Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Strikes!

Started by appletude , Aug 11 2010 02:35 AM

  • Please log in to reply

#1
appletude
Posted 11 August 2010 - 02:35 AM

appletude

    New Member

  • Member
  • Pip
  • 6 posts
First of all I want to pre-empt this with a heartfelt thank you to anybody whom takes the time out of their day to even take a look at my situation. Really, thank you.

:)

I dealt with the Google Redirect virus on Vista a while back with little problem but it has now infected my XP operating PC. I have taken all the beginning steps as listed in the Malware and Spyware Removal Guide thread. I also know that I have the infamous wdmaud.drv file in my system32. I can rename or delete but it just returns and no spyware software I have tried can seem to nab it. Here is my OTL log from the most recent scan as set by the guide's instruction (MBAM and GMER follow seperately):

OTL logfile created on: 09/08/2010 11:51:20 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Ernie\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 63.46 Gb Free Space | 42.60% Space Free | Partition Type: NTFS
Drive D: | 17.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GAME-RIG
Current User Name: Ernie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/01 15:14:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ernie\My Documents\Downloads\OTL.exe
PRC - [2010/06/02 20:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/25 08:23:04 | 000,368,640 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
PRC - [2008/11/07 12:43:36 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/11/07 12:39:36 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/13 23:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/26 01:21:22 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe
PRC - [2006/08/15 11:47:58 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/08/01 15:14:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ernie\My Documents\Downloads\OTL.exe
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/11/07 12:41:46 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/04/13 23:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010/01/05 13:12:06 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/11 15:12:38 | 000,167,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TRENDnet\TEW-424UB\WLSVC.exe -- (WLSVC)
SRV - [2008/11/07 12:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/04/26 01:21:22 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/09/26 05:52:00 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/09/10 14:39:08 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/02/27 06:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WLNdis50.sys -- (WLNdis50)
DRV - [2008/02/15 09:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/07/18 20:40:08 | 000,264,576 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2006/08/15 11:48:00 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.achewood.com/"
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {477c4c36-24eb-11da-94d4-00e08161165f}:2.7.6
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.7.8
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.8
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/31 17:57:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/01 20:36:45 | 000,000,000 | ---D | M]

