Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

WIN32.TDSS.rtk infection [Solved]

Started by NickH , Aug 30 2009 12:53 AM

This topic is locked

#1
NickH

Posted 30 August 2009 - 12:53 AM

Member

Member
36 posts

Having followed the steps laid out in the Malware & Spyware Cleaning Guide, I'm hoping one of you good people can help me here. SpyBot spotted this thing but clearly can't remove it. The logs requested are posted below - thanks in anticipation, Nick

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/29 20:07
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\1394BUS.SYS
Address: 0xF77AB000 Size: 57344 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF773C000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xF7BA7000 Size: 11648 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xF3236000 Size: 138496 File Visible: - Signed: -
Status: -

Name: aliide.sys
Image Path: aliide.sys
Address: 0xF7C8F000 Size: 5248 File Visible: - Signed: -
Status: -

Name: amdk7.sys
Image Path: C:\WINDOWS\System32\DRIVERS\amdk7.sys
Address: 0xF799B000 Size: 37760 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF76D6000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBFA0B000 Size: 229376 File Visible: - Signed: -
Status: -

Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF9D5000 Size: 221184 File Visible: - Signed: -
Status: -

Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xF67FA000 Size: 815104 File Visible: - Signed: -
Status: -

Name: ati3d1ag.dll
Image Path: C:\WINDOWS\System32\ati3d1ag.dll
Address: 0xBFA43000 Size: 872448 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xF7DA9000 Size: 3072 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\BATTC.SYS
Address: 0xF7BA3000 Size: 16384 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7B9B000 Size: 12288 File Visible: - Signed: -
Status: -

Name: caliaud.sys
Image Path: C:\WINDOWS\system32\drivers\caliaud.sys
Address: 0xF673E000 Size: 291328 File Visible: - Signed: -
Status: -

Name: calihal.sys
Image Path: C:\WINDOWS\system32\drivers\calihal.sys
Address: 0xF6786000 Size: 244608 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF01E9000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF79FB000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF77EB000 Size: 53248 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\CmBatt.sys
Address: 0xF7C87000 Size: 13952 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF7B9F000 Size: 10240 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF77DB000 Size: 36352 File Visible: - Signed: -
Status: -

Name: DP83815.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\DP83815.SYS
Address: 0xF7AD3000 Size: 18432 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF79BB000 Size: 61440 File Visible: - Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF6333000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7EAF000 Size: 4096 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xF7AC3000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF785B000 Size: 44544 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Address: 0xF7B6B000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF76B6000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7D07000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF76EE000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xF783B000 Size: 40960 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EE000 Size: 81152 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF7B8B000 Size: 28672 File Visible: - Signed: -
Status: -

Name: HSF_CNXT.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Address: 0xF6506000 Size: 703232 File Visible: - Signed: -
Status: -

Name: HSF_DPV.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
Address: 0xF65B2000 Size: 1038208 File Visible: - Signed: -
Status: -

Name: HSFHWALI.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSFHWALI.sys
Address: 0xF66B0000 Size: 205696 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xEF443000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xF79CB000 Size: 52480 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\imapi.sys
Address: 0xF79EB000 Size: 42112 File Visible: - Signed: -
Status: -

Name: ip6fw.sys
Image Path: C:\WINDOWS\system32\drivers\ip6fw.sys
Address: 0xF798B000 Size: 36608 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xF32EB000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xF33CA000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF778B000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF7AB3000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7C8B000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xEE8F7000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xF66F7000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF768D000 Size: 92928 File Visible: - Signed: -
Status: -

Name: Lbd.sys
Image Path: Lbd.sys
Address: 0xF77FB000 Size: 57472 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0xEFF8F000 Size: 12672 File Visible: - Signed: -
Status: -

Name: mfeapfk.sys
Image Path: C:\WINDOWS\system32\drivers\mfeapfk.sys
Address: 0xEFEC7000 Size: 57376 File Visible: - Signed: -
Status: -

Name: mfeavfk.sys
Image Path: C:\WINDOWS\system32\drivers\mfeavfk.sys
Address: 0xF3CAA000 Size: 65280 File Visible: - Signed: -
Status: -

Name: mfebopk.sys
Image Path: C:\WINDOWS\system32\drivers\mfebopk.sys
Address: 0xF2145000 Size: 27168 File Visible: - Signed: -
Status: -

Name: mfehidk.sys
Image Path: C:\WINDOWS\system32\drivers\mfehidk.sys
Address: 0xEFD0F000 Size: 163424 File Visible: - Signed: -
Status: -

Name: mferkdk.sys
Image Path: C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
Address: 0xF7A4B000 Size: 24960 File Visible: - Signed: -
Status: -

Name: mfetdik.sys
Image Path: C:\WINDOWS\system32\drivers\mfetdik.sys
Address: 0xF797B000 Size: 45152 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7D09000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF7ACB000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xF7ABB000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF77BB000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xF02D9000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xF3106000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF7A33000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xF78CB000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xF7560000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF75A5000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF75D3000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xF7570000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xF047A000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xF6498000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF6DF6000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xF79AB000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xF32C3000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7A3B000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7600000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7E50000 Size: 2944 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF779B000 Size: 61696 File Visible: - Signed: -
Status: -

Name: OPRGHDLR.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
Address: 0xF7D53000 Size: 4096 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\System32\DRIVERS\parport.sys
Address: 0xF66E3000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF7A13000 Size: 19712 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF7D23000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF772B000 Size: 68224 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF7A0B000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pcmcia.sys
Image Path: pcmcia.sys
Address: 0xF770D000 Size: 120192 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF671A000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xF6487000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xF7AE3000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF780B000 Size: 37056 File Visible: - Signed: -
Status: -

Name: RapportKELL.sys
Image Path: C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys
Address: 0xF784B000 Size: 51968 File Visible: - Signed: -
Status: -

Name: RapportPG.sys
Image Path: C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
Address: 0xF3176000 Size: 233728 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xF68D5000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xF789B000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xF78AB000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xF78BB000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xF7AEB000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xF31B0000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7D0B000 Size: 4224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xF782B000 Size: 57600 File Visible: - Signed: -
Status: -

Name: RootMdm.sys
Image Path: C:\WINDOWS\System32\Drivers\RootMdm.sys
Address: 0xF7CD3000 Size: 5888 File Visible: - Signed: -
Status: -

Name: rootrepeal[1].sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal[1].sys
Address: 0xEE922000 Size: 49152 File Visible: No Signed: -
Status: -

Name: RT61.sys
Image Path: C:\WINDOWS\system32\DRIVERS\RT61.sys
Address: 0xF64AF000 Size: 352768 File Visible: - Signed: -
Status: -

Name: SCDEmu.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCDEmu.SYS
Address: 0xF7A43000 Size: 30560 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xF7C7F000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xF79DB000 Size: 64512 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF76A4000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srescan.sys
Image Path: srescan.sys
Address: 0xF75BF000 Size: 81920 File Visible: No Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xF0147000 Size: 333952 File Visible: - Signed: -
Status: -

Name: ss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ss.sys
Address: 0xF7AF3000 Size: 19968 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF7CD5000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xF2FDC000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xF3371000 Size: 361600 File Visible: - Signed: -
Status: -

Name: tcpip6.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip6.sys
Address: 0xF3339000 Size: 225856 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF7ADB000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xF78DB000 Size: 40704 File Visible: - Signed: -
Status: -

Name: truecrypt.sys
Image Path: C:\WINDOWS\System32\drivers\truecrypt.sys
Address: 0xF3203000 Size: 208512 File Visible: - Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tunmp.sys
Address: 0xF7C7B000 Size: 12288 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xF6429000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xF7CFD000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xF790B000 Size: 59520 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbohci.sys
Address: 0xF7AAB000 Size: 17152 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xF67C2000 Size: 147456 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7B93000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF67E6000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF77CB000 Size: 52352 File Visible: - Signed: -
Status: -

Name: vsdatant.sys
Image Path: C:\WINDOWS\System32\vsdatant.sys
Address: 0xF3258000 Size: 438272 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xF786B000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF7B7B000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xEF6B2000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xF7C8D000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Malwarebytes' Anti-Malware 1.40
Database version: 2712
Windows 5.1.2600 Service Pack 3

29/08/2009 20:28:44
mbam-log-2009-08-29 (20-28-44).txt

Scan type: Quick Scan
Objects scanned: 110448
Time elapsed: 12 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\kbiwkmhoymodqb.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmwtgenmod.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\kbiwkmxoyibqux.sys (Trojan.TDSS) -> Delete on reboot.

