20 23:59:22 | 000,002,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/06/22 00:59:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [muBlinder] C:\Program Files\muBlinder\muBlinder.exe (KRX)
O4 - HKCU..\Run: [AtiTrayTools] C:\Program Files\ATI Tray Tools\atitray.exe (Ray Adams)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: live.com ([onecare] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {14E35D5F-DEBA-4DB3-B2ED-17542BA12D1F} http://www.tanhoalap.../AVC_AX_DVR.cab (CV781Object Object)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} http://www.symantec....abs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1259483285171 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory....ap/PhtPkMSN.cab (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://www.donkr.com...geUploader4.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\prio.dll) - C:\WINDOWS\system32\prio.dll (O&K Software)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/06 14:33:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/11/28 22:33:42 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: VIDC.IV50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183528496136192)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/22 03:30:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/22 03:28:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/22 00:52:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/21 15:53:25 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/21 14:36:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/21 14:36:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/21 14:36:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/21 14:36:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/21 14:33:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/21 14:22:32 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\A2Z\Desktop\tdsskiller.exe
[2010/06/21 12:47:33 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\A2Z\Desktop\OTL.exe
[2010/06/21 12:43:39 | 010,341,832 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\A2Z\Desktop\windows-kb890830-v3.8.exe
[2010/06/19 00:55:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/19 00:55:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/18 22:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/18 22:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/18 22:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/18 21:18:56 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\A2Z\Desktop\TFC.exe
[2010/06/18 03:19:20 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/18 03:19:20 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/18 03:19:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/18 03:19:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/18 03:02:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A2Z\My Documents\Downloads
[2010/06/17 15:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Tray Tools
[2010/06/17 14:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/06/17 14:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Cleaner Pro
[2010/06/17 14:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Sweeper
[2010/06/17 11:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A2Z\Local Settings\Application Data\In The Money
[2010/06/17 11:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\muBlinder
[2010/06/17 10:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/06/17 10:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\USB TV
[2010/06/17 10:31:01 | 000,170,496 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinavt2.sys
[2010/06/17 10:31:01 | 000,106,496 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atinppt2.ax
[2010/06/17 06:14:28 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/06/16 06:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A2Z\Application Data\Blitware
[2010/06/09 06:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A2Z\Local Settings\Application Data\PunkBuster
[2010/06/09 06:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A2Z\My Documents\EA SPORTS™ FIFA Online
[2010/06/09 05:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\FIFAOnlineSetup
[2010/06/09 04:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A2Z\Local Settings\Application Data\Temp
[2010/06/09 04:00:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A2Z\Local Settings\Application Data\Equilab
[2010/06/07 00:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/06/01 00:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A2Z\Local Settings\Application Data\TechSmith
[2010/06/01 00:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A2Z\My Documents\Camtasia Studio
[2010/06/01 00:22:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010/06/01 00:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2010/06/01 00:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010/06/01 00:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/05/23 17:44:24 | 000,047,408 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys

========== Files - Modified Within 30 Days ==========

[2010/06/22 04:00:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8825A66C-7C4C-45E0-BB90-454FA438416D}.job
[2010/06/22 03:20:08 | 021,757,952 | ---- | M] () -- C:\Documents and Settings\A2Z\NTUSER.DAT
[2010/06/22 03:01:10 | 000,000,379 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/22 03:01:10 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/22 03:01:10 | 000,000,272 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/22 00:59:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/22 00:58:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/22 00:58:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/22 00:57:35 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\A2Z\ntuser.ini
[2010/06/22 00:47:15 | 003,717,720 | R--- | M] () -- C:\Documents and Settings\A2Z\Desktop\ComboFix.exe
[2010/06/21 20:04:58 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/06/21 17:51:16 | 000,000,608 | ---- | M] () -- C:\WINDOWS\prio.ini
[2010/06/21 16:24:48 | 000,002,339 | ---- | M] () -- C:\Documents and Settings\A2Z\Application Data\Microsoft\Internet Explorer\Quick Launch\Holdem Manager.lnk
[2010/06/21 16:13:34 | 001,562,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/21 16:09:06 | 000,675,908 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\Cat.DB
[2010/06/21 16:08:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/21 16:02:12 | 000,494,358 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/21 16:02:12 | 000,436,514 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/21 16:02:12 | 000,069,284 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/21 15:49:10 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/21 14:25:04 | 000,046,208 | ---- | M] (JMicron Technology Corp.) -- C:\WINDOWS\System32\drivers\jraid.sys
[2010/06/21 13:38:30 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\A2Z\Desktop\tdsskiller.exe
[2010/06/21 12:41:48 | 000,867,892 | ---- | M] () -- C:\Documents and Settings\A2Z\Desktop\SecurityCheck.exe
[2010/06/21 12:41:10 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A2Z\Desktop\OTL.exe
[2010/06/21 12:40:20 | 010,341,832 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\A2Z\Desktop\windows-kb890830-v3.8.exe
[2010/06/20 21:18:43 | 000,124,416 | ---- | M] () -- C:\Documents and Settings\A2Z\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/20 20:21:27 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Console Defragmentation.job
[2010/06/20 01:06:34 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\A2Z\Desktop\dds.scr
[2010/06/19 22:25:14 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/19 21:12:47 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\A2Z\Desktop\dvtjc6y0.exe
[2010/06/19 17:11:02 | 000,070,920 | ---- | M] () -- C:\Documents and Settings\A2Z\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/19 00:44:04 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\A2Z\Desktop\gmer.zip
[2010/06/18 22:01:36 | 000,000,621 | ---- | M] () -- C:\Documents and Settings\A2Z\Desktop\NTREGOPT.lnk
[2010/06/18 22:01:36 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\A2Z\Desktop\ERUNT.lnk
[2010/06/18 21:19:02 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A2Z\Desktop\TFC.exe
[2010/06/18 03:19:06 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/18 03:19:06 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/18 03:19:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/18 03:19:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/18 03:19:06 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/17 21:44:44 | 000,138,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/06/17 21:44:35 | 000,214,592 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/06/17 14:39:56 | 000,001,648 | ---- | M] () -- C:\Documents and Settings\A2Z\Desktop\Driver Cleaner Pro.lnk
[2010/06/17 14:06:27 | 000,001,557 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/06/17 12:01:52 | 000,062,633 | ---- | M] () -- C:\WINDOWS\prio197uninstall.exe
[2010/06/17 12:01:52 | 000,000,135 | ---- | M] () -- C:\WINDOWS\System32\prio.ini
[2010/06/13 01:34:32 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/09 08:24:25 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\A2Z\Application Data\winscp.rnd
[2010/06/09 05:29:18 | 000,001,575 | ---- | M] () -- C:\Documents and Settings\A2Z\Desktop\EA SPORTS™ FIFA Online.lnk
[2010/06/09 05:29:18 | 000,000,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EA SPORTS™ FIFA Online Portal.url
[2010/06/09 05:28:52 | 000,139,152 | ---- | M] () -- C:\Documents and Settings\A2Z\Application Data\PnkBstrK.sys
[2010/06/09 03:59:52 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\A2Z\Desktop\Poker Evolution Equilab.lnk
[2010/06/07 00:55:50 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/07 00:55:30 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/06/01 00:22:31 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Camtasia Studio 7.lnk
[2010/05/29 21:06:22 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/23 17:43:54 | 000,001,983 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK

========== Files Created - No Company Name ==========

[2010/06/22 00:52:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/22 00:52:38 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/21 19:52:58 | 000,193,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/21 14:36:31 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/21 14:36:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/21 14:36:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/21 14:36:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/21 14:36:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/21 14:33:10 | 003,717,720 | R--- | C] () -- C:\Documents and Settings\A2Z\Desktop\ComboFix.exe
[2010/06/21 12:47:35 | 000,867,892 | ---- | C] () -- C:\Documents and Settings\A2Z\Desktop\SecurityCheck.exe
[2010/06/20 19:51:41 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\A2Z\Desktop\dds.scr
[2010/06/19 22:25:12 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/19 21:12:46 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\A2Z\Desktop\dvtjc6y0.exe
[2010/06/19 00:44:03 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\A2Z\Desktop\gmer.zip
[2010/06/18 22:01:36 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\A2Z\Desktop\NTREGOPT.lnk
[2010/06/18 22:01:36 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\A2Z\Desktop\ERUNT.lnk
[2010/06/17 21:44:45 | 000,138,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/06/17 21:44:36 | 000,214,592 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/06/17 21:44:30 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/06/17 14:46:33 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/06/17 14:39:56 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\A2Z\Desktop\Driver Cleaner Pro.lnk
[2010/06/17 12:53:59 | 000,000,608 | ---- | C] () -- C:\WINDOWS\prio.ini
[2010/06/17 12:01:52 | 000,062,633 | ---- | C] () -- C:\WINDOWS\prio197uninstall.exe
[2010/06/17 12:01:52 | 000,000,135 | ---- | C] () -- C:\WINDOWS\System32\prio.ini
[2010/06/17 10:31:01 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc01.cod
[2010/06/17 05:06:34 | 000,000,488 | ---- | C] () -- C:\WINDOWS\tasks\Auslogics Console Defragmentation.job
[2010/06/09 09:03:53 | 000,001,575 | ---- | C] () -- C:\Documents and Settings\A2Z\Desktop\EA SPORTS™ FIFA Online.lnk
[2010/06/09 06:44:56 | 000,214,592 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/06/09 05:29:18 | 000,000,194 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EA SPORTS™ FIFA Online Portal.url
[2010/06/09 05:28:52 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\A2Z\Application Data\PnkBstrK.sys
[2010/06/07 00:55:50 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/07 00:55:30 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/06/01 00:22:31 | 000,000,903 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Camtasia Studio 7.lnk
[2010/03/25 18:19:41 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Equilab.INI
[2010/03/01 23:48:31 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/30 20:32:52 | 000,015,121 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/11/29 11:09:58 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/06/21 00:40:08 | 000,000,117 | ---- | C] () -- C:\WINDOWS\n02.ini
[2009/03/08 03:30:06 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/02/17 22:44:42 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2008/11/09 03:44:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI
[2008/03/04 19:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2008/03/02 00:09:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/11/11 23:29:19 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/11 20:10:03 | 000,000,170 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/11/11 19:47:57 | 000,722,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/10/07 00:11:14 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2007/10/07 00:11:14 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2007/10/06 23:41:04 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\lxbthwdf.dll
[2007/10/06 23:41:04 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lxbtcoin.dll
[2007/10/06 23:41:04 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\lxbtsnls.dll
[2007/10/06 23:41:04 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbtvs.dll
[2007/10/06 23:41:04 | 000,001,832 | ---- | C] () -- C:\WINDOWS\System32\lxbtprod.ini
[2007/09/21 00:29:34 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\zlib1.dll
[2007/09/21 00:29:34 | 000,001,144 | -HS- | C] () -- C:\WINDOWS\System32\drivers\ServUDaemon.ini
[2007/09/20 18:12:17 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/09/17 03:09:06 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/09/10 21:15:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/06 16:53:49 | 000,001,557 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/09/06 16:30:43 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2007/09/06 16:30:42 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2007/09/06 15:18:16 | 000,015,159 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2007/09/06 15:17:56 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/09/06 15:17:41 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/07/26 19:06:22 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/02/09 05:25:06 | 000,230,424 | ---- | C] () -- C:\WINDOWS\ptm_nt.dll
[2005/12/26 00:24:00 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\LtcyCfgWDM.sys
[2005/08/08 14:44:04 | 000,006,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\MouseCap.sys
[2004/08/03 20:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.* >
[2009/12/21 01:28:10 | 000,061,304 | ---- | M] () -- C:\aaw7boot.log
[2008/03/17 23:55:27 | 000,020,650 | ---- | M] () -- C:\ASLog.txt
[2007/09/06 14:33:11 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/21 20:04:58 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/06/22 03:01:10 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2009/02/03 19:57:50 | 000,001,415 | ---- | M] () -- C:\cmdline.txt
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/06/22 01:08:45 | 000,028,698 | ---- | M] () -- C:\ComboFix.txt
[2007/09/06 14:33:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/04/30 00:51:20 | 000,003,532 | ---- | M] () -- C:\drmHeader.bin
[2007/09/06 14:33:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/08 17:48:03 | 000,002,467 | ---- | M] () -- C:\moduleName.txt
[2007/09/06 14:33:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 21:07:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/03 03:33:36 | 000,250,048 | ---- | M] () -- C:\ntldr
[2009/08/14 07:50:38 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/08/14 07:50:38 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2010/03/02 21:21:57 | 000,017,621 | ---- | M] () -- C:\OngameGrab.txt
[2010/06/22 00:58:30 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/09/07 00:03:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/09/07 00:03:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/06/21 14:23:01 | 000,045,938 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_21.06.2010_14.22.53_log.txt
[2010/06/21 14:31:16 | 000,044,994 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_21.06.2010_14.31.09_log.txt
[2008/11/08 17:07:25 | 000,000,216 | ---- | M] () -- C:\temp.txt
[2009/01/06 22:40:31 | 000,000,044 | ---- | M] () -- C:\winamp.ini
[2008/10/24 23:00:19 | 000,000,004 | RHS- | M] () -- C:\WINOS.SYS

< %systemroot%\*. /mp /s >

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\*.dll /lockedfiles >
[2010/05/06 06:41:50 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/11/28 22:39:00 | 003,932,160 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/11/29 03:04:05 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2009/11/28 22:39:00 | 046,399,488 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/11/28 22:39:00 | 008,126,464 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/02/11 03:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys
[2010/06/21 14:25:04 | 000,046,208 | ---- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\drivers\jraid.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/06/17 21:44:44 | 000,138,968 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys
[2010/04/27 14:40:40 | 000,045,648 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys
[2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/05/06 00:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004/02/12 11:09:02 | 000,075,264 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBTPP5C.DLL
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

========== Files - Unicode (All) ==========
[2009/08/14 08:07:32 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\?????????????????4????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥䉜汥屬敂汬䤠瑮牥敮⁴敓畣楲祴匠牥楶散屳慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/08/14 08:07:32 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\?????????????????4????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥䉜汥屬敂汬䤠瑮牥敮⁴敓畣楲祴匠牥楶散屳慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g

========== Alternate Data Streams ==========

@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0A96209
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CFFB598
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C05A8628
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CEFE51A
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
< End of report >

Also included was another log from OTL entitled Extras.txt:
OTL Extras logfile created on: 22/06/2010 3:55:15 AM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\A2Z\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 196.52 Gb Free Space | 84.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 220.87 Gb Free Space | 47.42% Space Free | Partition Type: NTFS
Drive G: | 3.72 Gb Total Space | 3.71 Gb Free Space | 99.53% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMZ
Current User Name: A2Z
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\A2Z\Desktop\utorrent.exe" = C:\Documents and Settings\A2Z\Desktop\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04C12BEC-9AEB-4CBE-BACA-3174E1BA658B}" = Stox Combo
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0E2DAB2F-5A2F-8F65-1006-30E94506B15D}" = Skins
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{14021E77-2FC1-4972-8C51-08808CD62838}_is1" = Leawo Free MP4 Converter version 1.8.3.5
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F15D3F-5B37-44DB-BB89-390B3AD1404E}" = IEEE 802.11g Wireless Cardbus/PCI Adapter
"{2D84D8F3-0499-4CC5-98A2-F9D5F31308DB}" = FIFA 2002
"{2F8BE683-EF69-4D18-9974-DB0C1832A516}" = ICM Trainer Light
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{316CDA1E-4760-4772-94B0-0FFC56D85700}" = RPS CRT
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{393C1150-6EBF-D1DA-BDC2-3E1D1D772B44}" = Catalyst Control Center Graphics Full Existing
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{47EA4DDF-FD99-46B3-846C-9F3F315268AD}" = ICM Trainer
"{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5549BB30-79E7-448C-A672-0217FF493357}" = Federal Income Tax Collection - Canadian Tax Principles(with Views 4.7.1)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6882B3A9-AB98-4ABA-A623-2979FBEA5F9F}_is1" = Moyea FLV Player version 1.5.2.7
"{68BD9036-0952-4849-AE7A-963BB53EDB71}" = GGPO
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69580770-C77E-67FE-014F-BE02DF5D8A4F}" = ccc-core-preinstall
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{6FE3B0CE-37C1-4825-908A-5A84C9B4EC2F}" = EA SPORTS™ FIFA Online
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7448C481-9F9D-4F4F-88DB-FA5C5EA2E800}" = TMPGEnc Authoring Works 4
"{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{838E187D-8B7A-473D-B93C-C8E970B15D2B}" = psqlODBC
"{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A777CB31-A5EC-4E32-A462-2E24F45D4D4F}_is1" = Moyea FLV to Video Converter Pro version 1.29.2.11
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A958E835-BDF0-473F-9DC1-0D952C941625}" = Spb Mobile DVD
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{B944FA21-81AF-4A77-8328-CE4F4CC51033}" = Nero 8
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA9A7A5D-5976-3682-826C-CDE03A0DE33D}" = Catalyst Control Center Graphics Full New
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D22D11A0-DF6A-4DE9-B6E2-62A8C5ECCDDE}" = RPS CRT
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D721F201-E316-0825-7D23-48C16939914F}" = ccc-utility
"{D8FD4D0D-E171-4FFC-91CE-BA38EEAC5E06}" = Sprite Backup
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB0A4FCC-87C7-4A59-95BE-B5C2F0D8CDD4}" = System Requirements Lab for Intel
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E07FEDF6-3E9E-2F4C-3734-15B839CC3CD3}" = Catalyst Control Center Graphics Light
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F104E135-A5EF-9551-4924-2A7B94DDDADF}" = ccc-core-static
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"69083DC58646DE46A09847A522A1CC487F918039" = Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
"9722CA1E8F72F362E93CBEC75A707FDABFC8D880" = Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0)
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AviSynth" = AviSynth 2.5
"Belarc Advisor" = Belarc Advisor 8.1
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CCleaner" = CCleaner (remove only)
"CeRegEditor_is1" = CeRegEditor PreRelease 0.0.3.1
"DivX Setup.divx.com" = DivX Setup
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FrostWire" = FrostWire 4.18.4
"HollywoodPoker" = HollywoodPoker.com (remove only)
"ie8" = Windows Internet Explorer 8
"InstallShield_{29F15D3F-5B37-44DB-BB89-390B3AD1404E}" = IEEE 802.11g Wireless Cardbus/PCI Adapter
"InstallShield_{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions
"IsoBuster_is1" = IsoBuster 2.5
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.5 (Standard)
"Lexmark 5200 Series" = Lexmark 5200 Series
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Max DVD To AVI Converter_is1" = Max DVD To AVI Converter 3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mikogo" = Mikogo
"mIRC" =
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mp3 Codec" = Mpeg Layer3 Codec FHG-Radium v1.263
"Mp3 To All Converter_is1" = Mp3 To All Converter V1.37.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyITLab ActiveX Installer_is1" = MyITLab ActiveX Installer 2, 9, 8, 65535
"NIS" = Norton Internet Security
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"OpenAL" = OpenAL
"PartyPoker" = PartyPoker
"Poker Tracker Version 2.17.03d_is1" = Poker Tracker Version 2.17.03d
"PokerAcademyPro2" = Poker Academy Pro 2
"PokerStars" = PokerStars
"PowerISO" = PowerISO
"Prio" = Prio v1.9.7
"PRJPRO" = Microsoft Office Project Professional 2007
"rayatitray" = Ray Adams ATI Tray Tools
"RealAlt_is1" = Real Alternative 1.8.0
"RedKings Poker_is1" = RedKings Poker
"SopCast" = SopCast 3.0.0
"SpywareBlaster_is1" = SpywareBlaster 4.2
"StarCraft II Beta" = StarCraft II Beta
"TVUPlayer" = TVUPlayer 2.4.9.1
"Veetle TV" = Veetle TV 0.9.16
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VideoLAN VLC media player 0.8.6h
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"winscp3_is1" = WinSCP 4.2.4 beta
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft DVD Creator" = Xilisoft DVD Creator
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Poker Evolution Equilab" = Poker Evolution Equilab
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/06/2010 3:28:56 PM | Computer Name = AMZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 21/06/2010 3:28:56 PM | Computer Name = AMZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 21/06/2010 3:28:57 PM | Computer Name = AMZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 21/06/2010 3:28:57 PM | Computer Name = AMZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 21/06/2010 3:28:58 PM | Computer Name = AMZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 21/06/2010 3:28:58 PM | Computer Name = AMZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 21/06/2010 3:28:59 PM | Computer Name = AMZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 21/06/2010 3:29:00 PM | Computer Name = AMZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 21/06/2010 3:29:01 PM | Computer Name = AMZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 21/06/2010 3:29:01 PM | Computer Name = AMZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

[ System Events ]
Error - 22/06/2010 12:53:53 AM | Computer Name = AMZ | Source = Service Control Manager | ID = 7034
Description = The PostgreSQL Database Server 8.3 service terminated unexpectedly.
It has done this 1 time(s).

Error - 22/06/2010 12:53:53 AM | Computer Name = AMZ | Source = Service Control Manager | ID = 7034
Description = The LibUsb-Win32 - Daemon, Version 0.1.10.1 service terminated unexpectedly.
It has done this 1 time(s).

Error - 22/06/2010 12:53:53 AM | Computer Name = AMZ | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).

Error - 22/06/2010 12:53:53 AM | Computer Name = AMZ | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 22/06/2010 12:53:53 AM | Computer Name = AMZ | Source = Service Control Manager | ID = 7034
Description = The B's Recorder GOLD Library General Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 22/06/2010 12:53:53 AM | Computer Name = AMZ | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s).

Error - 22/06/2010 12:53:53 AM | Computer Name = AMZ | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 22/06/2010 12:58:50 AM | Computer Name = AMZ | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 22/06/2010 12:58:53 AM | Computer Name = AMZ | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 22/06/2010 1:01:28 AM | Computer Name = AMZ | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

< End of report >

6. I have not had the opportunity to test it, but will update on any further fishy activity.

Update: My Start Menu is fine, but my MSCONFIG is still giving me the ACCESS DENIED error when I click the service tab and press okay. I believe it to be a registry problem 'cause I altered it to allow the uninstallation of the old Adobe Reader 8.1.1 to uninstall. The uninstallation was halted by a similar notification that I did not have sufficient access rights to alter a key located in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS. I recall, the permission user names only contained an adminstrator and my default account. Now, there seems to be a CREATOR OWNER, Power Users, SYSTEM. Also, one of my programs has trouble accessing the file info.ini located in C:\Documents and Settings\A2Z\Local Settings\Application Data\Equilab. The file itself is not a virus, but it strikes me as odd when Equilab displays this error: 'Encountered a sharing violation when accessing info.ini.' Sounds familiar, heh.

How do I uninstall ActiveX controls? I have installed BitDefender's ActiveX control (BDSCANONLINE Control), but I installed it poorly. It asked me to replace a file, but I didn't and while running the scan, it freezes on startup. I can only see IE8's option to disable, but not to remove it so I'm inclined to think that it was not installed correctly. Seeing as it was me who installed it, I should be able to remove it. It's located in C:\Windows\BDOSCAN8. Can I just delete the entire folder and restart? I've used Spybot to see whether its listed under ActiveX or BHO, but it doesn't seem to be. I can only see it in IE8's Add-On Manager.

It's a good thing to note that I can click on pictured links now though.

Thanks again, SweetTech.

Edited by Kalishnakov, 22 June 2010 - 10:01 AM.

#11
SweetTech

Posted 22 June 2010 - 10:29 AM

Sir SpamAlot

Retired Staff
7,671 posts

Hello,

I will provide my usually recommendations for how to remain clean and safe at the end of our time together.

I am really not to sure what is going on with the error messages you are receiving. It more than likely has something to do with what ever keys/entries you touched in the registry.

Please do the following below:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox. Do not include the word "Code"

:Services
:OTL
DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://www.donkr.com/imagegallery/ImageUploader4.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Lets try and Reset IE to see if that takes care of the issues you are experiencing with IE closing on you.

Reset Internet Explorer Settings
Warning:
When you reset Internet Explorer settings, all add-ons and customizations are deleted, and you basically start with a fresh version of Internet Explorer.

Exit all programs, including Internet Explorer (if it is running).
Click Start > then click Run.
Type the following command in the Open box, and then press ENTER:
inetcpl.cpl
The Internet Options dialog box appears.
Click the Advanced tab.
Under "Reset Internet Explorer settings", click Reset. Then click Reset again.
When Internet Explorer finishes resetting the settings,
Click Close in the "Reset Internet Explorer Settings" dialog box. Start Internet Explorer again.

NEXT:

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#12
Kalishnakov

Posted 22 June 2010 - 11:12 PM

Member

Topic Starter
Member
12 posts

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {44990301-3C9D-426D-81DF-AAB636FA4345}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{44990301-3C9D-426D-81DF-AAB636FA4345}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{44990301-3C9D-426D-81DF-AAB636FA4345}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990301-3C9D-426D-81DF-AAB636FA4345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44990301-3C9D-426D-81DF-AAB636FA4345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990301-3C9D-426D-81DF-AAB636FA4345}\ not found.
Starting removal of ActiveX control {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {9122D757-5A4F-4768-82C5-B4171D8556A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9122D757-5A4F-4768-82C5-B4171D8556A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9122D757-5A4F-4768-82C5-B4171D8556A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9122D757-5A4F-4768-82C5-B4171D8556A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9122D757-5A4F-4768-82C5-B4171D8556A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9122D757-5A4F-4768-82C5-B4171D8556A7}\ not found.
Starting removal of ActiveX control {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\ not found.
Starting removal of ActiveX control {EDFCB7CB-942C-4822-AF14-F0B687409848}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EDFCB7CB-942C-4822-AF14-F0B687409848}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EDFCB7CB-942C-4822-AF14-F0B687409848}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDFCB7CB-942C-4822-AF14-F0B687409848}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{EDFCB7CB-942C-4822-AF14-F0B687409848}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDFCB7CB-942C-4822-AF14-F0B687409848}\ not found.
File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: A2Z
->Temp folder emptied: 656770 bytes
->Temporary Internet Files folder emptied: 66111492 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 1669 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: holdemmanager
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: postgres.AMZ
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 64.00 mb

[EMPTYFLASH]

User: A2Z
->Flash cache emptied: 0 bytes

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: holdemmanager
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: postgres

User: postgres.AMZ

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.6.1 log created on 06232010_003750

Files\Folders moved on Reboot...
C:\Documents and Settings\A2Z\Local Settings\Temp\~DF9804.tmp moved successfully.
C:\Documents and Settings\A2Z\Local Settings\Temp\~DFAD77.tmp moved successfully.
C:\Documents and Settings\A2Z\Local Settings\Temp\~DFD525.tmp moved successfully.
C:\Documents and Settings\A2Z\Local Settings\Temporary Internet Files\Content.IE5\GWD9TI8D\bnr_top7.all[1].htm moved successfully.
C:\Documents and Settings\A2Z\Local Settings\Temporary Internet Files\Content.IE5\9V885R3G\bnr_right6.all[1].htm moved successfully.
C:\Documents and Settings\A2Z\Local Settings\Temporary Internet Files\Content.IE5\9V885R3G\like[1].htm moved successfully.
C:\Documents and Settings\A2Z\Local Settings\Temporary Internet Files\Content.IE5\9V885R3G\like[2].htm moved successfully.
C:\Documents and Settings\A2Z\Local Settings\Temporary Internet Files\Content.IE5\9V885R3G\Registry-problem-t280248[2].html moved successfully.
C:\Documents and Settings\A2Z\Local Settings\Temporary Internet Files\Content.IE5\52JHQGBC\iframe[1].htm moved successfully.
C:\Documents and Settings\A2Z\Local Settings\Temporary Internet Files\Content.IE5\52JHQGBC\like[1].htm moved successfully.
C:\Documents and Settings\A2Z\Local Settings\Temporary Internet Files\Content.IE5\52JHQGBC\Windows-Update-Error-0x80072EFF-t279936[2].html moved successfully.
C:\Documents and Settings\A2Z\Local Settings\Temporary Internet Files\Content.IE5\2U9BLFJY\view-topic-subscriptions[1].html moved successfully.
C:\Documents and Settings\A2Z\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6f0.dat not found!

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
Norton Internet Security
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner (remove only)
Java™ 6 Update 20
Adobe Flash Player 10.0.42.34
Adobe Reader 9.3
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

I did not perform the IE reset as I have uninstalled the troubling activeX through regsvr32 /u command in DOS. I'm pretty sure one of my security softwares was overriding IE's default security settings, but when I added BitDefender's website to the trusted list and set the list to medium-low or low, it worked fine.

I did a scan with Panda Security's ActiveScan 2.0 on their website and it did a thorough scan of my system, yet found nothing. I'm inclined to agree that my system is nearly cleaned. It just seems to be the registry problem, but I have gotten these instructions to fix it here: http://www.geekstogo...em-t280248.html

Let me know if there is anything else I should do.

Thanks again and again!

#13
SweetTech

Posted 22 June 2010 - 11:16 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hello,

If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

NEXT:

Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall

NEXT:

OTL Clean-Up
Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

NEXT:

All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them then consider a password keeper, to keep all your passwords safe.
Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT has an addon available for both Firefox and IE
Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here
- If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
  - NoScript - for blocking ads and other potential website attacks
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
Think Prevention.
PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

#14
Kalishnakov

Posted 23 June 2010 - 03:16 AM

Member

Topic Starter
Member
12 posts

Thank you for the wonderful tips. I am following through with them.

I'd like to note one last thing: Upon restarting my computer, sometimes my C:\Documents and Settings\A2Z\Local Settings folder would pop up without me opening it. Then I took a look at CCleaner's Startup Tool and found this key: HKLM:RunOnce, program named CleanSetup and located in cmd /C rmdir /S /Q "C:\Documents and Settings\A2Z\Local Settings\temp\nro.tmp\". Inside the folder are files: Ipclog.exe and SetupX.exe - both appear to be related to Nero. I had just previously tried to update Nero to the latest version via FileHippo so maybe it's the remnants of the installation because I was unable to get it to install.

Also, there is another peculiar startup entry in HKLM:Run, program named MSConfig located in C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto.

Perhaps this is related to why I get the Access Denied error. Something is protecting my services in MSConfig, but I am still able to change service settings by using the Run option in the Start Menu.

Do these entries look fishy to you SweetTech?

UPDATE: Hmmm... Seems that upon rebooting these registry startup settings are gone. Everything seems okay now.

Edited by Kalishnakov, 23 June 2010 - 04:19 AM.

#15
SweetTech

Posted 23 June 2010 - 09:28 AM

Sir SpamAlot

Retired Staff
7,671 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.