[2010/07/31 17:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ernie\Application Data\Mozilla\Extensions
[2010/08/07 00:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ernie\Application Data\Mozilla\Firefox\Profiles\e26ohhe1.default\extensions
[2010/07/31 18:02:47 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Ernie\Application Data\Mozilla\Firefox\Profiles\e26ohhe1.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/07/31 18:02:47 | 000,000,000 | ---D | M] (Grab and Drag) -- C:\Documents and Settings\Ernie\Application Data\Mozilla\Firefox\Profiles\e26ohhe1.default\extensions\{477c4c36-24eb-11da-94d4-00e08161165f}
[2010/08/05 13:52:35 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Documents and Settings\Ernie\Application Data\Mozilla\Firefox\Profiles\e26ohhe1.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2010/07/31 18:02:47 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Ernie\Application Data\Mozilla\Firefox\Profiles\e26ohhe1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/07/31 18:02:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Ernie\Application Data\Mozilla\Firefox\Profiles\e26ohhe1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/05 13:59:51 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Ernie\Application Data\Mozilla\Firefox\Profiles\e26ohhe1.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/07/31 18:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ernie\Application Data\Mozilla\Firefox\Profiles\e26ohhe1.default\extensions\[email protected]
[2010/08/07 00:00:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/28 21:53:19 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/04/30 14:56:09 | 000,001,798 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apulegacud] C:\WINDOWS\ehopidura.DLL File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [couexof] C:\Documents and Settings\Ernie\couexof.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data]
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Ernie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ernie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/05 11:48:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5240bb84-80a0-11df-aa59-0014d16d84cb}\Shell - "" = AutoRun
O33 - MountPoints2\{5240bb84-80a0-11df-aa59-0014d16d84cb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5240bb84-80a0-11df-aa59-0014d16d84cb}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/06 14:57:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ernie\Recent
[2010/08/02 16:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\My Documents\AIMLogger
[2010/08/01 15:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\Desktop\gmer
[2010/08/01 04:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/07/31 17:51:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\Local Settings\Application Data\Mozilla
[2010/07/31 17:51:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\Application Data\Mozilla
[2010/07/31 15:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/07/31 15:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/07/31 15:13:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/31 15:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/30 17:26:12 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2010/07/29 21:02:34 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/07/29 20:46:13 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/07/29 05:26:12 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/29 04:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\Local Settings\Application Data\Sunbelt Software
[2010/07/29 04:48:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/07/28 04:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\Local Settings\Application Data\Installer2260
[2010/07/28 04:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\Local Settings\Application Data\Installer3084
[2010/07/27 23:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\moosoft
[2010/07/27 20:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\Application Data\thecleaner
[2010/07/27 20:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\The Cleaner
[2010/07/27 13:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\Local Settings\Application Data\Installer2520
[2010/07/27 08:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/07/23 17:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/23 17:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/23 12:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/23 12:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/22 21:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\Local Settings\Application Data\{C06FA2E1-DFAE-41FF-9711-557FB8FEB5B0}
[2010/07/13 13:19:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/07/08 15:38:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/07/08 15:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital Corp
[2010/07/04 09:35:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/07/01 02:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\My Documents\Dungeons and Dragons Online
[2010/07/01 01:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\Application Data\Turbine
[2010/07/01 01:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\Local Settings\Application Data\Turbine
[2010/07/01 01:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\Local Settings\Application Data\ApplicationHistory
[2010/07/01 01:50:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010/07/01 01:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\Turbine
[2010/06/30 22:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\Alarm Clock
[2010/06/25 18:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/06/14 21:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\Lionhead Studios
[2010/06/13 17:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/06/13 17:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ALM
[2010/06/13 17:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/06/13 14:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\My Documents\AdobeStockPhotos
[2010/06/06 15:06:05 | 000,442,368 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2010/05/31 15:25:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\Local Settings\Application Data\Noteworthy Software
[2010/05/31 15:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\Noteworthy Software
[2010/02/03 00:08:46 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2010/02/03 00:08:44 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2010/02/03 00:08:44 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2010/02/03 00:08:44 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2010/02/03 00:08:43 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2010/02/03 00:08:43 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2010/02/03 00:08:43 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2010/02/03 00:08:43 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2010/02/03 00:08:43 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2010/02/03 00:08:42 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2010/02/03 00:08:39 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2010/02/03 00:08:38 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[4 C:\Documents and Settings\Ernie\*.tmp files -> C:\Documents and Settings\Ernie\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/08 05:26:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/08 02:08:45 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/06 22:00:53 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/08/06 14:59:36 | 000,000,302 | -HS- | M] () -- C:\WINDOWS\tasks\CUXYDAT.job
[2010/08/06 14:59:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/06 14:59:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/06 14:59:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/06 14:59:31 | 1600,270,336 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/03 03:15:46 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Ernie\ntuser.ini
[2010/08/03 03:15:45 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Ernie\NTUSER.DAT
[2010/08/02 11:57:07 | 000,420,388 | ---- | M] () -- C:\Documents and Settings\Ernie\Desktop\42256.pdf
[2010/07/29 21:01:07 | 000,000,000 | ---- | M] () -- C:\backup.reg
[2010/07/29 21:00:56 | 000,135,168 | ---- | M] () -- C:\zip.exe
[2010/07/29 21:00:56 | 000,019,286 | ---- | M] () -- C:\cleanup.exe
[2010/07/29 21:00:56 | 000,000,574 | ---- | M] () -- C:\cleanup.bat
[2010/07/29 10:47:14 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Axafupoqoxevuq.dat
[2010/07/29 05:26:12 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/29 04:38:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Tvamafojocetuw.bin
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\WINDOWS.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\WD Sync Data.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Video.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Templates.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Start Menu.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\SendTo.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Recent.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\PrivacIE.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\PrintHood.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Pictures.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Passwords.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\nsnB7F.tmp.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\nsjB82.tmp.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\New Folder.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\NetHood.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\My Documents.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Music.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Local Settings.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\IETldCache.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Favorites.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Documents.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Desktop.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Cookies.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Application Data.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\7zSBA0.tmp.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\7ZipSfx.001.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\7ZipSfx.000.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\..lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\...lnk
[2010/07/28 13:00:19 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Ernie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/22 21:20:35 | 000,156,160 | RHS- | M] () -- C:\WINDOWS\System32\hlink1.dll
[2010/07/14 03:03:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/08 15:51:33 | 000,520,410 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/08 15:51:33 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/08 15:51:33 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/01 01:53:36 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Ernie\Local Settings\Application Data\fusioncache.dat
[2010/06/13 17:41:15 | 000,069,360 | ---- | M] () -- C:\Documents and Settings\Ernie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/13 17:32:31 | 003,762,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 20:58:08 | 000,000,631 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/11 20:58:08 | 000,000,257 | ---- | M] () -- C:\WINDOWS\system.ini
[4 C:\Documents and Settings\Ernie\*.tmp files -> C:\Documents and Settings\Ernie\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/02 11:57:07 | 000,420,388 | ---- | C] () -- C:\Documents and Settings\Ernie\Desktop\42256.pdf
[2010/07/31 15:36:14 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/29 21:01:07 | 000,000,000 | ---- | C] () -- C:\backup.reg
[2010/07/29 21:00:56 | 000,135,168 | ---- | C] () -- C:\zip.exe
[2010/07/29 21:00:56 | 000,019,286 | ---- | C] () -- C:\cleanup.exe
[2010/07/29 21:00:56 | 000,000,574 | ---- | C] () -- C:\cleanup.bat
[2010/07/29 05:29:30 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\WINDOWS
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\WD Sync Data
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Video.lnk
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Templates
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Start Menu
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\SendTo
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Recent
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\PrivacIE
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\PrintHood
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Pictures.lnk
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Passwords.lnk
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\nsnB7F.tmp
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\nsjB82.tmp
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\New Folder.lnk
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\NetHood
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\My Documents
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Music.lnk
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Local Settings
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\IETldCache
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Favorites
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Documents.lnk
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Desktop
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Cookies
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Application Data
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\7zSBA0.tmp
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\7ZipSfx.001
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\7ZipSfx.000
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\.
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\..
[2010/07/22 21:23:04 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Axafupoqoxevuq.dat
[2010/07/22 21:23:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Tvamafojocetuw.bin
[2010/07/22 21:20:37 | 000,000,302 | -HS- | C] () -- C:\WINDOWS\tasks\CUXYDAT.job
[2010/07/22 21:20:35 | 000,156,160 | RHS- | C] () -- C:\WINDOWS\System32\hlink1.dll
[2010/07/01 01:53:36 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Ernie\Local Settings\Application Data\fusioncache.dat
[2010/04/06 08:54:18 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/02/03 00:26:36 | 000,000,076 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2010/02/03 00:24:46 | 000,000,100 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/02/03 00:24:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2010/02/03 00:23:52 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2010/02/03 00:08:47 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2010/02/03 00:08:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2010/02/01 18:11:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2010/01/06 13:09:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/05 11:52:25 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\M2000Twn.dll
[2010/01/05 11:52:25 | 000,182,275 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll
[2010/01/05 11:52:25 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll
[2010/01/05 11:52:25 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\glut.dll
[2010/01/05 11:52:25 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\CompressATI2.dll
[2010/01/05 11:52:08 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/05 11:52:07 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/01/05 11:52:04 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/05 11:52:04 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/05 11:52:03 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/01/05 11:52:01 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/05 11:52:01 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/01/05 11:43:59 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\libpng13.dll
[2010/01/05 11:43:58 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2010/01/05 11:43:57 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2010/01/05 11:28:06 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/29 15:55:24 | 000,000,468 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2003/01/07 11:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/02/01 18:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/04/06 08:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/01/08 08:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/02/01 20:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2010/07/28 04:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\moosoft
[2010/06/30 23:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/06/13 17:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/01/27 10:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ernie\Application Data\Ableton
[2010/02/01 18:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ernie\Application Data\acccore
[2010/04/06 08:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ernie\Application Data\Canneverbe Limited
[2010/01/07 17:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ernie\Application Data\DAEMON Tools
[2010/01/08 09:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ernie\Application Data\DAEMON Tools Lite
[2010/04/15 11:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ernie\Application Data\EDFbrowser
[2010/01/05 16:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ernie\Application Data\Leadertech
[2010/04/15 11:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ernie\Application Data\Polyman
[2010/07/27 20:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ernie\Application Data\thecleaner
[2010/07/01 01:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ernie\Application Data\Turbine
[2010/07/27 21:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ernie\Application Data\uTorrent
[2010/08/08 05:26:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/08/06 14:59:36 | 000,000,302 | -HS- | M] () -- C:\WINDOWS\Tasks\CUXYDAT.job
[2010/08/08 02:08:45 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/08/06 22:00:53 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/07/31 13:58:03 | 000,001,660 | ---- | M] () -- C:\aaw7boot.log
[2010/01/05 11:48:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/29 21:02:34 | 000,007,590 | ---- | M] () -- C:\avenger.txt
[2010/07/29 21:01:07 | 000,000,000 | ---- | M] () -- C:\backup.reg
[2010/01/05 11:42:29 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/07/29 21:00:56 | 000,000,574 | ---- | M] () -- C:\cleanup.bat
[2010/07/29 21:00:56 | 000,019,286 | ---- | M] () -- C:\cleanup.exe
[2010/01/05 11:48:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/06 14:59:31 | 1600,270,336 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/05 11:48:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/29 15:06:31 | 000,000,914 | -H-- | M] () -- C:\IPH.PH
[2010/01/05 11:48:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/13 16:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/13 18:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/06 14:59:27 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/07/29 20:51:23 | 000,035,086 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_29.07.2010_20.51.00_log.txt
[2010/07/29 21:00:56 | 000,135,168 | ---- | M] () -- C:\zip.exe

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/01/05 11:47:34 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/01/19 13:33:38 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXCZPP5C.DLL
[2007/04/09 09:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/01/05 11:25:12 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/01/05 11:25:12 | 001,073,152 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/01/05 11:25:12 | 000,827,392 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"AutoInstallMinorUpdates" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-03 07:00:36
< End of report >


:)
Here is my most recent MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4375

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31/07/2010 15:21:31
mbam-log-2010-07-31 (15-21-31).txt

Scan type: Quick scan
Objects scanned: 136022
Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

:)
And lastly, the GMER log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-05 23:40:13
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Ernie\LOCALS~1\Temp\kftyqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB9318F80]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[440] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[440] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0156B833
.text C:\Program Files\Mozilla Firefox\firefox.exe[440] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0156C549
.text C:\Program Files\Mozilla Firefox\firefox.exe[440] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0156C25D
.text C:\Program Files\Mozilla Firefox\firefox.exe[440] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0156C465
.text C:\Program Files\Mozilla Firefox\firefox.exe[440] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 0156B779
.text C:\Program Files\Mozilla Firefox\firefox.exe[440] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0156C300
.text C:\Program Files\Mozilla Firefox\firefox.exe[440] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0156C3A7
.text C:\Program Files\Mozilla Firefox\firefox.exe[440] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 0156BBA6
.text C:\Program Files\Mozilla Firefox\firefox.exe[440] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 0156C7A9
.text C:\Program Files\Mozilla Firefox\firefox.exe[440] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 0156CCD1
.text C:\Program Files\Mozilla Firefox\firefox.exe[440] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 0156C6DF
.text C:\Program Files\Mozilla Firefox\firefox.exe[440] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 0156CBEF
.text C:\Program Files\Mozilla Firefox\firefox.exe[440] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 0156D07C
.text C:\Program Files\Mozilla Firefox\firefox.exe[440] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 0156D143
.text C:\Program Files\Mozilla Firefox\firefox.exe[440] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 0156BC7E
.text C:\Program Files\Mozilla Firefox\firefox.exe[440] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 0156CB0A
.text C:\Program Files\Mozilla Firefox\firefox.exe[440] USER32.dll!DrawTextW 7E42D7E2 5 Bytes JMP 0156C94C
.text C:\Program Files\Mozilla Firefox\firefox.exe[440] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 0156C5D4
.text C:\Program Files\Mozilla Firefox\firefox.exe[440] USER32.dll!DrawTextA 7E43C702 5 Bytes JMP 0156C873
.text C:\Program Files\Mozilla Firefox\firefox.exe[440] USER32.dll!DrawTextExA 7E43C739 5 Bytes JMP 0156CA25
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[860] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1044721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF0 0x2A 0xAD 0x77 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAA 0x23 0x6A 0x56 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x14 0x7B 0x87 0xFF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF0 0x2A 0xAD 0x77 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAA 0x23 0x6A 0x56 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x14 0x7B 0x87 0xFF ...

---- EOF - GMER 1.0.15 ----


:)

Thanks again for taking the time to look through these logs. I wouldn't be asking for your time if I could have figured this thing out on my own.
  • 0

Advertisements

#2
Rorschach112
Posted 11 August 2010 - 05:02 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.




Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 1

#3
appletude
Posted 11 August 2010 - 10:37 AM

appletude

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks Rorschach.

Here is the TDSSKiller log:

2010/08/11 12:19:17.0115 TDSS rootkit removing tool 2.4.1.1 Aug 10 2010 14:48:09
2010/08/11 12:19:17.0115 ================================================================================
2010/08/11 12:19:17.0115 SystemInfo:
2010/08/11 12:19:17.0115
2010/08/11 12:19:17.0115 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/11 12:19:17.0115 Product type: Workstation
2010/08/11 12:19:17.0115 ComputerName: GAME-RIG
2010/08/11 12:19:17.0115 UserName: Ernie
2010/08/11 12:19:17.0115 Windows directory: C:\WINDOWS
2010/08/11 12:19:17.0115 System windows directory: C:\WINDOWS
2010/08/11 12:19:17.0115 Processor architecture: Intel x86
2010/08/11 12:19:17.0115 Number of processors: 2
2010/08/11 12:19:17.0115 Page size: 0x1000
2010/08/11 12:19:17.0115 Boot type: Normal boot
2010/08/11 12:19:17.0115 ================================================================================
2010/08/11 12:19:17.0318 Initialize success
2010/08/11 12:19:24.0380 ================================================================================
2010/08/11 12:19:24.0380 Scan started
2010/08/11 12:19:24.0380 Mode: Manual;
2010/08/11 12:19:24.0380 ================================================================================
2010/08/11 12:19:25.0052 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/11 12:19:25.0099 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/11 12:19:25.0161 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/11 12:19:25.0208 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/08/11 12:19:25.0240 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2010/08/11 12:19:25.0427 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/11 12:19:25.0474 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/11 12:19:25.0552 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/11 12:19:25.0583 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/11 12:19:25.0615 b57w2k (58911390115465bf6d8048f21f48655a) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/08/11 12:19:25.0677 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/11 12:19:25.0724 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/11 12:19:25.0755 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/11 12:19:25.0802 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/11 12:19:25.0833 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/11 12:19:25.0974 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/11 12:19:26.0036 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/11 12:19:26.0068 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/11 12:19:26.0083 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/11 12:19:26.0130 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/11 12:19:26.0177 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/11 12:19:26.0224 exFat (3ef58f2eae3aecab45d682152db2f67d) C:\WINDOWS\system32\drivers\exFat.sys
2010/08/11 12:19:26.0286 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/11 12:19:26.0318 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/11 12:19:26.0333 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/11 12:19:26.0365 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/11 12:19:26.0411 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/08/11 12:19:26.0443 Fs_Rec (c865b83411d7347627a4beec22543fb1) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/11 12:19:26.0474 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/11 12:19:26.0505 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/11 12:19:26.0568 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/11 12:19:26.0646 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/11 12:19:26.0724 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2010/08/11 12:19:26.0943 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/08/11 12:19:27.0193 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/11 12:19:27.0255 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/11 12:19:27.0302 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/08/11 12:19:27.0333 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/11 12:19:27.0349 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/11 12:19:27.0380 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/11 12:19:27.0411 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/11 12:19:27.0458 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/11 12:19:27.0490 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/11 12:19:27.0521 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/11 12:19:27.0568 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/11 12:19:27.0599 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/11 12:19:27.0661 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/11 12:19:27.0724 LBeepKE (8f4d784b3f22f468eea99da02b0e39e5) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2010/08/11 12:19:27.0802 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/11 12:19:27.0849 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/11 12:19:27.0896 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/11 12:19:27.0958 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/11 12:19:27.0974 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/11 12:19:28.0021 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/08/11 12:19:28.0052 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/11 12:19:28.0115 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/11 12:19:28.0130 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/11 12:19:28.0177 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/11 12:19:28.0193 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/11 12:19:28.0224 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/11 12:19:28.0255 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/11 12:19:28.0302 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/11 12:19:28.0333 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/11 12:19:28.0365 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/11 12:19:28.0380 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/11 12:19:28.0396 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/11 12:19:28.0427 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/11 12:19:28.0443 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/11 12:19:28.0474 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/11 12:19:28.0521 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/11 12:19:28.0536 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/11 12:19:28.0583 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/11 12:19:28.0615 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/11 12:19:28.0630 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/11 12:19:28.0677 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/11 12:19:28.0708 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/11 12:19:28.0724 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/11 12:19:28.0740 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/11 12:19:28.0771 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/11 12:19:28.0818 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/11 12:19:28.0974 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/11 12:19:29.0005 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/11 12:19:29.0036 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/11 12:19:29.0161 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/11 12:19:29.0193 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/11 12:19:29.0208 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/11 12:19:29.0224 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/11 12:19:29.0255 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/11 12:19:29.0286 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/11 12:19:29.0302 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/11 12:19:29.0349 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/11 12:19:29.0380 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/11 12:19:29.0458 RTL8187B (fe999b16e967c84790be6dc1b4e78f2d) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
2010/08/11 12:19:29.0505 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/11 12:19:29.0583 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2010/08/11 12:19:29.0615 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/11 12:19:29.0630 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/11 12:19:29.0693 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/11 12:19:29.0786 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2010/08/11 12:19:29.0849 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/08/11 12:19:29.0896 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/11 12:19:29.0943 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/11 12:19:30.0005 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/11 12:19:30.0036 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
2010/08/11 12:19:30.0083 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/11 12:19:30.0115 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/11 12:19:30.0208 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/11 12:19:30.0255 Tcpip (9425b72f40257b45d45d24773273dad0) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/11 12:19:30.0286 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/11 12:19:30.0333 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/11 12:19:30.0349 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/11 12:19:30.0427 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/11 12:19:30.0474 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/11 12:19:30.0521 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/11 12:19:30.0552 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/11 12:19:30.0568 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/11 12:19:30.0615 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/11 12:19:30.0646 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/11 12:19:30.0693 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/11 12:19:30.0740 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/11 12:19:30.0802 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/11 12:19:30.0833 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/11 12:19:30.0896 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/11 12:19:30.0974 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/11 12:19:31.0036 WLNdis50 (bb2c5a7a555b387b85481b8bde5370d7) C:\WINDOWS\system32\DRIVERS\wlndis50.sys
2010/08/11 12:19:31.0146 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/11 12:19:31.0161 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/11 12:19:31.0208 ================================================================================
2010/08/11 12:19:31.0208 Scan finished
2010/08/11 12:19:31.0208 ================================================================================

:)

And the ComboFix:

ComboFix 10-08-10.07 - Ernie 11/08/2010 12:25:33.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1526.730 [GMT -4:00]
Running from: c:\documents and settings\Ernie\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleanup.exe
c:\documents and settings\Ernie\Cookies.lnk
c:\documents and settings\Ernie\Local Settings\Application Data\{C06FA2E1-DFAE-41FF-9711-557FB8FEB5B0}
c:\documents and settings\Ernie\Local Settings\Application Data\{C06FA2E1-DFAE-41FF-9711-557FB8FEB5B0}\chrome.manifest
c:\documents and settings\Ernie\Local Settings\Application Data\{C06FA2E1-DFAE-41FF-9711-557FB8FEB5B0}\chrome\content\_cfg.js
c:\documents and settings\Ernie\Local Settings\Application Data\{C06FA2E1-DFAE-41FF-9711-557FB8FEB5B0}\chrome\content\overlay.xul
c:\documents and settings\Ernie\Local Settings\Application Data\{C06FA2E1-DFAE-41FF-9711-557FB8FEB5B0}\install.rdf
c:\windows\system32\d3d10core.dll
C:\zip.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4


((((((((((((((((((((((((( Files Created from 2010-07-11 to 2010-08-11 )))))))))))))))))))))))))))))))
.

2010-08-02 03:32 . 2010-08-02 03:32 503808 ----a-w- c:\documents and settings\Ernie\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-65c65ce4-n\msvcp71.dll
2010-08-02 03:32 . 2010-08-02 03:32 348160 ----a-w- c:\documents and settings\Ernie\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-65c65ce4-n\msvcr71.dll
2010-08-02 03:32 . 2010-08-02 03:32 499712 ----a-w- c:\documents and settings\Ernie\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-65c65ce4-n\jmc.dll
2010-08-01 08:32 . 2010-08-01 08:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-31 21:51 . 2010-07-31 21:51 -------- d-----w- c:\documents and settings\Ernie\Local Settings\Application Data\Mozilla
2010-07-31 19:33 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-07-31 19:31 . 2010-07-31 19:31 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-31 19:13 . 2010-07-31 19:13 -------- d-----w- c:\program files\ERUNT
2010-07-30 21:26 . 2010-07-31 19:27 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-07-30 01:01 . 2010-07-30 01:01 0 ----a-w- C:\backup.reg
2010-07-30 01:00 . 2010-07-30 01:00 574 ----a-w- C:\cleanup.bat
2010-07-30 00:46 . 2010-07-30 00:46 -------- d-----w- C:\_OTM
2010-07-29 09:26 . 2010-07-29 09:26 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-29 08:49 . 2010-07-29 08:49 -------- d-----w- c:\documents and settings\Ernie\Local Settings\Application Data\Sunbelt Software
2010-07-29 08:48 . 2010-07-31 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-28 08:27 . 2010-07-28 08:27 -------- d-----w- c:\documents and settings\Ernie\Local Settings\Application Data\Installer2260
2010-07-28 08:21 . 2010-07-28 08:21 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-28 08:21 . 2010-07-28 08:21 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-07-28 08:21 . 2010-07-28 08:21 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-07-28 08:21 . 2010-07-28 08:21 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-28 08:20 . 2010-07-28 08:20 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-28 08:20 . 2010-07-28 08:20 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-07-28 08:20 . 2010-07-28 08:20 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-07-28 08:20 . 2010-07-28 08:20 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-28 08:17 . 2010-07-28 08:18 -------- d-----w- c:\documents and settings\Ernie\Local Settings\Application Data\Installer3084
2010-07-28 03:50 . 2010-07-28 08:15 -------- d-----w- c:\documents and settings\All Users\Application Data\moosoft
2010-07-28 00:52 . 2010-07-28 00:52 -------- d-----w- c:\documents and settings\Ernie\Application Data\thecleaner
2010-07-28 00:51 . 2010-07-31 19:28 -------- d-----w- c:\program files\The Cleaner
2010-07-27 17:44 . 2010-07-27 17:44 -------- d-----w- c:\documents and settings\Ernie\Local Settings\Application Data\Installer2520
2010-07-27 12:42 . 2010-07-27 12:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-07-23 01:23 . 2010-07-29 14:47 120 ----a-w- c:\windows\Axafupoqoxevuq.dat
2010-07-23 01:23 . 2010-07-29 08:38 0 ----a-w- c:\windows\Tvamafojocetuw.bin
2010-07-23 01:20 . 2010-07-23 01:20 156160 --sha-r- c:\windows\system32\hlink1.dll
2010-07-13 17:19 . 2010-07-13 17:19 -------- d-----w- c:\windows\system32\LogFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 19:27 . 2010-01-05 15:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-30 00:51 . 2009-09-09 13:56 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2010-07-28 08:31 . 2008-04-14 04:42 23552 ----a-w- c:\windows\system32\wdmaud.drv
2010-07-28 08:22 . 2010-05-08 12:36 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-28 08:22 . 2010-03-30 09:20 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-28 08:21 . 2010-03-30 09:14 -------- d-----w- c:\program files\DivX
2010-07-28 08:18 . 2010-03-30 09:25 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-28 08:18 . 2010-03-30 09:25 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-28 01:52 . 2010-02-05 14:03 -------- d-----w- c:\documents and settings\Ernie\Application Data\uTorrent
2010-07-25 23:36 . 2010-02-01 22:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-19 19:31 . 2010-02-01 22:20 -------- d-----w- c:\documents and settings\Ernie\Application Data\Winamp
2010-07-19 08:59 . 2010-02-01 22:20 -------- d-----w- c:\program files\Winamp
2010-07-19 08:33 . 2010-02-01 22:21 -------- d-----w- c:\program files\Winamp Detect
2010-07-08 19:29 . 2010-07-08 19:29 -------- d-----w- c:\program files\Western Digital Corp
2010-07-01 05:53 . 2010-07-01 05:53 -------- d-----w- c:\documents and settings\Ernie\Application Data\Turbine
2010-07-01 05:53 . 2010-07-01 05:53 128 ----a-w- c:\documents and settings\Ernie\Local Settings\Application Data\fusioncache.dat
2010-07-01 05:28 . 2010-07-01 05:28 -------- d-----w- c:\program files\Turbine
2010-07-01 03:38 . 2010-03-29 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-07-01 02:56 . 2010-07-01 02:56 -------- d-----w- c:\program files\Alarm Clock
2010-06-26 16:30 . 2010-02-07 22:51 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-25 22:24 . 2010-06-25 22:24 -------- d-----w- c:\program files\7-Zip
2010-06-15 01:54 . 2010-06-15 01:54 -------- d-----w- c:\program files\Lionhead Studios
2010-06-14 14:31 . 2010-01-05 15:45 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 21:46 . 2010-06-13 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-06-13 21:41 . 2010-01-05 17:30 69360 ----a-w- c:\documents and settings\Ernie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-13 21:23 . 2010-06-13 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2010-06-13 21:22 . 2010-01-05 17:11 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-13 21:18 . 2010-06-13 21:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-05 15:52 . 2010-01-05 15:52 23917 ----a-w- c:\program files\Common Files\unins000.dat
2010-01-05 15:52 . 2010-01-05 15:52 1201727 ----a-w- c:\program files\Common Files\unins000.exe
.

------- Sigcheck -------

[-] 2009-09-23 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-09-23 . 87F6E1E3202E85AC083AC64D84115C44 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2010-02-03 2356088]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-29 2937528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-08-15 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-09-09 128512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-5 809488]
Wireless Configuration Utility.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2010-2-1 368640]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 16:41 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Ernie\\Desktop\\Minimall\\EXEs\\utorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Documents and Settings\\Ernie\\Desktop\\Minimall\\EmulationStation\\MegaDOOM\\skulltag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58289:TCP"= 58289:TCP:Pando Media Booster
"58289:UDP"= 58289:UDP:Pando Media Booster

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [05/01/2010 11:50 10384]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [01/02/2010 18:11 20480]
R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [01/02/2010 18:11 264576]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 WLSVC;WLSVC;c:\program files\TRENDnet\TEW-424UB\WLSVC.exe [01/02/2010 18:11 167936]
.
Contents of the 'Scheduled Tasks' folder

2010-08-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]

2010-08-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-02-03 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ernie\Application Data\Mozilla\Firefox\Profiles\e26ohhe1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.achewood.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-couexof - c:\documents and settings\Ernie\couexof.exe
HKLM-Run-Apulegacud - c:\windows\ehopidura.dll
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-11 12:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3692)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\rundll32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxddcoms.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2010-08-11 12:32:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-11 16:32

Pre-Run: 67,962,462,208 bytes free
Post-Run: 67,944,079,360 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 19C82EDE186B35F2E8527FF9E4D877D0
  • 0

#4
Rorschach112
Posted 11 August 2010 - 10:58 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\Axafupoqoxevuq.dat
c:\windows\Tvamafojocetuw.bin

SRPeek::
c:\windows\system32\sfcfiles.dll

Folder::

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.




Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Posted Image
      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
  • 0

#5
appletude
Posted 12 August 2010 - 02:20 AM

appletude

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here is the ComboFix log:

ComboFix 10-08-11.04 - Ernie 11/08/2010 17:36:04.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1526.1043 [GMT -4:00]
Running from: c:\documents and settings\Ernie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ernie\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\windows\Axafupoqoxevuq.dat"
"c:\windows\Tvamafojocetuw.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Axafupoqoxevuq.dat
c:\windows\Tvamafojocetuw.bin

.
((((((((((((((((((((((((( Files Created from 2010-07-11 to 2010-08-11 )))))))))))))))))))))))))))))))
.

2010-08-02 03:32 . 2010-08-02 03:32 503808 ----a-w- c:\documents and settings\Ernie\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-65c65ce4-n\msvcp71.dll
2010-08-02 03:32 . 2010-08-02 03:32 348160 ----a-w- c:\documents and settings\Ernie\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-65c65ce4-n\msvcr71.dll
2010-08-02 03:32 . 2010-08-02 03:32 499712 ----a-w- c:\documents and settings\Ernie\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-65c65ce4-n\jmc.dll
2010-08-01 08:32 . 2010-08-01 08:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-31 21:51 . 2010-07-31 21:51 -------- d-----w- c:\documents and settings\Ernie\Local Settings\Application Data\Mozilla
2010-07-31 19:33 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-07-31 19:31 . 2010-07-31 19:31 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-31 19:13 . 2010-07-31 19:13 -------- d-----w- c:\program files\ERUNT
2010-07-30 21:26 . 2010-07-31 19:27 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-07-30 01:01 . 2010-07-30 01:01 0 ----a-w- C:\backup.reg
2010-07-30 01:00 . 2010-07-30 01:00 574 ----a-w- C:\cleanup.bat
2010-07-30 00:46 . 2010-07-30 00:46 -------- d-----w- C:\_OTM
2010-07-29 09:26 . 2010-07-29 09:26 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-29 08:49 . 2010-07-29 08:49 -------- d-----w- c:\documents and settings\Ernie\Local Settings\Application Data\Sunbelt Software
2010-07-29 08:48 . 2010-07-31 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-28 08:27 . 2010-07-28 08:27 -------- d-----w- c:\documents and settings\Ernie\Local Settings\Application Data\Installer2260
2010-07-28 08:21 . 2010-07-28 08:21 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-28 08:21 . 2010-07-28 08:21 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-07-28 08:21 . 2010-07-28 08:21 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-07-28 08:21 . 2010-07-28 08:21 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-28 08:20 . 2010-07-28 08:20 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-28 08:20 . 2010-07-28 08:20 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-07-28 08:20 . 2010-07-28 08:20 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-07-28 08:20 . 2010-07-28 08:20 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-28 08:17 . 2010-07-28 08:18 -------- d-----w- c:\documents and settings\Ernie\Local Settings\Application Data\Installer3084
2010-07-28 03:50 . 2010-07-28 08:15 -------- d-----w- c:\documents and settings\All Users\Application Data\moosoft
2010-07-28 00:52 . 2010-07-28 00:52 -------- d-----w- c:\documents and settings\Ernie\Application Data\thecleaner
2010-07-28 00:51 . 2010-07-31 19:28 -------- d-----w- c:\program files\The Cleaner
2010-07-27 17:44 . 2010-07-27 17:44 -------- d-----w- c:\documents and settings\Ernie\Local Settings\Application Data\Installer2520
2010-07-27 12:42 . 2010-07-27 12:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-07-23 01:20 . 2010-07-23 01:20 156160 --sha-r- c:\windows\system32\hlink1.dll
2010-07-13 17:19 . 2010-07-13 17:19 -------- d-----w- c:\windows\system32\LogFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 19:27 . 2010-01-05 15:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-30 00:51 . 2009-09-09 13:56 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2010-07-28 08:31 . 2008-04-14 04:42 23552 ----a-w- c:\windows\system32\wdmaud.drv
2010-07-28 08:22 . 2010-05-08 12:36 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-28 08:22 . 2010-03-30 09:20 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-28 08:21 . 2010-03-30 09:14 -------- d-----w- c:\program files\DivX
2010-07-28 08:18 . 2010-03-30 09:25 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-28 08:18 . 2010-03-30 09:25 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-28 01:52 . 2010-02-05 14:03 -------- d-----w- c:\documents and settings\Ernie\Application Data\uTorrent
2010-07-25 23:36 . 2010-02-01 22:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-19 19:31 . 2010-02-01 22:20 -------- d-----w- c:\documents and settings\Ernie\Application Data\Winamp
2010-07-19 08:59 . 2010-02-01 22:20 -------- d-----w- c:\program files\Winamp
2010-07-19 08:33 . 2010-02-01 22:21 -------- d-----w- c:\program files\Winamp Detect
2010-07-08 19:29 . 2010-07-08 19:29 -------- d-----w- c:\program files\Western Digital Corp
2010-07-01 05:53 . 2010-07-01 05:53 -------- d-----w- c:\documents and settings\Ernie\Application Data\Turbine
2010-07-01 05:53 . 2010-07-01 05:53 128 ----a-w- c:\documents and settings\Ernie\Local Settings\Application Data\fusioncache.dat
2010-07-01 05:28 . 2010-07-01 05:28 -------- d-----w- c:\program files\Turbine
2010-07-01 03:38 . 2010-03-29 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-07-01 02:56 . 2010-07-01 02:56 -------- d-----w- c:\program files\Alarm Clock
2010-06-26 16:30 . 2010-02-07 22:51 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-25 22:24 . 2010-06-25 22:24 -------- d-----w- c:\program files\7-Zip
2010-06-15 01:54 . 2010-06-15 01:54 -------- d-----w- c:\program files\Lionhead Studios
2010-06-14 14:31 . 2010-01-05 15:45 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 21:46 . 2010-06-13 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-06-13 21:41 . 2010-01-05 17:30 69360 ----a-w- c:\documents and settings\Ernie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-13 21:23 . 2010-06-13 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2010-06-13 21:22 . 2010-01-05 17:11 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-13 21:18 . 2010-06-13 21:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-05 15:52 . 2010-01-05 15:52 23917 ----a-w- c:\program files\Common Files\unins000.dat
2010-01-05 15:52 . 2010-01-05 15:52 1201727 ----a-w- c:\program files\Common Files\unins000.exe
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------

[-] 2009-09-23 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-09-23 . 87F6E1E3202E85AC083AC64D84115C44 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-08-11_16.30.03 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2010-02-03 2356088]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-29 2937528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-08-15 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-09-09 128512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-5 809488]
Wireless Configuration Utility.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2010-2-1 368640]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 16:41 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Ernie\\Desktop\\Minimall\\EXEs\\utorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Documents and Settings\\Ernie\\Desktop\\Minimall\\EmulationStation\\MegaDOOM\\skulltag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58289:TCP"= 58289:TCP:Pando Media Booster
"58289:UDP"= 58289:UDP:Pando Media Booster

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [05/01/2010 11:50 10384]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [01/02/2010 18:11 20480]
R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [01/02/2010 18:11 264576]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 WLSVC;WLSVC;c:\program files\TRENDnet\TEW-424UB\WLSVC.exe [01/02/2010 18:11 167936]
.
Contents of the 'Scheduled Tasks' folder

2010-08-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]

2010-08-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-02-03 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ernie\Application Data\Mozilla\Firefox\Profiles\e26ohhe1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.achewood.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-11 17:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2010-08-11 17:40:28
ComboFix-quarantined-files.txt 2010-08-11 21:40
ComboFix2.txt 2010-08-11 16:32

Pre-Run: 67,743,203,328 bytes free
Post-Run: 67,738,628,096 bytes free

- - End Of File - - 28EA6D22DDA14F09164AC3CB744B0EF2



:)



Here is the RootKit .txt:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-12 04:11:15
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Ernie\LOCALS~1\Temp\kftyqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB96E2F80]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2240] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat A7C7BD20

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF0 0x2A 0xAD 0x77 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAA 0x23 0x6A 0x56 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x14 0x7B 0x87 0xFF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF0 0x2A 0xAD 0x77 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAA 0x23 0x6A 0x56 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x14 0x7B 0x87 0xFF ...

---- EOF - GMER 1.0.15 ----
  • 0

#6
Rorschach112
Posted 12 August 2010 - 05:59 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes

:Services

:Reg

:Files
ipconfig /flushdns /c
c:\windows\system32\hlink1.dll
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



open OTL click the none button paste this in the custom scan box

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.*
%systemroot%\*. /mp /s
%systemroot%\System32\config\*.sav
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.exe
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Update\*.*
CREATERESTOREPOINT
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
set /c
%PROGRAMFILES%|bak;true;false;false /fp
%systemroot%\system32|bak;true;false;false /fp
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
/md5start
sfcfiles.*
/md5stop




click run scan post that log
  • 0

#7
appletude
Posted 12 August 2010 - 10:01 AM

appletude

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OTM Log:

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Ernie\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Ernie\My Documents\Downloads\cmd.txt deleted successfully.
LoadLibrary failed for c:\windows\system32\hlink1.dll
c:\windows\system32\hlink1.dll moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ernie
->Temp folder emptied: 1592833 bytes
->Temporary Internet Files folder emptied: 304186 bytes
->Java cache emptied: 10575104 bytes
->FireFox cache emptied: 39741136 bytes
->Flash cache emptied: 2325 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 4992 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37562 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 50.00 mb

Restore point Set: OTM Restore Point (0)

OTM by OldTimer - Version 3.1.15.0 log created on 08122010_115108

Files moved on Reboot...

Registry entries deleted on Reboot...


:)

OTL Log:

OTL logfile created on: 12/08/2010 11:57:25 - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Ernie\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 63.15 Gb Free Space | 42.40% Space Free | Partition Type: NTFS
Drive D: | 17.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GAME-RIG
Current User Name: Ernie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/01 15:14:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ernie\My Documents\Downloads\OTL.exe
PRC - [2010/07/22 22:07:03 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/22 22:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/12 12:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/06/02 20:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/28 21:53:26 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/25 08:23:04 | 000,368,640 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
PRC - [2008/11/07 12:43:36 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/11/07 12:39:36 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/13 23:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/26 01:21:22 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe
PRC - [2006/08/15 11:47:58 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/08/01 15:14:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ernie\My Documents\Downloads\OTL.exe
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/11/07 12:41:46 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/04/13 23:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010/01/05 13:12:06 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/11 15:12:38 | 000,167,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TRENDnet\TEW-424UB\WLSVC.exe -- (WLSVC)
SRV - [2008/11/07 12:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/04/26 01:21:22 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/09/26 05:52:00 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/09/10 14:39:08 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/02/27 06:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WLNdis50.sys -- (WLNdis50)
DRV - [2008/02/15 09:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/07/18 20:40:08 | 000,264,576 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2006/08/15 11:48:00 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.achewood.com/"
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {477c4c36-24eb-11da-94d4-00e08161165f}:2.7.6
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.7.8
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.8
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/31 17:57:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/01 20:36:45 | 000,000,000 | ---D | M]

[2010/07/31 17:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ernie\Application Data\Mozilla\Extensions
[2010/08/11 12:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ernie\Application Data\Mozilla\Firefox\Profiles\e26ohhe1.default\extensions
[2010/07/31 18:02:47 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Ernie\Application Data\Mozilla\Firefox\Profiles\e26ohhe1.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/07/31 18:02:47 | 000,000,000 | ---D | M] (Grab and Drag) -- C:\Documents and Settings\Ernie\Application Data\Mozilla\Firefox\Profiles\e26ohhe1.default\extensions\{477c4c36-24eb-11da-94d4-00e08161165f}
[2010/08/05 13:52:35 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Documents and Settings\Ernie\Application Data\Mozilla\Firefox\Profiles\e26ohhe1.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2010/07/31 18:02:47 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Ernie\Application Data\Mozilla\Firefox\Profiles\e26ohhe1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/07/31 18:02:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Ernie\Application Data\Mozilla\Firefox\Profiles\e26ohhe1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/05 13:59:51 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Ernie\Application Data\Mozilla\Firefox\Profiles\e26ohhe1.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/07/31 18:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ernie\Application Data\Mozilla\Firefox\Profiles\e26ohhe1.default\extensions\[email protected]
[2010/08/11 12:43:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/28 21:53:19 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/08/12 11:51:11 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Ernie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ernie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/05 11:48:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} -
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIEActiveSetup SIGNUP
ActiveX: >{99820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/12 11:51:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/12 11:40:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ernie\Recent
[2010/08/11 12:23:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/11 12:22:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/11 12:22:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/11 12:22:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/11 12:22:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/11 12:21:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/11 12:19:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\Desktop\tdsskiller
[2010/08/02 16:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\My Documents\AIMLogger
[2010/08/01 15:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\Desktop\gmer
[2010/08/01 04:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/07/31 17:51:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\Local Settings\Application Data\Mozilla
[2010/07/31 17:51:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\Application Data\Mozilla
[2010/07/31 15:33:57 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/07/31 15:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/07/31 15:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/07/31 15:13:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/31 15:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/30 17:26:12 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2010/07/29 20:46:13 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/07/29 05:26:12 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/29 04:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\Local Settings\Application Data\Sunbelt Software
[2010/07/29 04:48:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/07/28 04:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\Local Settings\Application Data\Installer2260
[2010/07/28 04:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\Local Settings\Application Data\Installer3084
[2010/07/27 23:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\moosoft
[2010/07/27 20:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\Application Data\thecleaner
[2010/07/27 20:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\The Cleaner
[2010/07/27 13:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ernie\Local Settings\Application Data\Installer2520
[2010/07/27 08:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/07/23 17:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/23 17:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/23 12:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/23 12:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/13 13:19:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/02/03 00:08:46 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2010/02/03 00:08:44 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2010/02/03 00:08:44 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2010/02/03 00:08:44 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2010/02/03 00:08:43 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2010/02/03 00:08:43 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2010/02/03 00:08:43 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2010/02/03 00:08:43 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2010/02/03 00:08:43 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2010/02/03 00:08:42 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2010/02/03 00:08:39 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2010/02/03 00:08:38 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[4 C:\Documents and Settings\Ernie\*.tmp files -> C:\Documents and Settings\Ernie\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/12 11:57:23 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/12 11:52:50 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/08/12 11:52:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/12 11:52:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/12 11:52:06 | 1600,270,336 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/12 11:51:21 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Ernie\NTUSER.DAT
[2010/08/12 11:51:21 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Ernie\ntuser.ini
[2010/08/12 11:51:11 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/08/11 17:39:13 | 000,000,253 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/11 17:33:47 | 003,816,460 | R--- | M] () -- C:\Documents and Settings\Ernie\Desktop\ComboFix.exe
[2010/08/11 12:29:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/11 12:23:59 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/11 12:12:58 | 001,132,196 | ---- | M] () -- C:\Documents and Settings\Ernie\Desktop\tdsskiller.zip
[2010/08/02 11:57:07 | 000,420,388 | ---- | M] () -- C:\Documents and Settings\Ernie\Desktop\42256.pdf
[2010/07/29 21:01:07 | 000,000,000 | ---- | M] () -- C:\backup.reg
[2010/07/29 21:00:56 | 000,000,574 | ---- | M] () -- C:\cleanup.bat
[2010/07/29 05:26:12 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\WINDOWS.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\WD Sync Data.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Video.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Templates.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Start Menu.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\SendTo.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Recent.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\PrivacIE.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\PrintHood.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Pictures.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Passwords.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\nsnB7F.tmp.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\nsjB82.tmp.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\New Folder.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\NetHood.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\My Documents.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Music.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Local Settings.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\IETldCache.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Favorites.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Documents.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Desktop.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\Application Data.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\7zSBA0.tmp.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\7ZipSfx.001.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\7ZipSfx.000.lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\..lnk
[2010/07/28 13:12:50 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Ernie\...lnk
[2010/07/28 13:00:19 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Ernie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/28 04:31:23 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.drv
[2010/07/27 02:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/14 03:03:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\Documents and Settings\Ernie\*.tmp files -> C:\Documents and Settings\Ernie\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/11 12:23:59 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/11 12:23:56 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/11 12:22:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/11 12:22:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/11 12:22:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/11 12:22:11 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/11 12:22:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/11 12:17:59 | 003,816,460 | R--- | C] () -- C:\Documents and Settings\Ernie\Desktop\ComboFix.exe
[2010/08/11 12:12:45 | 001,132,196 | ---- | C] () -- C:\Documents and Settings\Ernie\Desktop\tdsskiller.zip
[2010/08/02 11:57:07 | 000,420,388 | ---- | C] () -- C:\Documents and Settings\Ernie\Desktop\42256.pdf
[2010/07/31 15:36:14 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/29 21:01:07 | 000,000,000 | ---- | C] () -- C:\backup.reg
[2010/07/29 21:00:56 | 000,000,574 | ---- | C] () -- C:\cleanup.bat
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\WINDOWS
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\WD Sync Data
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Video.lnk
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Templates
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Start Menu
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\SendTo
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Recent
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\PrivacIE
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\PrintHood
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Pictures.lnk
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Passwords.lnk
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\nsnB7F.tmp
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\nsjB82.tmp
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\New Folder.lnk
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\NetHood
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\My Documents
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Music.lnk
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Local Settings
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\IETldCache
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Favorites
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Documents.lnk
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Desktop
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\Application Data
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\7zSBA0.tmp
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\7ZipSfx.001
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\7ZipSfx.000
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\.
[2010/07/27 13:24:41 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Ernie\..
[2010/04/06 08:54:18 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/02/03 00:26:36 | 000,000,076 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2010/02/03 00:24:46 | 000,000,100 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/02/03 00:24:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2010/02/03 00:23:52 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2010/02/03 00:08:47 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2010/02/03 00:08:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2010/02/01 18:11:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2010/01/06 13:09:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/05 11:52:25 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\M2000Twn.dll
[2010/01/05 11:52:25 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll
[2010/01/05 11:52:25 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\glut.dll
[2010/01/05 11:52:25 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\CompressATI2.dll
[2010/01/05 11:52:08 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/05 11:52:07 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/01/05 11:52:04 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/05 11:52:04 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/05 11:52:03 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/01/05 11:52:01 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/05 11:52:01 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/01/05 11:43:59 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\libpng13.dll
[2010/01/05 11:43:58 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2010/01/05 11:43:57 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2010/01/05 11:28:06 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/29 15:55:24 | 000,000,468 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2003/01/07 11:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/07/31 13:58:03 | 000,001,660 | ---- | M] () -- C:\aaw7boot.log
[2010/01/05 11:48:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/29 21:02:34 | 000,007,590 | ---- | M] () -- C:\avenger.txt
[2010/07/29 21:01:07 | 000,000,000 | ---- | M] () -- C:\backup.reg
[2010/01/05 11:42:29 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/11 12:23:59 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/29 21:00:56 | 000,000,574 | ---- | M] () -- C:\cleanup.bat
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/11 17:40:28 | 000,017,546 | ---- | M] () -- C:\ComboFix.txt
[2010/01/05 11:48:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/12 11:52:06 | 1600,270,336 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/05 11:48:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/29 15:06:31 | 000,000,914 | -H-- | M] () -- C:\IPH.PH
[2010/01/05 11:48:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/13 16:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/13 18:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/12 11:52:01 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/07/29 20:51:23 | 000,035,086 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_29.07.2010_20.51.00_log.txt
[2010/08/11 12:19:47 | 000,032,534 | ---- | M] () -- C:\TDSSKiller.2.4.1.1_11.08.2010_12.19.17_log.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/01/19 13:33:38 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXCZPP5C.DLL
[2007/04/09 09:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/01/05 11:25:12 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/01/05 11:25:12 | 001,073,152 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/01/05 11:25:12 | 000,827,392 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.exe >

< %systemroot%\Fonts\*.ini >
[2010/01/05 11:47:34 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\*. >
[2010/06/25 18:24:51 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010/01/27 09:59:16 | 000,000,000 | ---D | M] -- C:\Program Files\Ableton
[2010/07/27 13:47:09 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/03/29 15:06:24 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2010/06/30 22:56:16 | 000,000,000 | ---D | M] -- C:\Program Files\Alarm Clock
[2010/01/05 11:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2010/01/05 11:59:04 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/01/05 13:18:27 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/04/06 08:54:19 | 000,000,000 | ---D | M] -- C:\Program Files\CDBurnerXP
[2010/08/11 17:37:44 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/01/05 11:44:24 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/03/14 17:51:09 | 000,000,000 | ---D | M] -- C:\Program Files\coolpro2
[2010/01/08 08:48:05 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2010/07/28 04:21:48 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/04/15 11:09:28 | 000,000,000 | ---D | M] -- C:\Program Files\EDFbrowser
[2010/07/31 15:27:25 | 000,000,000 | ---D | M] -- C:\Program Files\Emsisoft Anti-Malware
[2010/07/31 15:13:48 | 000,000,000 | ---D | M] -- C:\Program Files\ERUNT
[2010/03/30 20:20:01 | 000,000,000 | ---D | M] -- C:\Program Files\Free M4a to MP3 Converter
[2010/02/16 10:19:09 | 000,000,000 | ---D | M] -- C:\Program Files\Free WMA to MP3 Converter
[2010/02/05 09:22:57 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/01/05 12:43:17 | 000,000,000 | ---D | M] -- C:\Program Files\Image-Line
[2010/07/31 15:27:49 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/06/11 03:13:35 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/01/05 11:48:07 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2010/03/12 19:26:34 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/01/05 11:52:05 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2010/01/05 11:52:25 | 000,000,000 | ---D | M] -- C:\Program Files\KM-Software
[2010/02/15 23:04:56 | 000,000,000 | ---D | M] -- C:\Program Files\Last.fm
[2010/02/03 00:24:08 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark 1200 Series
[2010/02/03 00:12:36 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark 2500 Series
[2010/06/14 21:54:07 | 000,000,000 | ---D | M] -- C:\Program Files\Lionhead Studios
[2010/01/05 11:50:02 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2010/07/25 19:36:38 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/06 13:08:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2010/02/08 10:26:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Calculator Plus
[2010/01/05 11:52:42 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/02/03 13:46:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/07/31 15:31:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Essentials
[2010/08/01 04:32:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/01/05 11:52:42 | 000,000,000 | ---D | M] -- C:\Program Files\movie maker
[2010/07/31 17:57:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/04/05 00:28:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/02/03 13:45:52 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2010/01/05 11:52:42 | 000,000,000 | ---D | M] -- C:\Program Files\msn gaming zone
[2010/01/05 11:46:03 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/05/31 15:25:28 | 000,000,000 | ---D | M] -- C:\Program Files\Noteworthy Software
[2010/01/05 11:46:50 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/01/05 11:52:42 | 000,000,000 | ---D | M] -- C:\Program Files\outlook express
[2010/03/28 21:53:10 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2010/04/15 10:58:31 | 000,000,000 | ---D | M] -- C:\Program Files\Polyman
[2010/04/05 00:28:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/01/08 09:38:26 | 000,000,000 | ---D | M] -- C:\Program Files\Rosetta Stone
[2010/01/05 12:42:28 | 000,000,000 | ---D | M] -- C:\Program Files\Steinberg
[2010/02/19 22:41:44 | 000,000,000 | ---D | M] -- C:\Program Files\SylvaWare
[2010/07/31 15:28:28 | 000,000,000 | ---D | M] -- C:\Program Files\The Cleaner
[2010/02/01 18:11:15 | 000,000,000 | ---D | M] -- C:\Program Files\TRENDnet
[2010/07/01 01:28:31 | 000,000,000 | ---D | M] -- C:\Program Files\Turbine
[2010/01/05 12:02:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/02/05 10:04:07 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010/07/08 15:29:39 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital Corp
[2010/07/19 04:59:25 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2010/07/19 04:33:47 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp Detect
[2010/01/05 11:46:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/02/01 20:31:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/01/05 11:52:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/01/05 11:46:54 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/07/23 12:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/01/05 11:52:42 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-03 07:00:36

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"AutoInstallMinorUpdates" = 1

< set /c >
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ernie\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GAME-RIG
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ernie
LOGONSERVER=\\GAME-RIG
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ernie\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ernie\LOCALS~1\Temp
USERDOMAIN=GAME-RIG
USERNAME=Ernie
USERPROFILE=C:\Documents and Settings\Ernie
windir=C:\WINDOWS

< %PROGRAMFILES%|bak;true;false;false /fp >

< %systemroot%\system32|bak;true;false;false /fp >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/01/05 11:48:05 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2010/01/05 11:52:14 | 000,108,681 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\Setup Log 2010-01-05 #001.txt
[4 C:\WINDOWS\system32\config\systemprofile\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\*.tmp -> ]

< %systemroot%\*.config >

< %systemroot%\system32\*.db >


< MD5 for: SFCFILES.DLL >
[2009/09/23 08:12:44 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=87F6E1E3202E85AC083AC64D84115C44 -- C:\WINDOWS\system32\sfcfiles.dll

< >
< End of report >
  • 0

#8
Rorschach112
Posted 13 August 2010 - 10:21 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.



* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#9
appletude
Posted 14 August 2010 - 02:48 PM

appletude

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Kaspersky's scanner gave me a blank log but it said 0 infections.

MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4426

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13/08/2010 18:08:42
mbam-log-2010-08-13 (18-08-42).txt

Scan type: Quick scan
Objects scanned: 138126
Time elapsed: 6 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


:)

ESET:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=30b7aa003efce64e862b40fa5df7d0f6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-14 09:18:30
# local_time=2010-08-14 05:18:30 (-0500, Eastern Daylight Time)
# country="United Kingdom"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776869 100 100 0 11286003 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=84418
# found=0
# cleaned=0
# scan_time=2885



:)
  • 0

#10
Rorschach112
Posted 16 August 2010 - 10:11 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
any redirects
  • 0

#11
appletude
Posted 16 August 2010 - 01:30 PM

appletude

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
None.

Performed small cleanup tasks and everything seemed normal. I cannot thank you enough. Let me know if we are finished, though.

Thanks.
  • 0

#12
Rorschach112
Posted 16 August 2010 - 03:33 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.



  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:
    :Commands
[clearallrestorepoints]
  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES



  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes



  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP