Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PC infected


  • This topic is locked This topic is locked

#1
LukeMcD

LukeMcD

    Member

  • Member
  • PipPipPip
  • 102 posts
I was browsing the web and I am very cautious with viruses etc.

My anti virus then tells me that it has found infected files, the number of files infected keeps increasing up to about 55.

I choose "clean" and it says it has fixed it but now I have to do this now and again as it will say a couple of files are infected.

Please help? I am not sure if my computer is still infected or not.

EDIT: Just restarted my PC and internet explorer opened up on it's own, it only took me to google but I'm guessing this could be the start of pop ups etc. and I cannot access the AVG and Malwarebytes anti malware websites

Edited by LukeMcD, 20 November 2011 - 06:01 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see what you have... Just in case both programmes are attached as zip in case you cannot access them sites :)

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan
[attachment=53753:aswMBR.zip]
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

THEN

Download OTL to your Desktop
[attachment=53754:OTL.zip]
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
LukeMcD

LukeMcD

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-20 12:39:24
-----------------------------
12:39:24.453 OS Version: Windows 5.1.2600 Service Pack 3
12:39:24.453 Number of processors: 2 586 0x170A
12:39:24.453 ComputerName: LUKE-PC UserName: Luke
12:39:25.218 Initialize success
12:39:35.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
12:39:35.156 Disk 0 Vendor: STM3500418AS CC37 Size: 476938MB BusType: 3
12:39:37.187 Disk 0 MBR read successfully
12:39:37.187 Disk 0 MBR scan
12:39:37.187 Disk 0 Windows XP default MBR code
12:39:37.187 Disk 0 scanning sectors +976752000
12:39:37.281 Disk 0 scanning C:\WINDOWS\system32\drivers
12:39:44.250 Service scanning
12:39:44.796 Service MpKsl5719d834 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsl5719d834.sys **LOCKED** 32
12:39:44.906 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
12:39:45.484 Modules scanning
12:40:04.843 Disk 0 trace - called modules:
12:40:04.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spzq.sys >>UNKNOWN [0x8ae3a938]<<
12:40:04.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad54ab8]
12:40:04.859 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> \Device\0000007d[0x8add49e8]
12:40:04.859 5 ACPI.sys[b7e74620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8adec940]
12:40:04.859 Scan finished successfully
12:40:27.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Luke\Desktop\MBR.dat"
12:40:27.046 The log file has been saved successfully to "C:\Documents and Settings\Luke\Desktop\aswMBR.txt"




OTL logfile created on: 20/11/2011 12:41:27 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Luke\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 72.49% Memory free
4.84 Gb Paging File | 4.15 Gb Available in Paging File | 85.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 320.06 Gb Free Space | 68.72% Space Free | Partition Type: NTFS

Computer Name: LUKE-PC | User Name: Luke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/20 12:08:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luke\Desktop\OTL.exe
PRC - [2011/11/19 18:13:15 | 006,860,960 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\Luke\Application Data\Spotify\spotify.exe
PRC - [2011/11/09 17:27:05 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\avtools\mbamservice.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/07/20 11:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 11:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 00:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/14 08:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/13 07:36:35 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/09 17:27:03 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/11 08:17:53 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2010/02/05 18:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/11/27 16:37:12 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/20 11:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2008/04/14 00:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 00:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/01/14 08:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe
MOD - [2004/08/10 07:00:00 | 000,268,288 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Running] -- C:\Program Files\avtools\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/01/13 17:23:02 | 000,129,440 | ---- | M] (Futuremark Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/03/02 14:06:16 | 000,068,136 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2005/01/14 08:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)


========== Driver Services (SafeList) ==========

DRV - [2011/11/20 12:25:22 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsl5719d834.sys -- (MpKsl5719d834)
DRV - [2011/11/20 12:03:25 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsld181c6cf.sys -- (MpKsld181c6cf)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/18 11:10:56 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESLvnic.sys -- (ESLvnic1)
DRV - [2011/04/14 11:43:14 | 000,812,448 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV - [2010/11/23 07:33:10 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/11/21 20:10:10 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/22 12:39:54 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009/12/02 13:56:16 | 000,092,792 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/12/01 14:49:54 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/06/17 16:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 16:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 16:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 16:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/03/27 06:33:42 | 000,130,816 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/01/20 10:53:06 | 005,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/14 10:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/09/04 19:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2007/01/19 12:07:03 | 000,013,184 | ---- | M] (Xponaut) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xpntwbd.sys -- (Xponaut_WBD) Xponaut WaveBridge Device (WDM)
DRV - [2005/02/24 11:29:14 | 000,162,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PFC027.sys -- (PAC207)
DRV - [1999/04/09 15:17:32 | 000,021,840 | ---- | M] (Logitech Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cxlpt.sys -- (CxLPT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1957994488-1547161642-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1957994488-1547161642-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1957994488-1547161642-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKU\S-1-5-21-1957994488-1547161642-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1957994488-1547161642-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "iUserbar new Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 53414
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Luke\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Luke\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 17:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/31 20:19:53 | 000,000,000 | ---D | M]

[2010/02/15 15:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Luke\Application Data\Mozilla\Extensions
[2010/02/15 15:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Luke\Application Data\Mozilla\Extensions\[email protected]
[2011/11/19 09:20:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Luke\Application Data\Mozilla\Firefox\Profiles\ufeh6p3v.default\extensions
[2011/11/19 09:20:55 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Luke\Application Data\Mozilla\Firefox\Profiles\ufeh6p3v.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/12/10 14:56:55 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Luke\Application Data\Mozilla\Firefox\Profiles\ufeh6p3v.default\extensions\[email protected]
[2011/02/26 11:11:05 | 000,001,001 | ---- | M] () -- C:\Documents and Settings\Luke\Application Data\Mozilla\Firefox\Profiles\ufeh6p3v.default\searchplugins\torrentz-search.xml
[2011/11/10 10:37:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\LUKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UFEH6P3V.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\LUKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UFEH6P3V.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2010/06/05 19:55:33 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/12/01 15:49:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/11/09 17:27:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/06/05 19:55:33 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 08:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 08:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 08:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 08:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 08:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========