OTL logfile created on: 29/08/2009 20:11:46 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = D:\My Documents\Technical
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.48 Mb Total Physical Memory | 359.46 Mb Available Physical Memory | 35.43% Memory free
919.56 Mb Paging File | 387.72 Mb Available in Paging File | 42.16% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 4.81 Gb Free Space | 24.04% Space Free | Partition Type: NTFS
Drive D: | 17.25 Gb Total Space | 16.30 Gb Free Space | 94.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICHOLAS-8H08K5
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2004/05/15 18:27:50 | 00,397,312 | ---- | M] () -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2009/02/16 01:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe
PRC - [2009/06/29 12:43:25 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2007/09/11 01:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/11/23 09:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2009/07/25 06:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/20 11:52:13 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2006/12/19 12:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/02/22 21:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2007/02/22 21:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/12/19 12:27:54 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2007/06/29 14:23:32 | 00,053,248 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\IoctlSvc.exe
PRC - [2009/06/25 12:35:08 | 00,664,808 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2002/08/29 14:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2009/02/06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/04/14 02:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/06/25 12:35:08 | 01,135,848 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2006/07/20 07:55:42 | 01,617,920 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D9010\Belkinwcui.exe
PRC - [2005/01/19 11:05:48 | 00,221,184 | ---- | M] (Labtec Inc.) -- C:\WINDOWS\System32\LVCOMSX.EXE
PRC - [2009/01/13 15:48:24 | 00,632,048 | ---- | M] (eBay Inc.) -- C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
PRC - [2009/06/29 12:43:35 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/02/16 01:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/10/25 12:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007/02/22 21:50:00 | 00,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
PRC - [2006/12/19 12:27:00 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/07/25 06:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/06/23 17:05:46 | 00,176,128 | ---- | M] () -- C:\Documents and Settings\Nick\Application Data\Transcend\SJelite3\SJelite3Launch.exe
PRC - [2006/12/19 16:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/29 10:35:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/08/29 20:10:55 | 00,514,048 | ---- | M] (OldTimer Tools) -- D:\My Documents\Technical\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/06/25 17:28:08 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2007/09/11 01:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0 [Auto | Running])
SRV - File not found -- -- (AdobeAdobeActiveFileMonitor6.0 [Auto | Stopped])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2004/05/15 18:27:50 | 00,397,312 | ---- | M] () -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - File not found -- -- (BOCore [Disabled | Stopped])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/11/23 09:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
SRV - [2005/09/29 18:02:26 | 00,491,520 | ---- | M] ( ) -- C:\WINDOWS\System32\dlcfcoms.exe -- (dlcf_device [On_Demand | Stopped])
SRV - [2008/03/22 14:57:08 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/07/20 11:52:13 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate [Auto | Stopped])
SRV - [2008/04/14 02:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/07/25 06:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/06/29 12:43:25 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2006/12/19 12:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Unknown | Running])
SRV - [2007/02/22 21:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2007/02/22 21:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager [Unknown | Running])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2008/10/25 12:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/11/04 02:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/06/29 14:23:32 | 00,053,248 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])
SRV - [2003/03/09 22:31:02 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2009/06/25 12:35:08 | 00,664,808 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService [Auto | Running])
SRV - [2007/02/10 06:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Stopped])
SRV - [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2009/02/16 01:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/18 22:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.1:8080

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/11 09:36:26 | 00,000,000 | ---D | M]

O1 HOSTS File: (288070 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 171203.com
O1 - Hosts: 127.0.0.1 17-plus.com
O1 - Hosts: 9953 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4dfb-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll (eBay Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll (eBay Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe (eBay Inc.)
O4 - HKLM..\Run: [F5D9010] C:\Program Files\Belkin\F5D9010\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE (Labtec Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [SJelite3Launch] C:\Documents and Settings\Nick\Application Data\Transcend\SJelite3\SJelite3Launch.exe ()
O4 - Startup: C:\Documents and Settings\Nick\Start Menu\Programs\Startup\AutorunsDisabled [2009/08/02 11:44:50 | 00,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} http://h30155.www3.h...tallMgr_v01.cab (FixController Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1161077009831 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1161078116030 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kaplanprofes...ing/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/17 10:15:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1b6255e0-600c-11db-b27d-000bcd34573b}\Shell - "" = AutoRun
O33 - MountPoints2\{1b6255e0-600c-11db-b27d-000bcd34573b}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/08/29 20:04:41 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\settings.dat
[2009/08/29 20:00:45 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\NTREGOPT.lnk
[2009/08/29 20:00:45 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\ERUNT.lnk
[2009/08/29 19:34:24 | 00,000,468 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Geeks-to-Go!.url
[2009/08/29 19:20:20 | 10,638,33600 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/29 16:59:48 | 00,000,960 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/28 10:26:29 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/08/28 10:25:52 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/08/16 17:44:40 | 00,000,284 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\SJelite3.lnk
[2009/08/16 17:42:52 | 00,053,248 | ---- | C] (Prolific Technology Inc.) -- C:\WINDOWS\System32\IoctlSvc.exe
[2009/08/16 17:03:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\Transcend

========== Files - Modified Within 14 Days ==========

[2009/08/29 20:08:15 | 00,000,468 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Geeks-to-Go!.url
[2009/08/29 20:04:41 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\settings.dat
[2009/08/29 20:00:45 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\NTREGOPT.lnk
[2009/08/29 20:00:45 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\ERUNT.lnk
[2009/08/29 19:57:41 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/08/29 19:45:37 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/29 19:45:20 | 00,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/29 19:43:56 | 00,350,197 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/08/29 19:41:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/29 19:40:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/29 19:40:53 | 10,638,33600 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/29 19:18:47 | 00,000,960 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/08/29 17:33:31 | 00,000,356 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\ViaMichelin.url
[2009/08/29 10:13:54 | 00,000,276 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Yahoo! Mail.url
[2009/08/28 09:59:42 | 00,000,194 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\KOL WELCOME.url
[2009/08/24 12:42:42 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/23 13:00:02 | 00,000,386 | ---- | M] () -- C:\WINDOWS\tasks\GBM - Easy Layout Backup Job-Full.job
[2009/08/23 12:08:35 | 00,000,392 | ---- | M] () -- C:\WINDOWS\tasks\Schedule Task Weekly.job
[2009/08/16 19:33:06 | 00,120,832 | ---- | M] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/16 17:44:40 | 00,000,284 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\SJelite3.lnk
[2009/08/16 17:00:41 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\ccleaner.lnk