O1 HOSTS File: ([2011/11/15 14:38:33 | 000,609,176 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[dialer.aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[tracking.cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[tracking.cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16077 more lines...
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-1957994488-1547161642-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1957994488-1547161642-839522115-1003..\Run: [PhjGagdm] C:\Documents and Settings\Luke\Local Settings\Application Data\hbrtpdtv\phjgagdm.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1957994488-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1957994488-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DED1C4A6-F789-43E5-8347-BC4EA2B315A1}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Luke\Local Settings\Application Data\hbrtpdtv\phjgagdm.exe) -C:\Documents and Settings\Luke\Local Settings\Application Data\hbrtpdtv\phjgagdm.exe File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/28 15:24:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e24826ed-0b92-11e0-9695-00241d544d3c}\Shell - "" = AutoRun
O33 - MountPoints2\{e24826ed-0b92-11e0-9695-00241d544d3c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e24826ed-0b92-11e0-9695-00241d544d3c}\Shell\AutoRun\command - "" = E:\DPFMate.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/20 12:39:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Luke\Desktop\OTL.exe
[2011/11/20 12:38:35 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Luke\Desktop\aswMBR.exe
[2011/11/20 11:51:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Luke\Recent
[2011/11/20 11:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luke\Local Settings\Application Data\hbrtpdtv
[2011/11/14 20:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/11/14 20:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/31 20:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/10/31 20:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/21 17:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/05 20:36:54 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Program Files\ATF-Cleaner.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/20 12:40:27 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Luke\Desktop\MBR.dat
[2011/11/20 12:36:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/20 12:33:29 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/20 12:30:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1957994488-1547161642-839522115-1003UA.job
[2011/11/20 12:25:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/20 12:25:16 | 3219,640,320 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/20 12:08:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luke\Desktop\OTL.exe
[2011/11/20 12:07:28 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Luke\Desktop\aswMBR.exe
[2011/11/19 18:30:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1957994488-1547161642-839522115-1003Core.job
[2011/11/18 09:34:40 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/14 20:12:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/09 09:09:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Luke\Desktop\MARTIN OWES £10
[2011/11/02 16:10:00 | 000,148,992 | ---- | M] () -- C:\Documents and Settings\Luke\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/31 20:18:23 | 000,000,290 | RHS- | M] () -- C:\boot.ini
[2011/10/30 15:51:02 | 000,436,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/30 15:51:02 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/20 12:40:27 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Luke\Desktop\MBR.dat
[2011/11/09 09:09:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Luke\Desktop\MARTIN OWES £10
[2011/08/25 09:44:18 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Luke\Local Settings\Application Data\WebpageIcons.db
[2011/07/22 19:10:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PAStiSvc.exe
[2011/02/21 09:41:34 | 000,110,248 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/18 21:37:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/12/25 15:15:12 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/12/19 12:24:08 | 000,241,428 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/19 12:24:05 | 000,241,428 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/19 12:24:05 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/15 19:53:30 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Luke\Application Data\Adobe PNG Format CS5 Prefs
[2010/10/20 19:05:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/02 13:11:59 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2010/08/26 13:25:27 | 000,063,392 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/24 12:19:49 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/07/02 17:18:19 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\mtkjpeg.dll
[2010/06/29 11:27:24 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/05 14:21:28 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/05 14:21:28 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/03 17:25:23 | 000,000,256 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/06/02 20:54:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/06 15:46:52 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/04/13 08:57:01 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\Uharc.exe
[2010/04/13 08:57:01 | 000,008,636 | ---- | C] () -- C:\WINDOWS\System32\modifype.exe
[2010/03/11 08:19:46 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010/03/11 08:17:53 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/03/11 08:17:53 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/02/07 14:09:38 | 000,472,576 | ---- | C] () -- C:\WINDOWS\Nvidia Omega Drivers v2.169.21 Uninstall.exe
[2010/01/06 16:48:46 | 000,000,152 | ---- | C] () -- C:\WINDOWS\INpact_CSS_Hud_tweaker_1.19.INI
[2009/12/21 20:18:36 | 001,519,429 | ---- | C] () -- C:\WINDOWS\Registry Fix for CAL GUI Uninstaller.exe
[2009/12/21 15:44:04 | 000,148,992 | ---- | C] () -- C:\Documents and Settings\Luke\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/21 11:25:37 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/11/29 21:30:48 | 000,141,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/11/29 21:30:48 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Luke\Application Data\PnkBstrK.sys
[2009/11/29 21:30:26 | 000,281,656 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/11/29 21:30:25 | 002,373,712 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2009/11/29 21:30:25 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/11/28 23:07:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/28 23:04:59 | 003,593,512 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/28 17:56:57 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/11/28 17:23:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/28 15:38:19 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/11/28 15:25:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/11/28 15:21:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/03 03:11:18 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/07/03 03:11:18 | 000,007,274 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[2007/03/12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2005/02/24 11:29:14 | 000,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.sys
[2005/01/25 14:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2004/11/22 12:48:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\98Setup.exe
[2004/08/10 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 07:00:00 | 000,436,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 07:00:00 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 13:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 13:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2011/05/21 16:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Caphyon
[2009/12/17 19:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/12/25 18:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/04/26 18:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESL Wire
[2011/02/26 21:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Guitar Pro 6
[2010/08/29 10:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2010/03/23 22:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/12/11 21:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2010/04/07 16:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/02/25 16:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2010/04/26 17:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2011/03/31 19:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/12/25 15:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/07/31 15:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/07/24 12:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screaming Bee
[2009/12/11 21:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonoma Wire Works
[2010/10/10 21:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/19 13:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2010/05/21 15:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/02 21:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\.minecraft
[2010/07/25 16:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\AnvSoft
[2011/07/08 13:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Avnex
[2011/03/31 19:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/14 14:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\coupons
[2010/10/02 13:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\DonationCoder
[2010/05/15 16:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\eBookPro6
[2010/06/23 11:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Facebook
[2009/12/20 20:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\FileZilla
[2011/04/01 14:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\FrostWire
[2010/03/24 16:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\GetRightToGo
[2010/10/02 15:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\GrabPro
[2011/06/12 17:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Guitar Pro 6
[2010/06/11 16:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\GZero
[2010/01/30 16:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\id Software
[2011/05/24 10:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\InfraRecorder
[2011/05/21 16:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\KLUTCH
[2010/04/30 15:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Leadertech
[2011/03/20 08:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\ManyCam
[2011/10/08 16:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Mumble
[2011/02/09 21:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Notepad++
[2009/11/28 17:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\OpenOffice.org
[2010/10/02 15:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Orbit
[2010/02/25 16:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\PACE Anti-Piracy
[2010/03/11 08:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\pdf995
[2010/10/02 13:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\ProgSense
[2011/01/02 16:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Rainmeter
[2010/08/26 13:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Regensoft
[2011/02/18 11:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Research In Motion
[2010/05/28 14:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Screaming Bee
[2010/08/25 12:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\shockvoice
[2011/05/31 12:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Sony
[2011/11/20 12:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Spotify
[2010/01/03 12:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Sytexis Software
[2011/05/07 12:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\TeamViewer
[2011/08/11 08:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\TS3Client
[2011/11/14 12:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\uTorrent
[2010/04/13 09:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\ViGlance
[2010/09/04 13:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\VOIPlay
[2010/12/26 12:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\WeGame
[2011/03/18 15:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Xilisoft
[2011/11/19 18:30:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1957994488-1547161642-839522115-1003Core.job
[2011/11/20 12:30:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1957994488-1547161642-839522115-1003UA.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 00:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 00:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/10 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >


can't see the extras.txt file anywhere mate
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this run could you try to access some antivirus sites please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 53414
    FF - prefs.js..network.proxy.type: 4
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O3 - HKU\S-1-5-21-1957994488-1547161642-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKU\S-1-5-21-1957994488-1547161642-839522115-1003..\Run: [PhjGagdm] C:\Documents and Settings\Luke\Local Settings\Application Data\hbrtpdtv\phjgagdm.exe File not found
    O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Luke\Local Settings\Application Data\hbrtpdtv\phjgagdm.exe) -C:\Documents and Settings\Luke\Local Settings\Application Data\hbrtpdtv\phjgagdm.exe File not found
    [2011/11/20 11:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luke\Local Settings\Application Data\hbrtpdtv