========== LOP Check ==========

[2009/07/28 20:01:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/13 15:25:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/01/11 08:51:33 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2009/03/15 12:28:43 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/12 13:52:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/01/10 23:29:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
[2007/10/07 19:21:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2007/05/24 23:01:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOC423
[2009/01/04 11:59:57 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2007/10/26 17:46:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2009/01/11 08:54:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2007/11/11 21:54:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2007/08/19 22:20:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2008/03/22 15:09:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/03/19 14:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Genie-Soft
[2007/05/17 19:13:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2007/10/17 10:00:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/03/21 12:34:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau
[2008/10/11 10:26:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/05/05 21:17:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\r2 Studios
[2009/01/04 12:28:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/08/24 01:07:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/26 16:07:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2008/12/07 19:40:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\USBSRService
[2009/01/17 22:50:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2007/01/20 18:56:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/08/18 23:43:20 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Nick\Application Data
[2007/03/12 11:33:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\ArcSoft
[2009/08/19 17:43:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Azureus
[2009/04/01 14:29:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Canon
[2009/02/22 22:59:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/02/21 10:36:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\eBay
[2007/06/22 16:36:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\FreeCommander
[2009/03/19 14:23:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Genie-soft
[2006/10/20 11:08:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\InterVideo
[2009/04/18 10:32:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\JGoodies
[2006/10/17 14:27:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Leadertech
[2008/10/11 10:26:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\NCH Swift Sound
[2007/06/27 18:02:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Opera
[2007/05/05 21:17:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\r2 Studios
[2009/01/04 12:28:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\ScanSoft
[2009/08/16 17:03:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Transcend
[2009/02/02 23:41:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\TrueCrypt
[2009/06/26 16:07:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Trusteer
[2009/01/11 08:51:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Uniblue
[2008/12/07 19:40:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\USBSafelyRemove
[2007/05/05 13:36:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Video DVD Maker FREE
[2009/07/30 21:14:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\webex
[2007/02/26 12:37:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\WholeSecurity
[2009/08/24 12:42:42 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2002/08/29 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/23 13:00:02 | 00,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\GBM - Easy Layout Backup Job-Full.job
[2009/08/29 19:45:20 | 00,000,878 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/08/29 19:57:41 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/08/29 19:41:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/08/23 12:08:35 | 00,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\Schedule Task Weekly.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2008/09/07 19:34:53 | 00,261,542 | ---- | M] () -- C:\LISTool.exe

< %systemroot%\system32\eventlog.dll >
[2008/04/14 02:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/14 02:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

OTL Extras logfile created on: 29/08/2009 20:11:46 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = D:\My Documents\Technical
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.48 Mb Total Physical Memory | 359.46 Mb Available Physical Memory | 35.43% Memory free
919.56 Mb Paging File | 387.72 Mb Available in Paging File | 42.16% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 4.81 Gb Free Space | 24.04% Space Free | Partition Type: NTFS
Drive D: | 17.25 Gb Total Space | 16.30 Gb Free Space | 94.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICHOLAS-8H08K5
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"14097:TCP" = 14097:TCP:*:Enabled:BitComet 14097 TCP
"14097:UDP" = 14097:UDP:*:Enabled:BitComet 14097 UDP
"50001:TCP" = 50001:TCP:*:Enabled:BitComet 50001 TCP
"50001:UDP" = 50001:UDP:*:Enabled:BitComet 50001 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03B1BBDC-7FAA-4A03-9988-A85428BAD382}" = Sun ODF Plugin for Microsoft Office 3.0
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP810" = Canon MP810
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1965C9BB-9114-4A50-AEC7-E62414BB117B}" = EASEUS Data Recovery Wizard Professional 4.3.6
"{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}" = Diskeeper Professional Premier Edition
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{3DB5FD00-BB93-4AF3-B925-77DAA0E4E2F4}" = eBay Toolbar
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4915A273-16A5-42E7-B258-65BD92862D2E}_is1" = Genie Backup Manager Pro 8.0
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90885A82-9673-49EA-AB39-AF776639C67C}" = InterVideo WinDVD 7
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97480A25-F284-42B6-A453-7F39E30D6DB0}" = EASEUS Photo Recovery 2.1.1
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43D5F06-45CC-4040-B85E-AB993D13D73D}" = Belkin Wireless G Plus MIMO Notebook Card
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.82
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BF45F502-D3F2-4E7C-91D8-9AA5A8141D08}" = Labtec WebCam Software
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E5E200BA-B573-4F3F-A1DE-DC034A907F04}" = Network Recording Player
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BBC The French Experience" = BBC The French Experience
"Canon MP810 User Registration" = Canon MP810 User Registration
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C" = Conexant 56K ACLink Modem
"Conexant PCI Audio" = Conexant AC-Link Audio
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Dell Color Printer 725" = Dell Color Printer 725
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"filehippo.com" = filehippo.com Update Checker
"FLAC" = FLAC 1.2.0a (remove only)
"FlashDiskManager" = FlashDiskManager V1.2.3
"HP OfficeJet-PSC Scrubber" = HP OfficeJet/PSC Scrubber
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InterActual Player" = InterActual Player
"JDiskReport 1.3.1" = JGoodies JDiskReport 1.3.1
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Money2005b" = Microsoft Money
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PowerISO" = PowerISO
"Prism" = Prism Video Converter
"QcDrv" = Labtec® Camera Driver
"Rapport_is1" = Rapport
"RealPlayer 6.0" = RealPlayer
"Switch" = Switch Sound File Converter
"Total Uninstall 5_is1" = Total Uninstall 5.0.1
"TrueCrypt" = TrueCrypt
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"UNINSTALL KEY" = Font Installer
"Vuze" = Vuze
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZoneAlarm" = ZoneAlarm
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29/08/2009 10:47:41 | Computer Name = NICHOLAS-8H08K5 | Source = Google Update | ID = 20
Description =

Error - 29/08/2009 10:57:49 | Computer Name = NICHOLAS-8H08K5 | Source = Google Update | ID = 20
Description =

Error - 29/08/2009 11:22:58 | Computer Name = NICHOLAS-8H08K5 | Source = Google Update | ID = 20
Description =

Error - 29/08/2009 11:26:23 | Computer Name = NICHOLAS-8H08K5 | Source = Google Update | ID = 20
Description =

Error - 29/08/2009 11:57:45 | Computer Name = NICHOLAS-8H08K5 | Source = Google Update | ID = 20
Description =

Error - 29/08/2009 13:22:18 | Computer Name = NICHOLAS-8H08K5 | Source = Google Update | ID = 20
Description =

Error - 29/08/2009 13:31:43 | Computer Name = NICHOLAS-8H08K5 | Source = Google Update | ID = 20
Description =

Error - 29/08/2009 13:44:23 | Computer Name = NICHOLAS-8H08K5 | Source = Google Update | ID = 20
Description =

Error - 29/08/2009 13:50:01 | Computer Name = NICHOLAS-8H08K5 | Source = Google Update | ID = 20
Description =

Error - 29/08/2009 13:57:41 | Computer Name = NICHOLAS-8H08K5 | Source = Google Update | ID = 20
Description =

[ OSession Events ]
Error - 29/07/2009 11:17:41 | Computer Name = NICHOLAS-8H08K5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 100
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 29/08/2009 13:39:25 | Computer Name = NICHOLAS-8H08K5 | Source = Service Control Manager | ID = 7034
Description = The PLFlash DeviceIoControl Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 29/08/2009 13:39:25 | Computer Name = NICHOLAS-8H08K5 | Source = Service Control Manager | ID = 7034
Description = The Rapport Management Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 29/08/2009 13:39:25 | Computer Name = NICHOLAS-8H08K5 | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).

Error - 29/08/2009 13:39:25 | Computer Name = NICHOLAS-8H08K5 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 29/08/2009 13:39:37 | Computer Name = NICHOLAS-8H08K5 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the dlcf_device service to
connect.

Error - 29/08/2009 13:39:37 | Computer Name = NICHOLAS-8H08K5 | Source = Service Control Manager | ID = 7000
Description = The dlcf_device service failed to start due to the following error:
%%1053

Error - 29/08/2009 13:39:37 | Computer Name = NICHOLAS-8H08K5 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service dlcf_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}

Error - 29/08/2009 13:39:44 | Computer Name = NICHOLAS-8H08K5 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service dlcf_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}

Error - 29/08/2009 13:42:20 | Computer Name = NICHOLAS-8H08K5 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the SQL Server VSS Writer
service to connect.

Error - 29/08/2009 13:42:20 | Computer Name = NICHOLAS-8H08K5 | Source = Service Control Manager | ID = 7000
Description = The SQL Server VSS Writer service failed to start due to the following
error: %%1053

< End of report >

Edited by NickH, 30 August 2009 - 01:00 AM.

#2
Transience

Posted 04 September 2009 - 07:32 PM

Unofficial Music Guru

Retired Staff
2,448 posts

Hello and welcome to Geeks to Go! I'm Dave and I'll be helping you out. Let's get started:

Please go to the GMER Rootkit Scanner Download Site.

Click on the Download EXE button.
The file you are downloading will have a random name in order to circumvent the attempts of malware to block it from running.
Take note of the name of the file (please don't change it), and then save it directly to your desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click on the file you downloaded (Vista users please right-click it and select Run as Administrator). The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure that the "Show all" box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity, don't worry.
Click Ok.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it to a location where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Then:

Please visit this webpage for download links and instructions for running ComboFix:

http://www.bleepingc...to-use-combofix

Click on any of the links at that website to download ComboFix. At the window that appears, please change the name of the file from ComboFix to svchost. This name is important and must be exactly as I have given it to you here. Once you have changed the name, save the renamed file directly to your desktop.

Return to the above link and continue with the instructions provided there for running ComboFix. Be sure that you read ALL of the instructions on that page carefully and follow them exactly. It is particularly important to disable all your protection programs before running ComboFix. If you need further help figuring out how to disable a specific program look here for instructions. Installing the recovery console if you're running an XP machine is another critical step. Although these prelimiary steps may seem unnecessary, by following the directions in that guide closely you give ComboFix the best possible chance at a successful run and minimize the likelihood of having serious problems occur after an attempted removal of malware.

Once the program has finished running its log should pop up automatically, or if for some reason you lose it it can found at C:\ComboFix.txt. Please post the log's contents in your next reply.

Cheers,
Dave

#3
NickH

Posted 05 September 2009 - 01:01 PM

Member

Topic Starter
Member
36 posts

Hi Dave,

Great to see you on my case and with Hendrix at the helm, we can't fail!

Things have got worse on my laptop to the point where it only operates in Safe Mode, so I'm mailing you from another PC. I've now lost internet access on the laptop - this only happened after running ComboFix.

So I've done what asked - reports are below. Looking forward to hearing from you again.

All best,
Nick

GMER 1.0.15.15077 [msqu5zzr.exe] - http://www.gmer.net
Rootkit scan 2009-09-05 13:07:12
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

Code 872A6828 ZwEnumerateKey
Code 872CFF40 ZwFlushInstructionCache
Code 87191C36 ZwSaveKey
Code 8719A216 ZwSaveKeyEx
Code 8719453E IofCallDriver
Code 871980E6 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 87194543
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 871980EB
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 872A682C
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 872CFF44
PAGE ntoskrnl.exe!ZwSaveKey 8064ED72 5 Bytes JMP 87191C3A
PAGE ntoskrnl.exe!ZwSaveKeyEx 8064EE5D 5 Bytes JMP 8719A21A

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[176] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B7000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F71D2B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F71D2930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F71D3260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F71D0E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F71D0E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F71D2B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F71D2930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F71D3260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F71D2B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F71D0E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F71D3260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F71D2930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F71D3260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F71D2930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F71D2B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisRegisterProtocol] [F71D2B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisDeregisterProtocol] [F71D0E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisCloseAdapter] [F71D3260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisOpenAdapter] [F71D2930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F71EBB30] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F71D2B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F71D0E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F71D3260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F71D2930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [F71CB8D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [F71CBA80] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [F71CB5E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [F71CB980] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1308] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [61A5C7E0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1308] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [61A5C7E0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1308] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [61A52910] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1308] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [61A54AD0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1308] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [61A54B20] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1308] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [61A54AE0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [61A5C7E0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1308] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] [7C8841F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1308] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] [7C8841EE] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1308] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] [7C8841F3] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1308] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1308] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] [7C8841F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1308] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1308] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\kbiwkmxoyibqux.sys (*** hidden *** ) [SYSTEM] kbiwkmjntkrpxn <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjntkrpxn
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjntkrpxn@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjntkrpxn@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjntkrpxn@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjntkrpxn@imagepath \systemroot\system32\drivers\kbiwkmxoyibqux.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjntkrpxn\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjntkrpxn\main@aid 10064
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjntkrpxn\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjntkrpxn\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjntkrpxn\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjntkrpxn\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjntkrpxn\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjntkrpxn\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjntkrpxn\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjntkrpxn\[email protected] \systemroot\system32\drivers\kbiwkmxoyibqux.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjntkrpxn\[email protected] \systemroot\system32\kbiwkmwtgenmod.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjntkrpxn\[email protected] \systemroot\system32\kbiwkmpqjctxrf.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjntkrpxn\[email protected] \systemroot\system32\kbiwkmhoymodqb.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjntkrpxn\[email protected] \systemroot\system32\kbiwkmoulkydpu.dat
Reg HKLM\SYSTEM\ControlSet005\Services\kbiwkmjntkrpxn (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\kbiwkmjntkrpxn@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\kbiwkmjntkrpxn@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\kbiwkmjntkrpxn@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\kbiwkmjntkrpxn@imagepath \systemroot\system32\drivers\kbiwkmxoyibqux.sys
Reg HKLM\SYSTEM\ControlSet005\Services\kbiwkmjntkrpxn\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\kbiwkmjntkrpxn\main@aid 10064
Reg HKLM\SYSTEM\ControlSet005\Services\kbiwkmjntkrpxn\main@sid 0
Reg HKLM\SYSTEM\ControlSet005\Services\kbiwkmjntkrpxn\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet005\Services\kbiwkmjntkrpxn\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\kbiwkmjntkrpxn\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\kbiwkmjntkrpxn\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet005\Services\kbiwkmjntkrpxn\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\kbiwkmjntkrpxn\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\kbiwkmjntkrpxn\[email protected] \systemroot\system32\drivers\kbiwkmxoyibqux.sys
Reg HKLM\SYSTEM\ControlSet005\Services\kbiwkmjntkrpxn\[email protected] \systemroot\system32\kbiwkmwtgenmod.dll
Reg HKLM\SYSTEM\ControlSet005\Services\kbiwkmjntkrpxn\[email protected] \systemroot\system32\kbiwkmpqjctxrf.dat
Reg HKLM\SYSTEM\ControlSet005\Services\kbiwkmjntkrpxn\[email protected] \systemroot\system32\kbiwkmhoymodqb.dll
Reg HKLM\SYSTEM\ControlSet005\Services\kbiwkmjntkrpxn\[email protected] \systemroot\system32\kbiwkmoulkydpu.dat
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B867751A-0CF0-D245-0EAF-3250AD1A4586}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B867751A-0CF0-D245-0EAF-3250AD1A4586}@iajglplplboplglffe 0x6B 0x61 0x6F 0x6D ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B867751A-0CF0-D245-0EAF-3250AD1A4586}@hahhnlknabeihphn 0x6B 0x61 0x6E 0x6D ...

---- Files - GMER 1.0.15 ----

File C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\charsets\chartables.bin 578606 bytes
File C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\charsets\classes 0 bytes
File C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\charsets\defaults 0 bytes
File C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\charsets\dialog.ini 75261 bytes
File C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\charsets\english.lng 148120 bytes
File C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\charsets\es262-32.dll 193536 bytes executable
File C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\charsets\hhd.ssr 7746 bytes
File C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\charsets\jsconsole.html 4188 bytes
File C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\charsets\opera.dll 1921024 bytes executable
File C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\charsets\operadef6.ini 47 bytes
File C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\charsets\OUniAnsi.dll 27648 bytes executable
File C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\charsets\plugins 0 bytes
File C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\charsets\skin 0 bytes
File C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\charsets\xmlparse.dll 50176 bytes executable
File C:\Program Files\Adobe\Adobe Bridge\db_support\install\share\charsets\zip.dll 40960 bytes executable
File C:\Documents and Settings\All Users\Application Data\Adobe\Updater\Certs\Application Data 0 bytes
File C:\Documents and Settings\All Users\Application Data\Adobe\Updater\Certs\Desktop 0 bytes
File C:\Documents and Settings\All Users\Application Data\Adobe\Updater\Certs\Documents 0 bytes
File C:\Documents and Settings\All Users\Application Data\Adobe\Updater\Certs\DRM 0 bytes
File C:\Documents and Settings\All Users\Application Data\Adobe\Updater\Certs\Favorites 0 bytes
File C:\Documents and Settings\All Users\Application Data\Adobe\Updater\Certs\ntuser.dat 262144 bytes
File C:\Documents and Settings\All Users\Application Data\Adobe\Updater\Certs\ntuser.dat.LOG 1024 bytes
File C:\Documents and Settings\All Users\Application Data\Adobe\Updater\Certs\Start Menu 0 bytes
File C:\Documents and Settings\All Users\Application Data\Adobe\Updater\Certs\Templates 0 bytes
File C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft OmniPage SE 4.0\Manual\Component Services.lnk 1582 bytes
File C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft OmniPage SE 4.0\Manual\Computer Management.lnk 1602 bytes
File C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft OmniPage SE 4.0\Manual\Data Sources (ODBC).lnk 1596 bytes
File C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft OmniPage SE 4.0\Manual\desktop.ini 476 bytes
File C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft OmniPage SE 4.0\Manual\Event Viewer.lnk 1592 bytes
File C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft OmniPage SE 4.0\Manual\Microsoft .NET Framework 1.1 Configuration.lnk 1107 bytes
File C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft OmniPage SE 4.0\Manual\Microsoft .NET Framework 1.1 Wizards.lnk 1158 bytes
File C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft OmniPage SE 4.0\Manual\Performance.lnk 1591 bytes
File C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft OmniPage SE 4.0\Manual\r2 Studios 0 bytes
File C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft OmniPage SE 4.0\Manual\Services.lnk 1602 bytes
File C:\Documents and Settings\Nick\Application Data\Microsoft\Signatures\Nicholas Hall_files\0 0 bytes
File C:\Documents and Settings\Nick\Application Data\Microsoft\Signatures\Nicholas Hall_files\2620145636 0 bytes
File C:\Documents and Settings\Nick\Application Data\Microsoft\Signatures\Nicholas Hall_files\296750540 0 bytes
File C:\Documents and Settings\Nick\Application Data\Microsoft\Signatures\Nicholas Hall_files\3677192557 0 bytes
File C:\Documents and Settings\Nick\Application Data\Microsoft\Signatures\Nicholas Hall_files\80933665 0 bytes
File C:\Documents and Settings\Nick\Local Settings\Application Data\Apple\Apple Software Update\Application Data 0 bytes
File C:\Documents and Settings\Nick\Local Settings\Application Data\Apple\Apple Software Update\Contacts 0 bytes
File C:\Documents and Settings\Nick\Local Settings\Application Data\Apple\Apple Software Update\Cookies 0 bytes
File C:\Documents and Settings\Nick\Local Settings\Application Data\Apple\Apple Software Update\Desktop 0 bytes
File C:\Documents and Settings\Nick\Local Settings\Application Data\Apple\Apple Software Update\DoctorWeb 0 bytes
File C:\Documents and Settings\Nick\Local Settings\Application Data\Apple\Apple Software Update\Favorites 0 bytes
File C:\Documents and Settings\Nick\Local Settings\Application Data\Apple\Apple Software Update\IECompatCache 0 bytes
File C:\Documents and Settings\Nick\Local Settings\Application Data\Apple\Apple Software Update\IETldCache 0 bytes
File C:\Documents and Settings\Nick\Local Settings\Application Data\Apple\Apple Software Update\Local Settings 0 bytes
File C:\Documents and Settings\Nick\Local Settings\Application Data\Apple\Apple Software Update\My Documents 0 bytes
File C:\Documents and Settings\Nick\Local Settings\Application Data\Apple\Apple Software Update\NetHood 0 bytes
File C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e 0 bytes
File C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\InstallTemp 0 bytes
File C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\Manifests 0 bytes
File C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e 0 bytes
File C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\Policies 0 bytes
File C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a 0 bytes
File C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb 0 bytes
File C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da 0 bytes

---- EOF - GMER 1.0.15 ----

ComboFix 09-09-04.02 - Nick 05/09/2009 16:08.1.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.569 [GMT 2:00]
Running from: c:\documents and settings\Nick\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nick\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\8a4879.msp
c:\windows\Installer\8a488f.msp
c:\windows\Installer\8a48a5.msp
c:\windows\Installer\8a48bb.msp
c:\windows\Installer\8a48e2.msp
c:\windows\Installer\e5dd83.msi
c:\windows\system32\drivers\kbiwkmxoyibqux.sys
c:\windows\system32\drivers\ss.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\drivers\whmqj.sys
c:\windows\system32\kbiwkmhoymodqb.dll
c:\windows\system32\kbiwkmoulkydpu.dat
c:\windows\system32\kbiwkmpqjctxrf.dat
c:\windows\system32\kbiwkmwtgenmod.dll
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kbiwkmjntkrpxn
-------\Legacy_TCPSR
-------\Legacy_YUWZSSFLG
-------\Service_kbiwkmjntkrpxn
-------\Service_yuwzssflg
-------\Service_StreamSurge

((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
.

2009-08-30 14:53 . 2002-08-05 22:14 102912 -c--a-w- c:\windows\system32\Particle Fire.scr
2009-08-28 08:26 . 2009-08-28 08:26 -------- d-----w- c:\program files\iPod
2009-08-28 08:25 . 2009-08-28 08:27 -------- d-----w- c:\program files\iTunes
2009-08-16 15:42 . 2007-06-29 12:23 53248 -c--a-w- c:\windows\system32\IoctlSvc.exe
2009-08-16 15:03 . 2009-08-16 15:03 -------- dc----w- c:\documents and settings\Nick\Application Data\Transcend

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 20:52 . 2007-03-12 19:58 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-04 14:51 . 2006-10-17 12:34 -------- dc----w- c:\documents and settings\Nick\Application Data\Skype
2009-09-04 09:54 . 2007-08-15 17:53 -------- dc----w- c:\program files\Eraser
2009-09-03 20:46 . 2007-11-17 14:21 -------- dc----w- c:\documents and settings\Nick\Application Data\skypePM
2009-08-29 18:00 . 2009-04-04 08:14 -------- d-----w- c:\program files\ERUNT
2009-08-29 13:09 . 2008-02-05 18:51 -------- dc----w- c:\program files\Spybot - Search & Destroy
2009-08-28 08:26 . 2008-08-14 07:38 -------- dc----w- c:\program files\Common Files\Apple
2009-08-26 07:17 . 2009-03-15 19:23 -------- d-----w- c:\program files\Registry Easy
2009-08-19 15:43 . 2007-10-07 17:21 -------- dc----w- c:\documents and settings\Nick\Application Data\Azureus
2009-08-12 22:38 . 2009-04-15 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-10 14:30 . 2008-08-25 00:02 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-09 05:46 . 2008-10-27 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-09 05:45 . 2008-10-27 17:03 -------- dc----w- c:\program files\NOS
2009-08-06 12:41 . 2007-10-07 17:17 -------- dc----w- c:\program files\Java
2009-08-05 09:01 . 2002-08-29 12:00 204800 -c--a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 11:36 . 2008-08-25 00:02 38160 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2008-08-25 00:02 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-07-31 05:35 . 2006-10-24 12:45 -------- dc----w- c:\program files\Google
2009-07-30 19:14 . 2008-10-07 16:41 -------- dc----w- c:\documents and settings\Nick\Application Data\webex
2009-07-28 18:03 . 2009-07-28 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-28 18:01 . 2009-07-28 17:55 -------- d-----w- c:\program files\McAfee
2009-07-28 17:55 . 2009-07-28 17:55 -------- dc----w- c:\program files\Common Files\McAfee
2009-07-28 07:17 . 2006-10-17 09:18 72272 -c--a-w- c:\documents and settings\Nick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-26 23:23 . 2009-07-26 23:20 -------- dc----w- c:\documents and settings\Nick\Application Data\DivX
2009-07-26 23:17 . 2006-10-20 08:21 -------- dc----w- c:\program files\DivX
2009-07-26 23:15 . 2009-07-26 23:13 -------- dc----w- c:\program files\Common Files\DivX Shared
2009-07-26 18:29 . 2007-10-16 22:40 -------- dc----w- c:\program files\Azureus
2009-07-25 08:52 . 2009-07-25 08:52 -------- d-----w- c:\program files\ACE Mega CoDecS Pack
2009-07-25 08:49 . 2009-07-25 08:30 -------- d-----w- c:\program files\ffdshow
2009-07-25 04:23 . 2008-12-19 08:52 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-07-21 22:10 . 2009-07-21 22:08 -------- d-----w- c:\program files\NCH Software
2009-07-17 19:01 . 2002-08-29 12:00 58880 -c--a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2006-10-17 09:07 286208 -c--a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 07:38 . 2009-01-04 09:57 -------- dc----w- c:\program files\Canon
2009-07-08 20:49 . 2009-07-08 20:49 -------- dc----w- c:\documents and settings\LocalService\Application Data\Trusteer
2009-06-29 16:12 . 2002-08-29 12:00 827392 -c--a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2009-01-31 13:57 78336 -c--a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2002-08-29 12:00 17408 -c--a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2002-08-29 12:00 730112 -c--a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2002-08-29 12:00 56832 -c--a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2002-08-29 12:00 54272 -c--a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2002-08-29 12:00 301568 -c--a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2002-08-29 12:00 147456 -c--a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2002-08-29 12:00 136192 -c--a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2002-08-29 12:00 92928 -c--a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2002-08-29 12:00 81920 -c--a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2002-08-29 12:00 119808 -c--a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2002-08-29 12:00 76288 -c--a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2002-08-29 12:00 84992 -c--a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:19 . 2006-10-17 08:08 2066432 -c--a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2002-08-29 12:00 132096 -c--a-w- c:\windows\system32\wkssvc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SJelite3Launch"="c:\documents and settings\Nick\Application Data\Transcend\SJelite3\SJelite3Launch.exe" [2008-06-23 176128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F5D9010"="c:\program files\Belkin\F5D9010\Belkinwcui.exe" [2006-07-20 1617920]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-01-19 221184]
"eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2009-01-13 632048]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Nick\Start Menu\Programs\Startup\AutorunsDisabled
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xdg25.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ssoftservice"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14097:TCP"= 14097:TCP:BitComet 14097 TCP
"14097:UDP"= 14097:UDP:BitComet 14097 UDP
"50001:TCP"= 50001:TCP:BitComet 50001 TCP
"50001:UDP"= 50001:UDP:BitComet 50001 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [15/03/2009 13:43 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 21:06 1029456]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [15/07/2004 17:31 18432]
S0 Xdg25;Xdg25;c:\windows\system32\Drivers\Xdg25.sys --> c:\windows\system32\Drivers\Xdg25.sys [?]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [26/06/2009 16:07 57320]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [26/06/2009 16:07 239080]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 01:45 124832]
S2 AdobeAdobeActiveFileMonitor6.0;Adobe LM Service AdobeAdobeActiveFileMonitor6.0;c:\windows\TEMP\pfikuvipen.exe service --> c:\windows\TEMP\pfikuvipen.exe service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/07/2009 11:52 133104]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [26/06/2009 16:07 664808]
S3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [17/02/2004 17:58 291328]
S3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [17/02/2004 17:59 244608]
S3 JL2005;JL2005A Camera;c:\windows\system32\Drivers\toywdm.sys --> c:\windows\system32\Drivers\toywdm.sys [?]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [14/01/2007 15:56 72576]
S4 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCORE.exe --> c:\program files\Comodo\CBOClean\BOCORE.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-08-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 10:44]

2009-08-30 c:\windows\Tasks\GBM - Easy Layout Backup Job-Full.job
- c:\program files\Genie-Soft\GBMPro8\GBM8.exe [2009-03-19 11:51]

2009-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 09:52]

2009-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 09:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.bbc.co.uk/
uInternet Settings,ProxyServer = 192.168.1.1:8080
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 16:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-854245398-436374069-2147029411-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B867751A-0CF0-D245-0EAF-3250AD1A4586}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iajglplplboplglffe"=hex:6b,61,6f,6d,6c,66,65,6f,6c,61,6f,65,69,61,63,6a,6d,64,
68,68,70,6b,00,00
"hahhnlknabeihphn"=hex:6b,61,6e,6d,6b,66,64,62,6e,61,63,65,65,66,67,6e,6a,70,
69,6c,70,69,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2009-09-05 16:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-05 14:57

Pre-Run: 6,458,171,392 bytes free
Post-Run: 6,393,933,824 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn /noguiboot

244 --- E O F --- 2009-08-26 06:59

#4
Transience

Posted 05 September 2009 - 04:58 PM

Unofficial Music Guru

Retired Staff
2,448 posts

Great to see you on my case and with Hendrix at the helm, we can't fail!

Makes me glad to hear there's one more Hendrix fan out there

.

It's surprising to hear you can only boot in Safe Mode now, because it appears that ComboFix ran close to flawlessly (and believe me with malware as it is these days that's a rare occurrence). What happens when you try to boot the laptop in normal mode?

Also, if you are only able to boot in Safe Mode then it makes sense that you can't access the internet - internet access is disable in safe mode. If you can get to normal mode and the connection is still disabled, try these steps to get your connection back:

ComboFix disconnects your machine from the Internet to perform its fixes in isolation. The connection should be restored once ComboFix gets to the Find3M stage. In the event that ComboFix terminates prematurely and your connection is broken, you should first try a normal reboot, which should suffice to restore the coonection in most cases. If that doesn't work, you can manually restore the connection:
* Go to Control Panel > Network Connections.
* Right click on the Network icons & select "Repair"

Posted Image

Alternately, if the Network icon appears in the notification area in the lower right corner of Desktop, right-click it, and then click Repair from the shortcut menu:

Posted Image

Cheers,
Dave

#5
NickH

Posted 06 September 2009 - 12:17 AM

Member

Topic Starter
Member
36 posts

40 yrs since Woodstock wasn't it.. listening to his Star Spangled Banner on a review of that recently..

Sorry I didn't make myself clear - I could still boot in normal mode. Everything came up okay but when I tried anything it took ages - it seemed the whole system was just grinding to a halt. So I was using Safe Mode.

Strange you say the internet is disabled in Safe Mode because up until I ran ComboFix it was working in Safe Mode. Not sure if it should have been, but still!

So you say ComboFix ran close to flawlessly - does that mean it has fixed everything? Trying stuff out, things do seem to be working okay. Is there anything I should do to confirm all is okay?

But I still can't get onto the internet - I've already tried to restore the connection as you suggest without any joy. Furthermore when I try to choose a wireless network, no wireless networks are found to be in range and refreshing the list brings up nothing. Does this mean it's lost all its settings or something?

Thanks for your help so far - further thoughts?
Nick

#6
Transience

Posted 06 September 2009 - 06:39 AM

Unofficial Music Guru

Retired Staff
2,448 posts

But I still can't get onto the internet - I've already tried to restore the connection as you suggest without any joy. Furthermore when I try to choose a wireless network, no wireless networks are found to be in range and refreshing the list brings up nothing. Does this mean it's lost all its settings or something?

That's odd. One more suggestion I picked up yesterday for you to try:

Go to Start > Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

Strange you say the internet is disabled in Safe Mode because up until I ran ComboFix it was working in Safe Mode. Not sure if it should have been, but still!

Sorry should have made myself clear, it's disabled in regular old Safe Mode. You must have been in Safe Mode with Networking.

So you say ComboFix ran close to flawlessly - does that mean it has fixed everything? Trying stuff out, things do seem to be working okay. Is there anything I should do to confirm all is okay?

Hasn't quite fixed everything, there's a couple remains we need to take care of:
1. Run a ComboFix script

Copy the entire contents of the code box below to notepad (Start > Programs > Accessories > Notepad).
Click on File > Save and name the file CFScript.txt. This name is important and must not be changed.
Change the Save as Type to All Files.
Save it directly on your desktop.

KillAll::

File::
c:\windows\system32\Drivers\Xdg25.sys

Driver::
Xdg25
SysRst::

Note: If you are not the topic starter, DO NOT download or run this script as it could cause irreversible damage to your computer.

Please note that the same procedure applies to running ComboFix this time as before - disable your protection programs beforehand, close all other programs, don't interrupt it for any reason etc.

Posted Image

Once the script is saved, refering to the picture above, drag CFScript.txt into ComboFix.exe. This will cause ComboFix to start again. Allow it to complete running, following any prompts. Once the program has completed the log should appear automatically, if it doesn't it can be found at C:\ComboFix.txt. Please post the contents of that log in your next reply.

Once that's done, let's run an MBAM scan to see where we're at:

1. Malwarebytes' Anti-Malware

Start Malwarebyes' Anti-Malware and check for updates.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Full Scan, then click Scan.
The scan is different from the quick scan and will take a fairly long time to finish (you can leave it to run and go do something else), please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab.
Copy & Paste the entire report in your next reply.

Let me know how the internet is, and post those 2 logs in your next reply.

Cheers,
Dave

#7
NickH

Posted 06 September 2009 - 01:27 PM

Member

Topic Starter
Member
36 posts

Hi Dave,

Still no joy with the internet - I followed your recommendation only to find that my settings are already as you suggested. I'm on broadband btw. Any other ideas?

Ran the ComboFix script MBAM (unable to update it without the internet, but the version I have is only a few days old) as you suggested - logs below.

Certainly my laptop seems fine now - thanks for that! Any morethings to do as result of the logs I've sent? And the internet connection problem remains..

All best,
Nick

ComboFix 09-09-04.02 - Nick 06/09/2009 15:37.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.581 [GMT 2:00]
Running from: c:\documents and settings\Nick\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nick\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\system32\Drivers\Xdg25.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XDG25
-------\Service_Xdg25

((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))))
.

2009-08-30 14:53 . 2002-08-05 22:14 102912 -c--a-w- c:\windows\system32\Particle Fire.scr
2009-08-28 08:26 . 2009-08-28 08:26 -------- d-----w- c:\program files\iPod
2009-08-28 08:25 . 2009-08-28 08:27 -------- d-----w- c:\program files\iTunes
2009-08-16 15:42 . 2007-06-29 12:23 53248 -c--a-w- c:\windows\system32\IoctlSvc.exe
2009-08-16 15:03 . 2009-08-16 15:03 -------- dc----w- c:\documents and settings\Nick\Application Data\Transcend

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 20:52 . 2007-03-12 19:58 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-04 14:51 . 2006-10-17 12:34 -------- dc----w- c:\documents and settings\Nick\Application Data\Skype
2009-09-04 09:54 . 2007-08-15 17:53 -------- dc----w- c:\program files\Eraser
2009-09-03 20:46 . 2007-11-17 14:21 -------- dc----w- c:\documents and settings\Nick\Application Data\skypePM
2009-08-29 18:00 . 2009-04-04 08:14 -------- d-----w- c:\program files\ERUNT
2009-08-29 13:09 . 2008-02-05 18:51 -------- dc----w- c:\program files\Spybot - Search & Destroy
2009-08-28 08:26 . 2008-08-14 07:38 -------- dc----w- c:\program files\Common Files\Apple
2009-08-26 07:17 . 2009-03-15 19:23 -------- d-----w- c:\program files\Registry Easy
2009-08-19 15:43 . 2007-10-07 17:21 -------- dc----w- c:\documents and settings\Nick\Application Data\Azureus
2009-08-12 22:38 . 2009-04-15 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-10 14:30 . 2008-08-25 00:02 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-09 05:46 . 2008-10-27 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-09 05:45 . 2008-10-27 17:03 -------- dc----w- c:\program files\NOS
2009-08-06 12:41 . 2007-10-07 17:17 -------- dc----w- c:\program files\Java
2009-08-05 09:01 . 2002-08-29 12:00 204800 -c--a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 11:36 . 2008-08-25 00:02 38160 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2008-08-25 00:02 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-07-31 05:35 . 2006-10-24 12:45 -------- dc----w- c:\program files\Google
2009-07-30 19:14 . 2008-10-07 16:41 -------- dc----w- c:\documents and settings\Nick\Application Data\webex
2009-07-28 18:03 . 2009-07-28 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-28 18:01 . 2009-07-28 17:55 -------- d-----w- c:\program files\McAfee
2009-07-28 17:55 . 2009-07-28 17:55 -------- dc----w- c:\program files\Common Files\McAfee
2009-07-28 07:17 . 2006-10-17 09:18 72272 -c--a-w- c:\documents and settings\Nick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-26 23:23 . 2009-07-26 23:20 -------- dc----w- c:\documents and settings\Nick\Application Data\DivX
2009-07-26 23:17 . 2006-10-20 08:21 -------- dc----w- c:\program files\DivX
2009-07-26 23:15 . 2009-07-26 23:13 -------- dc----w- c:\program files\Common Files\DivX Shared
2009-07-26 18:29 . 2007-10-16 22:40 -------- dc----w- c:\program files\Azureus
2009-07-25 08:52 . 2009-07-25 08:52 -------- d-----w- c:\program files\ACE Mega CoDecS Pack
2009-07-25 08:49 . 2009-07-25 08:30 -------- d-----w- c:\program files\ffdshow
2009-07-25 04:23 . 2008-12-19 08:52 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-07-21 22:10 . 2009-07-21 22:08 -------- d-----w- c:\program files\NCH Software
2009-07-17 19:01 . 2002-08-29 12:00 58880 -c--a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2006-10-17 09:07 286208 -c--a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 07:38 . 2009-01-04 09:57 -------- dc----w- c:\program files\Canon
2009-07-08 20:49 . 2009-07-08 20:49 -------- dc----w- c:\documents and settings\LocalService\Application Data\Trusteer
2009-06-29 16:12 . 2002-08-29 12:00 827392 -c----w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2009-01-31 13:57 78336 -c--a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2002-08-29 12:00 17408 -c--a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2002-08-29 12:00 730112 -c--a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2002-08-29 12:00 56832 -c--a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2002-08-29 12:00 54272 -c--a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2002-08-29 12:00 301568 -c--a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2002-08-29 12:00 147456 -c--a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2002-08-29 12:00 136192 -c--a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2002-08-29 12:00 92928 -c--a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2002-08-29 12:00 81920 -c--a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2002-08-29 12:00 119808 -c--a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2002-08-29 12:00 76288 -c--a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2002-08-29 12:00 84992 -c--a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:19 . 2006-10-17 08:08 2066432 -c--a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2002-08-29 12:00 132096 -c--a-w- c:\windows\system32\wkssvc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SJelite3Launch"="c:\documents and settings\Nick\Application Data\Transcend\SJelite3\SJelite3Launch.exe" [2008-06-23 176128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F5D9010"="c:\program files\Belkin\F5D9010\Belkinwcui.exe" [2006-07-20 1617920]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-01-19 221184]
"eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2009-01-13 632048]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Nick\Start Menu\Programs\Startup\AutorunsDisabled
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ssoftservice"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14097:TCP"= 14097:TCP:BitComet 14097 TCP
"14097:UDP"= 14097:UDP:BitComet 14097 UDP
"50001:TCP"= 50001:TCP:BitComet 50001 TCP
"50001:UDP"= 50001:UDP:BitComet 50001 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [15/03/2009 13:43 64160]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [26/06/2009 16:07 57320]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [26/06/2009 16:07 239080]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 01:45 124832]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 21:06 1029456]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [26/06/2009 16:07 664808]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [17/02/2004 17:58 291328]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [17/02/2004 17:59 244608]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [15/07/2004 17:31 18432]
S2 AdobeAdobeActiveFileMonitor6.0;Adobe LM Service AdobeAdobeActiveFileMonitor6.0;c:\windows\TEMP\pfikuvipen.exe service --> c:\windows\TEMP\pfikuvipen.exe service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/07/2009 11:52 133104]
S3 JL2005;JL2005A Camera;c:\windows\system32\Drivers\toywdm.sys --> c:\windows\system32\Drivers\toywdm.sys [?]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [14/01/2007 15:56 72576]
S4 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCORE.exe --> c:\program files\Comodo\CBOClean\BOCORE.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-09-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 10:44]

2009-09-06 c:\windows\Tasks\GBM - Easy Layout Backup Job-Full.job
- c:\program files\Genie-Soft\GBMPro8\GBM8.exe [2009-03-19 11:51]

2009-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 09:52]

2009-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 09:52]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Xdg25.sys

.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.bbc.co.uk/
uInternet Settings,ProxyServer = 192.168.1.1:8080
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-06 15:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-854245398-436374069-2147029411-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B867751A-0CF0-D245-0EAF-3250AD1A4586}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iajglplplboplglffe"=hex:6b,61,6f,6d,6c,66,65,6f,6c,61,6f,65,69,61,63,6a,6d,64,
68,68,70,6b,00,00
"hahhnlknabeihphn"=hex:6b,61,6e,6d,6b,66,64,62,6e,61,63,65,65,66,67,6e,6a,70,
69,6c,70,69,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2964)
c:\windows\system32\WININET.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\IoctlSvc.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Trusteer\Rapport\bin\RapportService.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-09-06 16:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-06 14:06
ComboFix2.txt 2009-09-05 14:57

Pre-Run: 5,234,024,448 bytes free
Post-Run: 5,132,345,344 bytes free

246 --- E O F --- 2009-08-26 06:59

Malwarebytes' Anti-Malware 1.40
Database version: 2738
Windows 5.1.2600 Service Pack 3

06/09/2009 19:25:45
mbam-log-2009-09-06 (19-25-45).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 183682
Time elapsed: 2 hour(s), 23 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\kbiwkmhoymodqb.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kbiwkmwtgenmod.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.

#8
NickH

Posted 06 September 2009 - 02:07 PM

Member

Topic Starter
Member
36 posts

Quick addendum:

Have just connected to the internet via ethernet, so that works & I'm back in touch with world - why didn't I think of doing this before..?! The problem remains with Wi-Fi though...
Nick

#9
Transience

Posted 06 September 2009 - 02:44 PM

Unofficial Music Guru

Retired Staff
2,448 posts

With regard to the internet connection, there's one more trick I have in my fairly limited arsenal before I send you off to the people far more experienced in issues of networking than myself, who will surely have the solution for you in no time.

The next thing to try is resetting the router to its factory settings, look here if you don't know how:

http://www.ehow.com/...t-settings.html

Once that's done, you can reconfigure it back to your preferred settings. Below is the list of default usernames and passwords, should you have trouble accessing your router to make the changes:

http://www.routerpasswords.com/
http://www.phenoelit...rg/dpl/dpl.html

After that, give your internet a try and let me know how things go.

In any event, I'm glad to hear that you're back connected via the ethernet - at least you can access the internet again. Being the pessimist that I am I'd like to run one more scan, an online virus scan, to be sure that you're all set from the malware side of things:

First we'll clean out your unnecessary temp files to speed up the scan:

1. TFC

Please download TFC to your desktop.
Save any work, then close all open windows.
Double-click TFC to run it, and allow the process to complete, which should not take more than a couple minutes.
You may or may not be prompted to reboot, if you are click "Yes" and allow the computer to reboot.
Close TFC when it has completed.

2. Kaspersky Online Scan

Kaspersky online scanner uses Java technology to perform the scan. Because your Java is out of date, we need to update it first so that the scan will run without issues.

Update Java

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts. A log will appear (JavaRa.log), DO NOT post this log, I have no need for it.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Scan

Follow this link to the Kaspersky WebScanner
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure the following is checked.
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

So post back with the log from Kaspersky when you have it and give me an update on how the PC is running, and we should have you on your way

.

- Dave

#10
NickH

Posted 08 September 2009 - 11:23 AM

Member

Topic Starter
Member
36 posts

Hi Dave,
Just a note to let you know that I haven't lost interest in what we are doing here - my silence over the last day or two is down to me travelling to England from my home in France - I splt my time between the two countries.

As far as my laptop is concerned, I am once again using a cable internet connection as the wifi is still not working, at my UK address where I've had no problem before. Interestingly the Wireless Internet connection shows as being connected at 54.00, signal strength good. THe PC just can't see any Wireless Network to connect to. Curious.

Anyway I shall set to it & go through your latest instructions and report back when I can.

All best,
Nick

#11
Transience

Posted 08 September 2009 - 01:45 PM

Unofficial Music Guru

Retired Staff
2,448 posts

Okay no hurry, take your time, I'll be here

#12
Transience

Posted 12 September 2009 - 11:23 AM

Unofficial Music Guru

Retired Staff
2,448 posts

Just checking in since it's been a few days - still need any help on this one?

#13
NickH

Posted 13 September 2009 - 05:11 AM

Member

Topic Starter
Member
36 posts

Yes - can you stand by for a few days? I'm sorry to have gone quiet but I'm frantically juggling work & personal stuff at the moment and as my PC is behaving tolerably, I've had to leave carrying out the last instruction you me gave for a few days.
My 88yr old Dad has been in hospital and I'm caring for him while tryng to get some work done - tricky, as you can imagine! I'll get onto your recent instructions asap and report back.
All best,
Nick

#14
Transience

Posted 13 September 2009 - 10:38 AM

Unofficial Music Guru

Retired Staff
2,448 posts

No problems at all Nick I have no issues waiting as long as you need now that I know you're still with us. Take your time, I know as well as anybody that the rest of your life has to come first

#15
NickH

Posted 15 September 2009 - 12:07 PM

Member

Topic Starter
Member
36 posts

Well now back in France and had a chance to run Kaspersky. Your pessimism was well placed - there are still a few gremlins hanging about - see the report below.

Awaiting your further thoughts..
Nick

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, September 15, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, September 15, 2009 08:46:32
Records in database: 2821776
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 75630
Threats found: 5
Infected objects found: 5
Suspicious objects found: 1
Scan duration: 07:40:56

File name / Threat / Threats count
C:\Documents and Settings\Nick\Local Settings\Application Data\Identities\{783E2BCA-C63D-478B-93E4-36CEA85F219B}\Microsoft\Outlook Express\Misc.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Nick\Local Settings\Application Data\Identities\{783E2BCA-C63D-478B-93E4-36CEA85F219B}\Microsoft\Outlook Express\Technical.dbx Infected: Trojan-Spy.HTML.Paylap.en 1
C:\Program Files\InterVideo\Common\Bin\IVISubtitle.ax Infected: Packed.Win32.TDSS.y 1
C:\Program Files\InterVideo\DVD7\IVISubtitle.ax Infected: Packed.Win32.TDSS.y 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\whmqj.sys.vir Infected: Rootkit.Win32.Agent.rsp 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_kbiwkmxoyibqux_.sys.zip Infected: Packed.Win32.TDSS.z 1

Selected area has been scanned.