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#5
LukeMcD

LukeMcD

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
All processes killed
========== OTL ==========
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 53414 removed from network.proxy.http_port
Prefs.js: 4 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_USERS\S-1-5-21-1957994488-1547161642-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-1957994488-1547161642-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\PhjGagdm deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Documents and Settings\Luke\Local Settings\Application Data\hbrtpdtv\phjgagdm.exe deleted successfully.
C:\Documents and Settings\Luke\Local Settings\Application Data\hbrtpdtv folder moved successfully.
========== FILES ==========
[color=#A23BEC]< ipconfig /flushdns /c >[/color]
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Luke\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Luke\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: Luke
->Temp folder emptied: 3325832 bytes
->Temporary Internet Files folder emptied: 8632466 bytes
->Java cache emptied: 31562532 bytes
->FireFox cache emptied: 72241874 bytes
->Google Chrome cache emptied: 6406750 bytes
->Flash cache emptied: 1081897 bytes
 
User: NetworkService
->Temp folder emptied: 2382090 bytes
->Temporary Internet Files folder emptied: 47408517 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6910986 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 150574459 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 315.00 mb
 
Restore point Set: OTL Restore Point (0)
 
OTL by OldTimer - Version 3.2.31.0 log created on 11202011_135014

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8198

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20/11/2011 14:07:51
mbam-log-2011-11-20 (14-07-51).txt

Scan type: Quick scan
Objects scanned: 177058
Time elapsed: 11 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\internet explorer\PLUGINS\npqtplugin4.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\internet explorer\PLUGINS\npqtplugin5.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\internet explorer\PLUGINS\npqtplugin6.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\internet explorer\PLUGINS\npqtplugin7.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npqtplugin.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npqtplugin2.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npqtplugin3.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npqtplugin4.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npqtplugin5.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npqtplugin6.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npqtplugin7.dll (Virus.Ramnit) -> Quarantined and deleted successfully.

still can't get on the MBAM site or the AVG one

Edited by LukeMcD, 20 November 2011 - 08:15 AM.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is that trying with both IE and Firefox ?

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks, and also install the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
LukeMcD

LukeMcD

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
For both I.E and firefox it won't let me access such sites, I had to download the programs in your last post from my brothers laptop and transfer them over.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows XP Professional
Windows Information:		Service Pack 3 (build 2600)
Logical Drives Mask:		0x0000003d

Kernel Drivers (total 134):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806E5000 \WINDOWS\system32\hal.dll
  0xB85A8000 \WINDOWS\system32\KDCOM.DLL
  0xB84B8000 \WINDOWS\system32\BOOTVID.dll
  0xB80A8000 aldspyau.sys
  0xB7EB4000 spdm.sys
  0xB85AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
  0xB7E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
  0xB7E6E000 ACPI.sys
  0xB7E5D000 pci.sys
  0xB80B8000 isapnp.sys
  0xB8670000 pciide.sys
  0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xB80C8000 MountMgr.sys
  0xB7E3E000 ftdisk.sys
  0xB85AC000 dmload.sys
  0xB7E18000 dmio.sys
  0xB8330000 PartMgr.sys
  0xB80D8000 VolSnap.sys
  0xB7E00000 atapi.sys
  0xB80E8000 disk.sys
  0xB80F8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xB7DE0000 fltmgr.sys
  0xB7DCE000 sr.sys
  0xB7DB0000 TPkd.sys
  0xB7D99000 KSecDD.sys
  0xB7D0C000 Ntfs.sys
  0xB7CDF000 NDIS.sys
  0xB7CC5000 Mup.sys
  0xB74FF000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xB6A54000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xB6A40000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xB6A18000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xB69F8000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
  0xB8420000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xB69D4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xB8428000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xB8430000 \SystemRoot\system32\DRIVERS\fdc.sys
  0xB74EF000 \SystemRoot\system32\DRIVERS\serial.sys
  0xB7C95000 \SystemRoot\system32\DRIVERS\serenum.sys
  0xB69C0000 \SystemRoot\system32\DRIVERS\parport.sys
  0xB74DF000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xB74CF000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xB74BF000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xB699D000 \SystemRoot\system32\DRIVERS\ks.sys
  0xB8438000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0xB8440000 \SystemRoot\system32\DRIVERS\ManyCam.sys
  0xB74AF000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0xB87E6000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xB85D8000 \SystemRoot\System32\Drivers\RootMdm.sys
  0xB8448000 \SystemRoot\System32\Drivers\Modem.SYS
  0xB749F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xB7C8D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xB6986000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xB8158000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xB8168000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xB8450000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xB6975000 \SystemRoot\system32\DRIVERS\psched.sys
  0xB8178000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xB8458000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xB8460000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xB8188000 \SystemRoot\system32\DRIVERS\ESLvnic.sys
  0xB8468000 \SystemRoot\system32\DRIVERS\RimSerial.sys
  0xB6945000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0xB8198000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xB8470000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xB8478000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xB85DA000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xB68E7000 \SystemRoot\system32\DRIVERS\update.sys
  0xB73A6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xB81B8000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xB3F5C000 \SystemRoot\system32\drivers\RtkHDAud.sys
  0xB3F38000 \SystemRoot\system32\drivers\portcls.sys
  0xB81C8000 \SystemRoot\system32\drivers\drmk.sys
  0xB81D8000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xB85E0000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xB8480000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0xB2D61000 \SystemRoot\system32\DRIVERS\MpFilter.sys
  0xB2D39000 \SystemRoot\system32\DRIVERS\pfc027.sys
  0xB85F0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xB86F2000 \SystemRoot\System32\Drivers\Null.SYS
  0xB85F2000 \SystemRoot\System32\Drivers\Beep.SYS
  0xB84A8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xB84B0000 \SystemRoot\System32\drivers\vga.sys
  0xB85F4000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xB85F6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xB8340000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xB8348000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xB7C99000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xB2D06000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xB2CAD000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xB2C85000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xB2C63000 \SystemRoot\System32\drivers\afd.sys
  0xB8208000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xB2C38000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xB2BC8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xB2BA2000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xB8370000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0xB8218000 \SystemRoot\System32\Drivers\Fips.SYS
  0xB8228000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xB8378000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
  0xB8238000 \SystemRoot\System32\Drivers\WDFLDR.SYS
  0xB2B09000 \SystemRoot\System32\Drivers\wdf01000.sys
  0xB445D000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xB8248000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xB8380000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
  0xB4459000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xB8388000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
  0xB2A50000 \SystemRoot\System32\Drivers\RimUsb.sys
  0xB8390000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xB8278000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xB2E30000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0xB2A38000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xB85F8000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xB2E1C000 \SystemRoot\System32\drivers\Dxapi.sys
  0xB8398000 \SystemRoot\System32\watchdog.sys
  0xBD000000 \SystemRoot\System32\drivers\dxg.sys
  0xB8764000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBD012000 \SystemRoot\System32\nv4_disp.dll
  0xBD623000 \SystemRoot\System32\ATMFD.DLL
  0xB1C0D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xB8618000 \SystemRoot\System32\Drivers\ParVdm.SYS
  0xB861A000 \SystemRoot\System32\Drivers\TBPanel.SYS
  0xB83D8000 \SystemRoot\System32\Drivers\CxLPT.SYS
  0xB1968000 \??\C:\WINDOWS\system32\drivers\ESLWireACD.sys
  0xB8729000 \SystemRoot\System32\Drivers\LBeepKE.sys
  0xB8410000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsl52b8d859.sys
  0xB14CB000 \SystemRoot\system32\drivers\wdmaud.sys
  0xB1760000 \SystemRoot\system32\drivers\sysaudio.sys
  0xB0F3C000 \SystemRoot\System32\Drivers\HTTP.sys
  0xB0D88000 \SystemRoot\System32\Drivers\Fastfat.SYS
  0xAFC45000 \SystemRoot\system32\drivers\kmixer.sys
  0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 35):
       0 System Idle Process
       4 System
     824 C:\WINDOWS\system32\smss.exe
     872 C:\WINDOWS\system32\csrss.exe
     904 C:\WINDOWS\system32\winlogon.exe
     948 C:\WINDOWS\system32\services.exe
     960 C:\WINDOWS\system32\lsass.exe
    1144 C:\WINDOWS\system32\svchost.exe
    1188 C:\WINDOWS\system32\svchost.exe
    1332 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    1368 C:\WINDOWS\system32\svchost.exe
    1420 C:\WINDOWS\system32\svchost.exe
    1560 C:\WINDOWS\system32\spoolsv.exe
    1672 C:\WINDOWS\system32\svchost.exe
    1812 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1852 C:\WINDOWS\ehome\ehRecvr.exe
    1892 C:\WINDOWS\ehome\ehSched.exe
    1944 C:\WINDOWS\system32\PAStiSvc.exe
    2000 C:\WINDOWS\system32\svchost.exe
     644 C:\WINDOWS\system32\dllhost.exe
     800 C:\WINDOWS\system32\alg.exe
    2264 C:\WINDOWS\explorer.exe
    2592 C:\WINDOWS\system32\svchost.exe
    2656 C:\WINDOWS\system32\svchost.exe
    3640 C:\WINDOWS\system32\svchost.exe
    3916 C:\Program Files\Microsoft Security Client\msseces.exe
    3940 C:\Program Files\iTunes\iTunesHelper.exe
    3972 C:\WINDOWS\system32\ctfmon.exe
    2072 C:\Program Files\Logitech\SetPoint\SetPoint.exe
    2344 C:\Program Files\iPod\bin\iPodService.exe
    2728 C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
     208 C:\Program Files\Mozilla Firefox\firefox.exe
    3784 C:\Program Files\Mozilla Firefox\plugin-container.exe
     620 C:\WINDOWS\system32\svchost.exe
    3852 C:\Documents and Settings\Luke\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: STM3500418AS, Rev: CC37    

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Combofix:

ComboFix 11-11-20.01 - Luke 20/11/2011  15:03:49.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.3070.2236 [GMT 0:00]
Running from: c:\documents and settings\Luke\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Luke\Local Settings\Application Data\dxkxjsss.log
c:\documents and settings\Luke\Local Settings\Application Data\fqevhtxc.log
c:\documents and settings\Luke\Local Settings\Application Data\hbrtpdtv\phjgagdm.exe
c:\documents and settings\Luke\Local Settings\Application Data\jftljdua.log
c:\documents and settings\Luke\Local Settings\Application Data\rkhdlamm.log
c:\documents and settings\Luke\Local Settings\Application Data\ryqltcpi.log
c:\documents and settings\Luke\Local Settings\Application Data\yrhsdxyd.log
c:\windows\CSC\d6
c:\windows\IsUn0804.exe
c:\windows\system32\scrnrdr.exe
c:\windows\system32\VIRepair
c:\windows\system32\VIRepair\vi.sif
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_COMSYSAPP
-------\Service_COMSysApp
.
.
(((((((((((((((((((((((((   Files Created from 2011-10-20 to 2011-11-20  )))))))))))))))))))))))))))))))
.
.
2011-11-20 15:13 . 2011-11-20 15:13	28752	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsl47a44122.sys
2011-11-20 15:13 . 2011-11-20 15:13	56200	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\offreg.dll
2011-11-20 15:01 . 2011-11-20 15:01	28752	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsl7bdf0480.sys
2011-11-20 14:10 . 2011-11-20 14:10	28752	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsl52b8d859.sys
2011-11-20 13:53 . 2011-11-20 15:14	--------	d-----w-	c:\documents and settings\Luke\Local Settings\Application Data\hbrtpdtv
2011-11-20 13:40 . 2011-11-20 13:40	--------	d-----w-	C:\_OTL
2011-11-20 12:03 . 2011-11-20 12:03	28752	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsld181c6cf.sys
2011-11-19 18:00 . 2011-10-07 03:48	6668624	------w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\mpengine.dll
2011-11-14 20:17 . 2011-11-14 20:17	--------	d-----w-	c:\program files\iPod
2011-10-31 20:19 . 2011-10-31 20:19	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-10-31 20:19 . 2011-10-31 20:19	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-10-31 20:19 . 2011-10-31 20:19	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-10-31 20:19 . 2011-10-31 20:19	--------	d-----w-	c:\program files\QuickTime
2011-10-24 14:29 . 2011-10-24 14:29	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-10-24 14:29 . 2011-10-24 14:29	69632	----a-w-	c:\windows\system32\QuickTime.qts
2011-10-21 17:04 . 2011-10-21 17:04	--------	d-----w-	c:\program files\Bonjour
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-13 07:36 . 2011-05-24 10:26	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2009-11-28 15:22	692736	----a-w-	c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2010-06-04 21:57	6668624	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-28 07:06 . 2004-08-10 07:00	599040	----a-w-	c:\windows\system32\crypt32.dll
2011-09-26 10:41 . 2008-07-29 19:59	611328	----a-w-	c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2004-08-10 07:00	220160	----a-w-	c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2004-08-10 07:00	20480	----a-w-	c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-10 07:00	1858944	----a-w-	c:\windows\system32\win32k.sys
2011-08-31 17:00 . 2010-06-03 17:09	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-30 22:05 . 2011-08-30 22:05	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05	73064	----a-w-	c:\windows\system32\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05	50536	----a-w-	c:\windows\system32\jdns_sd.dll
2011-08-30 22:05 . 2011-08-30 22:05	178536	----a-w-	c:\windows\system32\dnssdX.dll
2011-08-22 23:48 . 2004-08-10 07:00	916480	----a-w-	c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-10 07:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-10 07:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2010-06-05 20:36 . 2010-06-05 20:36	50688	----a-w-	c:\program files\ATF-Cleaner.exe
2011-11-09 17:27 . 2011-03-27 08:29	134104	------w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhjGagdm"="c:\documents and settings\Luke\Local Settings\Application Data\hbrtpdtv\phjgagdm.exe" [2011-11-20 112274]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Luke\Start Menu\Programs\Startup\
phjgagdm.exe [2011-11-20 112274]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-7-28 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\documents and settings\Luke\Local Settings\Application Data\hbrtpdtv\phjgagdm.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28	72208	------w-	c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[COLOR=RED] SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. [/COLOR]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Rainmeter.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Rainmeter.lnk
backup=c:\windows\pss\Rainmeter.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Luke^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Luke\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Luke^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Luke\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Luke^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Luke\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Luke^Start Menu^Programs^Startup^Rainmeter.lnk]
path=c:\documents and settings\Luke\Start Menu\Programs\Startup\Rainmeter.lnk
backup=c:\windows\pss\Rainmeter.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59	937920	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44	500208	------w-	c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57	406992	----a-w-	c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20	57344	----a-w-	c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 01:52	59240	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22	59240	------w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-10 04:04	59392	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESL Wire]
2011-05-16 12:02	2759680	----a-w-	c:\program files\EslWire\wire.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-09-02 17:25	137536	----atw-	c:\documents and settings\Luke\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GAINWARD]
2009-05-12 15:43	2181672	----a-w-	c:\program files\EXPERTool\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 11:44	31072	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 00:24	421736	------w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55	55824	----a-w-	c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 17:00	449608	----a-w-	c:\program files\avtools\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12	1695232	------w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 22:12	3872080	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-10-16 12:05	13851752	----a-w-	c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-04 19:25	81920	----a-w-	c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-10-16 12:05	110696	----a-w-	c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-08-26 00:12	1753192	----a-w-	c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-01-13 06:37	18084864	----a-w-	c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-02 11:50	1242448	----a-w-	c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43	248040	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37	517096	----a-w-	c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg9emc"=2 (0x2)
"ES lite Service"=2 (0x2)
"idsvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"NIHardwareService"=2 (0x2)
"GoToAssist"=3 (0x3)
"nvsvc"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"nTuneService"=2 (0x2)
"gupdate"=2 (0x2)
"SwitchBoard"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"LBTServ"=3 (0x3)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"MsMpSvc"=2 (0x2)
"IDriverT"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"gupdatem"=3 (0x3)
"Futuremark SystemInfo Service"=3 (0x3)
"MBAMService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\fpsa_joe\\half-life 2 deathmatch\\hl2.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Gigabyte\\EasySaver\\UpdExe.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Steam\\steamapps\\fpsa_joe\\Files\\hl2.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Counter-Strike CS 1.6 p47\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\bin\\SDKLauncher.exe"=
"c:\\Program Files\\EslWire\\wire.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Luke\\My Documents\\EasyAntiCheat.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\far cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2BenchmarkTool.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2ServerLauncher.exe"=
"c:\\Documents and Settings\\Luke\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Documents and Settings\\Luke\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\fpsa_joe\\counter-strike source\\hl2.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21/11/2010 20:10 691696]
R1 MpKsl47a44122;MpKsl47a44122;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsl47a44122.sys [20/11/2011 15:13 28752]
R1 MpKsl52b8d859;MpKsl52b8d859;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsl52b8d859.sys [20/11/2011 14:10 28752]
R1 MpKsl7bdf0480;MpKsl7bdf0480;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsl7bdf0480.sys [20/11/2011 15:01 28752]
R2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [26/04/2011 18:42 812448]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [28/07/2010 12:05 10384]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [15/06/2010 16:18 24504]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/01/2008 10:06 21632]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24/02/2005 11:29 162176]
S1 MpKsl00c2d549;MpKsl00c2d549;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3B92A6A4-A384-4B98-B5C5-9B5CE8CBE549}\MpKsl00c2d549.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3B92A6A4-A384-4B98-B5C5-9B5CE8CBE549}\MpKsl00c2d549.sys [?]
S1 MpKsl0d695580;MpKsl0d695580;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FCD0E57-E1C9-4515-9791-213C545EEBA0}\MpKsl0d695580.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FCD0E57-E1C9-4515-9791-213C545EEBA0}\MpKsl0d695580.sys [?]
S1 MpKsl17749a49;MpKsl17749a49;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8909F0E7-9B7D-41E8-9C91-4ED81F4E06A2}\MpKsl17749a49.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8909F0E7-9B7D-41E8-9C91-4ED81F4E06A2}\MpKsl17749a49.sys [?]
S1 MpKsl179b2631;MpKsl179b2631;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1A251ED5-FC02-48A7-B895-3856AECBACCC}\MpKsl179b2631.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1A251ED5-FC02-48A7-B895-3856AECBACCC}\MpKsl179b2631.sys [?]
S1 MpKsl267a0e02;MpKsl267a0e02;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C9AED3C-B071-4FB2-97B2-DB40E055F903}\MpKsl267a0e02.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C9AED3C-B071-4FB2-97B2-DB40E055F903}\MpKsl267a0e02.sys [?]
S1 MpKsl324be67f;MpKsl324be67f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{52D19512-BC21-43F9-88A6-7EDF3FC724EA}\MpKsl324be67f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{52D19512-BC21-43F9-88A6-7EDF3FC724EA}\MpKsl324be67f.sys [?]
S1 MpKsl67ec0ac3;MpKsl67ec0ac3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFDAD207-B16C-4C85-AD32-42FF9EEB11BF}\MpKsl67ec0ac3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFDAD207-B16C-4C85-AD32-42FF9EEB11BF}\MpKsl67ec0ac3.sys [?]
S1 MpKsl7a394dd8;MpKsl7a394dd8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9745229F-945A-4766-AF55-056C426EB9F6}\MpKsl7a394dd8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9745229F-945A-4766-AF55-056C426EB9F6}\MpKsl7a394dd8.sys [?]
S1 MpKsl7b6f8baf;MpKsl7b6f8baf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F9B0DDB2-511D-4597-BFE4-F1B8C80971EA}\MpKsl7b6f8baf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F9B0DDB2-511D-4597-BFE4-F1B8C80971EA}\MpKsl7b6f8baf.sys [?]
S1 MpKsl89c2937f;MpKsl89c2937f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F7F4B132-0D36-4C13-869B-5F21C1DD3230}\MpKsl89c2937f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F7F4B132-0D36-4C13-869B-5F21C1DD3230}\MpKsl89c2937f.sys [?]
S1 MpKsl907d3de4;MpKsl907d3de4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEF721ED-6794-42F3-8B85-7374447906F1}\MpKsl907d3de4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEF721ED-6794-42F3-8B85-7374447906F1}\MpKsl907d3de4.sys [?]
S1 MpKsl9242fa22;MpKsl9242fa22;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12330854-4B6B-4F59-B8F2-FF35B25A65E3}\MpKsl9242fa22.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12330854-4B6B-4F59-B8F2-FF35B25A65E3}\MpKsl9242fa22.sys [?]
S1 MpKsla5fbc918;MpKsla5fbc918;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7122FF2-6BE4-4BD9-BCED-B9E0DEFCF2DA}\MpKsla5fbc918.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7122FF2-6BE4-4BD9-BCED-B9E0DEFCF2DA}\MpKsla5fbc918.sys [?]
S1 MpKslc782cd0a;MpKslc782cd0a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKslc782cd0a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKslc782cd0a.sys [?]
S1 MpKsld181c6cf;MpKsld181c6cf;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsld181c6cf.sys [20/11/2011 12:03 28752]
S1 MpKsld86a48f5;MpKsld86a48f5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1C243C9-245A-439E-B7D5-4DA2019FB552}\MpKsld86a48f5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1C243C9-245A-439E-B7D5-4DA2019FB552}\MpKsld86a48f5.sys [?]
S1 MpKsldbb2022a;MpKsldbb2022a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC5AF520-6062-4257-80A4-89A8850E08F4}\MpKsldbb2022a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC5AF520-6062-4257-80A4-89A8850E08F4}\MpKsldbb2022a.sys [?]
S1 MpKsle0813d7a;MpKsle0813d7a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1C243C9-245A-439E-B7D5-4DA2019FB552}\MpKsle0813d7a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1C243C9-245A-439E-B7D5-4DA2019FB552}\MpKsle0813d7a.sys [?]
S1 MpKslea8937c0;MpKslea8937c0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3909BD3A-0BA5-4317-8E9C-86E3DC906340}\MpKslea8937c0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3909BD3A-0BA5-4317-8E9C-86E3DC906340}\MpKslea8937c0.sys [?]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys --> c:\windows\system32\DRIVERS\JakNDis.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03/06/2010 17:09 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [01/12/2009 14:49 34384]
S4 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [28/11/2009 15:32 68136]
S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [28/04/2011 11:26 129440]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [04/08/2010 17:24 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [04/08/2010 17:24 136176]
S4 MBAMService;MBAMService;c:\program files\avtools\mbamservice.exe [03/06/2010 17:09 366152]
S4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL47A44122
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-31 c:\windows\Tasks\AdobeAAMUpdater-1.0-LUKE-PC-Luke.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-08-30 02:44]
.
2011-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2011-11-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1957994488-1547161642-839522115-1003Core.job
- c:\documents and settings\Luke\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-09-02 17:25]
.
2011-11-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1957994488-1547161642-839522115-1003UA.job
- c:\documents and settings\Luke\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-09-02 17:25]
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 17:24]
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 17:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\ufeh6p3v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851561&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
MSConfigStartUp-conhost - c:\documents and settings\Luke\Application Data\Microsoft\conhost.exe
MSConfigStartUp-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
MSConfigStartUp-RoboForm - c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-Spiceworks - c:\program files\Spiceworks\bin\spicetray_silent.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Luke\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-20 15:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-1547161642-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:82,2b,14,32,3c,f5,f0,71,ff,c9,ac,0b,07,ec,1c,9c,03,82,e2,e6,8e,
   6b,86,26,1a,6f,7f,fb,16,b2,00,0e,33,a1,14,25,4f,28,3d,6c,21,72,2f,87,fb,52,\
"rkeysecu"=hex:fc,87,3e,42,2c,41,75,b1,ea,24,b3,83,07,50,e5,09
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(892)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(3444)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\System32\PAStiSvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2011-11-20  15:19:21 - machine was rebooted
ComboFix-quarantined-files.txt  2011-11-20 15:19
.
Pre-Run: 340,221,702,144 bytes free
Post-Run: 340,078,616,576 bytes free
.
- - End Of File - - 57B6CB2775F7EEDCB0324C2CC126FB6B

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK next phase now

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\documents and settings\Luke\Start Menu\Programs\Startup\phjgagdm.exe

Folder::
c:\documents and settings\Luke\Local Settings\Application Data\hbrtpdtv

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhjGagdm"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,"

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#9
LukeMcD

LukeMcD

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
ComboFix 11-11-20.01 - Luke 20/11/2011  15:40:22.4.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.3070.2446 [GMT 0:00]

Running from: c:\documents and settings\Luke\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Luke\Desktop\CFScript.txt.txt

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

FILE ::

"c:\documents and settings\Luke\Start Menu\Programs\Startup\phjgagdm.exe"

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Luke\Local Settings\Application Data\dxkxjsss.log

c:\documents and settings\Luke\Local Settings\Application Data\fqevhtxc.log

c:\documents and settings\Luke\Local Settings\Application Data\hbrtpdtv

c:\documents and settings\Luke\Local Settings\Application Data\jftljdua.log

c:\documents and settings\Luke\Local Settings\Application Data\rkhdlamm.log

c:\documents and settings\Luke\Local Settings\Application Data\ryqltcpi.log

c:\documents and settings\Luke\Local Settings\Application Data\yrhsdxyd.log

c:\documents and settings\Luke\Start Menu\Programs\Startup\phjgagdm.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_COMSysApp

.

.

(((((((((((((((((((((((((   Files Created from 2011-10-20 to 2011-11-20  )))))))))))))))))))))))))))))))

.

.

2011-11-20 15:49 . 2011-11-20 15:49	28752	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsl8947e815.sys

2011-11-20 15:49 . 2011-11-20 15:49	56200	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\offreg.dll

2011-11-20 15:39 . 2011-11-20 15:39	28752	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsl6eb43773.sys

2011-11-20 15:13 . 2011-11-20 15:13	28752	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsl47a44122.sys

2011-11-20 13:40 . 2011-11-20 13:40	--------	d-----w-	C:\_OTL

2011-11-20 12:03 . 2011-11-20 12:03	28752	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsld181c6cf.sys

2011-11-19 18:00 . 2011-10-07 03:48	6668624	------w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\mpengine.dll

2011-11-14 20:17 . 2011-11-14 20:17	--------	d-----w-	c:\program files\iPod

2011-10-31 20:19 . 2011-10-31 20:19	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll

2011-10-31 20:19 . 2011-10-31 20:19	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll

2011-10-31 20:19 . 2011-10-31 20:19	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll

2011-10-31 20:19 . 2011-10-31 20:19	--------	d-----w-	c:\program files\QuickTime

2011-10-24 14:29 . 2011-10-24 14:29	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx

2011-10-24 14:29 . 2011-10-24 14:29	69632	----a-w-	c:\windows\system32\QuickTime.qts

2011-10-21 17:04 . 2011-10-21 17:04	--------	d-----w-	c:\program files\Bonjour

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-13 07:36 . 2011-05-24 10:26	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22 . 2009-11-28 15:22	692736	----a-w-	c:\windows\system32\inetcomm.dll

2011-10-07 03:48 . 2010-06-04 21:57	6668624	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-28 07:06 . 2004-08-10 07:00	599040	----a-w-	c:\windows\system32\crypt32.dll

2011-09-26 10:41 . 2008-07-29 19:59	611328	----a-w-	c:\windows\system32\uiautomationcore.dll

2011-09-26 10:41 . 2004-08-10 07:00	220160	----a-w-	c:\windows\system32\oleacc.dll

2011-09-26 10:41 . 2004-08-10 07:00	20480	----a-w-	c:\windows\system32\oleaccrc.dll

2011-09-06 13:20 . 2004-08-10 07:00	1858944	----a-w-	c:\windows\system32\win32k.sys

2011-08-31 17:00 . 2010-06-03 17:09	22216	----a-w-	c:\windows\system32\drivers\mbam.sys

2011-08-30 22:05 . 2011-08-30 22:05	83816	----a-w-	c:\windows\system32\dns-sd.exe

2011-08-30 22:05 . 2011-08-30 22:05	73064	----a-w-	c:\windows\system32\dnssd.dll

2011-08-30 22:05 . 2011-08-30 22:05	50536	----a-w-	c:\windows\system32\jdns_sd.dll

2011-08-30 22:05 . 2011-08-30 22:05	178536	----a-w-	c:\windows\system32\dnssdX.dll

2011-08-22 23:48 . 2004-08-10 07:00	916480	----a-w-	c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2004-08-10 07:00	43520	----a-w-	c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2004-08-10 07:00	1469440	------w-	c:\windows\system32\inetcpl.cpl

2010-06-05 20:36 . 2010-06-05 20:36	50688	----a-w-	c:\program files\ATF-Cleaner.exe

2011-11-09 17:27 . 2011-03-27 08:29	134104	------w-	c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-7-28 813584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-07-20 11:28	72208	------w-	c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk

backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Rainmeter.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Rainmeter.lnk

backup=c:\windows\pss\Rainmeter.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Luke^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

path=c:\documents and settings\Luke\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Luke^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]

path=c:\documents and settings\Luke\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Luke^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]

path=c:\documents and settings\Luke\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk

backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Luke^Start Menu^Programs^Startup^Rainmeter.lnk]

path=c:\documents and settings\Luke\Start Menu\Programs\Startup\Rainmeter.lnk

backup=c:\windows\pss\Rainmeter.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59	937920	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 02:44	500208	------w-	c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-02-22 03:57	406992	----a-w-	c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2008-06-19 08:20	57344	----a-w-	c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2011-10-06 01:52	59240	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-09-27 06:22	59240	------w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 00:12	15360	----a-w-	c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2004-08-10 04:04	59392	----a-w-	c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESL Wire]

2011-05-16 12:02	2759680	----a-w-	c:\program files\EslWire\wire.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]

2011-09-02 17:25	137536	----atw-	c:\documents and settings\Luke\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GAINWARD]

2009-05-12 15:43	2181672	----a-w-	c:\program files\EXPERTool\TBPANEL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 11:44	31072	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-11-13 00:24	421736	------w-	c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]

2009-06-17 16:55	55824	----a-w-	c:\windows\KHALMNPR.Exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2011-08-31 17:00	449608	----a-w-	c:\program files\avtools\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12	1695232	------w-	c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 22:12	3872080	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2010-10-16 12:05	13851752	----a-w-	c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]

2007-09-04 19:25	81920	----a-w-	c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2010-10-16 12:05	110696	----a-w-	c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2010-08-26 00:12	1753192	----a-w-	c:\program files\NVIDIA Corporation\nView\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 14:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-01-13 06:37	18084864	----a-w-	c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-08-02 11:50	1242448	----a-w-	c:\program files\Steam\steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 10:43	248040	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 12:37	517096	----a-w-	c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"avg9emc"=2 (0x2)

"ES lite Service"=2 (0x2)

"idsvc"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"NIHardwareService"=2 (0x2)

"GoToAssist"=3 (0x3)

"nvsvc"=2 (0x2)

"PnkBstrB"=2 (0x2)

"PnkBstrA"=2 (0x2)

"nTuneService"=2 (0x2)

"gupdate"=2 (0x2)

"SwitchBoard"=3 (0x3)

"iPod Service"=3 (0x3)

"Bonjour Service"=2 (0x2)

"LBTServ"=3 (0x3)

"RoxWatch9"=2 (0x2)

"RoxMediaDB9"=3 (0x3)

"RoxLiveShare9"=2 (0x2)

"Roxio Upnp Server 9"=2 (0x2)

"Roxio UPnP Renderer 9"=3 (0x3)

"MsMpSvc"=2 (0x2)

"IDriverT"=3 (0x3)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"Microsoft Office Groove Audit Service"=3 (0x3)

"gupdatem"=3 (0x3)

"Futuremark SystemInfo Service"=3 (0x3)

"MBAMService"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Steam\\steamapps\\fpsa_joe\\half-life 2 deathmatch\\hl2.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Gigabyte\\EasySaver\\UpdExe.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Steam\\steamapps\\fpsa_joe\\Files\\hl2.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=

"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=

"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Counter-Strike CS 1.6 p47\\hl.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\bin\\SDKLauncher.exe"=

"c:\\Program Files\\EslWire\\wire.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Documents and Settings\\Luke\\My Documents\\EasyAntiCheat.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\far cry 2\\bin\\FarCry2.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2Editor.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2BenchmarkTool.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2ServerLauncher.exe"=

"c:\\Documents and Settings\\Luke\\Application Data\\Spotify\\spotify.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=

"c:\\Documents and Settings\\Luke\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Steam\\steamapps\\fpsa_joe\\counter-strike source\\hl2.exe"=

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21/11/2010 20:10 691696]

R1 MpKsl47a44122;MpKsl47a44122;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsl47a44122.sys [20/11/2011 15:13 28752]

R1 MpKsl6eb43773;MpKsl6eb43773;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsl6eb43773.sys [20/11/2011 15:39 28752]

R1 MpKsl8947e815;MpKsl8947e815;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsl8947e815.sys [20/11/2011 15:49 28752]

R2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [26/04/2011 18:42 812448]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [28/07/2010 12:05 10384]

R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [15/06/2010 16:18 24504]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/01/2008 10:06 21632]

R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24/02/2005 11:29 162176]

S1 MpKsl00c2d549;MpKsl00c2d549;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3B92A6A4-A384-4B98-B5C5-9B5CE8CBE549}\MpKsl00c2d549.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3B92A6A4-A384-4B98-B5C5-9B5CE8CBE549}\MpKsl00c2d549.sys [?]

S1 MpKsl0d695580;MpKsl0d695580;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FCD0E57-E1C9-4515-9791-213C545EEBA0}\MpKsl0d695580.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FCD0E57-E1C9-4515-9791-213C545EEBA0}\MpKsl0d695580.sys [?]

S1 MpKsl17749a49;MpKsl17749a49;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8909F0E7-9B7D-41E8-9C91-4ED81F4E06A2}\MpKsl17749a49.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8909F0E7-9B7D-41E8-9C91-4ED81F4E06A2}\MpKsl17749a49.sys [?]

S1 MpKsl179b2631;MpKsl179b2631;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1A251ED5-FC02-48A7-B895-3856AECBACCC}\MpKsl179b2631.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1A251ED5-FC02-48A7-B895-3856AECBACCC}\MpKsl179b2631.sys [?]

S1 MpKsl267a0e02;MpKsl267a0e02;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C9AED3C-B071-4FB2-97B2-DB40E055F903}\MpKsl267a0e02.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C9AED3C-B071-4FB2-97B2-DB40E055F903}\MpKsl267a0e02.sys [?]

S1 MpKsl324be67f;MpKsl324be67f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{52D19512-BC21-43F9-88A6-7EDF3FC724EA}\MpKsl324be67f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{52D19512-BC21-43F9-88A6-7EDF3FC724EA}\MpKsl324be67f.sys [?]

S1 MpKsl52b8d859;MpKsl52b8d859;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsl52b8d859.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsl52b8d859.sys [?]

S1 MpKsl67ec0ac3;MpKsl67ec0ac3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFDAD207-B16C-4C85-AD32-42FF9EEB11BF}\MpKsl67ec0ac3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFDAD207-B16C-4C85-AD32-42FF9EEB11BF}\MpKsl67ec0ac3.sys [?]

S1 MpKsl7a394dd8;MpKsl7a394dd8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9745229F-945A-4766-AF55-056C426EB9F6}\MpKsl7a394dd8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9745229F-945A-4766-AF55-056C426EB9F6}\MpKsl7a394dd8.sys [?]

S1 MpKsl7b6f8baf;MpKsl7b6f8baf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F9B0DDB2-511D-4597-BFE4-F1B8C80971EA}\MpKsl7b6f8baf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F9B0DDB2-511D-4597-BFE4-F1B8C80971EA}\MpKsl7b6f8baf.sys [?]

S1 MpKsl7bdf0480;MpKsl7bdf0480;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsl7bdf0480.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsl7bdf0480.sys [?]

S1 MpKsl89c2937f;MpKsl89c2937f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F7F4B132-0D36-4C13-869B-5F21C1DD3230}\MpKsl89c2937f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F7F4B132-0D36-4C13-869B-5F21C1DD3230}\MpKsl89c2937f.sys [?]

S1 MpKsl907d3de4;MpKsl907d3de4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEF721ED-6794-42F3-8B85-7374447906F1}\MpKsl907d3de4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEF721ED-6794-42F3-8B85-7374447906F1}\MpKsl907d3de4.sys [?]

S1 MpKsl9242fa22;MpKsl9242fa22;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12330854-4B6B-4F59-B8F2-FF35B25A65E3}\MpKsl9242fa22.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12330854-4B6B-4F59-B8F2-FF35B25A65E3}\MpKsl9242fa22.sys [?]

S1 MpKsla2a642b2;MpKsla2a642b2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsla2a642b2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsla2a642b2.sys [?]

S1 MpKsla5fbc918;MpKsla5fbc918;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7122FF2-6BE4-4BD9-BCED-B9E0DEFCF2DA}\MpKsla5fbc918.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7122FF2-6BE4-4BD9-BCED-B9E0DEFCF2DA}\MpKsla5fbc918.sys [?]

S1 MpKslc782cd0a;MpKslc782cd0a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKslc782cd0a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKslc782cd0a.sys [?]

S1 MpKsld181c6cf;MpKsld181c6cf;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E25B2A99-6F79-4F18-B99A-1DEFADC711DE}\MpKsld181c6cf.sys [20/11/2011 12:03 28752]

S1 MpKsld86a48f5;MpKsld86a48f5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1C243C9-245A-439E-B7D5-4DA2019FB552}\MpKsld86a48f5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1C243C9-245A-439E-B7D5-4DA2019FB552}\MpKsld86a48f5.sys [?]

S1 MpKsldbb2022a;MpKsldbb2022a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC5AF520-6062-4257-80A4-89A8850E08F4}\MpKsldbb2022a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC5AF520-6062-4257-80A4-89A8850E08F4}\MpKsldbb2022a.sys [?]

S1 MpKsle0813d7a;MpKsle0813d7a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1C243C9-245A-439E-B7D5-4DA2019FB552}\MpKsle0813d7a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1C243C9-245A-439E-B7D5-4DA2019FB552}\MpKsle0813d7a.sys [?]

S1 MpKslea8937c0;MpKslea8937c0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3909BD3A-0BA5-4317-8E9C-86E3DC906340}\MpKslea8937c0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3909BD3A-0BA5-4317-8E9C-86E3DC906340}\MpKslea8937c0.sys [?]

S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]

S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys --> c:\windows\system32\DRIVERS\JakNDis.sys [?]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03/06/2010 17:09 22216]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [01/12/2009 14:49 34384]

S4 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [28/11/2009 15:32 68136]

S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [28/04/2011 11:26 129440]

S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [04/08/2010 17:24 136176]

S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [04/08/2010 17:24 136176]

S4 MBAMService;MBAMService;c:\program files\avtools\mbamservice.exe [03/06/2010 17:09 366152]

S4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL8947E815

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-31 c:\windows\Tasks\AdobeAAMUpdater-1.0-LUKE-PC-Luke.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-08-30 02:44]

.

2011-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]

.

2011-11-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1957994488-1547161642-839522115-1003Core.job

- c:\documents and settings\Luke\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-09-02 17:25]

.

2011-11-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1957994488-1547161642-839522115-1003UA.job

- c:\documents and settings\Luke\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-09-02 17:25]

.

2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 17:24]

.

2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 17:24]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.co.uk/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab

FF - ProfilePath - c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\ufeh6p3v.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851561&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-20 15:50

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ... 

.

scanning hidden files ...  

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1957994488-1547161642-839522115-1003\Software\SecuROM\License information*]

"datasecu"=hex:82,2b,14,32,3c,f5,f0,71,ff,c9,ac,0b,07,ec,1c,9c,03,82,e2,e6,8e,

   6b,86,26,1a,6f,7f,fb,16,b2,00,0e,33,a1,14,25,4f,28,3d,6c,21,72,2f,87,fb,52,\

"rkeysecu"=hex:fc,87,3e,42,2c,41,75,b1,ea,24,b3,83,07,50,e5,09

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(904)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

.

- - - - - - - > 'explorer.exe'(3232)

c:\windows\system32\WININET.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\windows\System32\PAStiSvc.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

.

**************************************************************************

.

Completion time: 2011-11-20  15:54:21 - machine was rebooted

ComboFix-quarantined-files.txt  2011-11-20 15:54

ComboFix2.txt  2011-11-20 15:19

.

Pre-Run: 340,022,599,680 bytes free

Post-Run: 340,000,239,616 bytes free

.

- - End Of File - - 1E1F051F7BF36A228458D77187C458E6


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now try to update MBAM please
  • 0

Advertisements


#11
LukeMcD

LukeMcD

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Updated, and I can access the site. Is everything gone or is there more? Thanks a lot so far, much appreciated
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the malwarebytes log when it has completed and let me know of any outstanding problems

Also could you confirm that windows updates works
  • 0

#13
LukeMcD

LukeMcD

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
didn't realise you wanted another mbam scan, here it is:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8199

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20/11/2011 16:45:40
mbam-log-2011-11-20 (16-45-40).txt

Scan type: Quick scan
Objects scanned: 177237
Time elapsed: 10 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I don't seem to be having any problems with windows update.

Microsoft Security Essentials still has 1 detected threat but mbam didn't catch anything.
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What is MSE detecting ? Does it give a file name/location ?

Is everything else OK before I remove my tools and tidy up ?
  • 0

#15
LukeMcD

LukeMcD

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
win32.ramnit.af

i can't see any other problems and it hasnt been popping up lots asking me to clean it so maybe it's gone

Edited by LukeMcD, 20 November 2011 - 11:01 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP