1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Virus Rootkit.win32.tdss.d HELP!!

Discussion in 'Virus & Other Malware Removal' started by snifferhann, Apr 14, 2010.

Thread Status:
Not open for further replies.
  1. snifferhann

    snifferhann Thread Starter

    Joined:
    Apr 14, 2010
    Messages:
    3
    Hi
    I've managed to pick up the rootkit.win32.tdss.d virus and can't remove it. I'm running Win Xp pro and kaspersky security which deects it but cannot remove it. I ve tried various softwares, including kaspersky tdss removal tool but they do no seem to remove it. Any help would be great.

    I've included the combo fix log below.

    Thanks


    ComboFix 10-04-13.04 - Administrator 14/04/2010 17:54:13.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3327.2563 [GMT 1:00]
    Running from: c:\documents and settings\Administrator\My Documents\Downloads\itsme.exe
    AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    .
    ((((((((((((((((((((((((( Files Created from 2010-03-14 to 2010-04-14 )))))))))))))))))))))))))))))))
    .
    2010-04-14 17:09 . 2010-04-14 17:09 -------- d-----w- c:\documents and settings\Administrator\WPDNSE
    2010-04-14 14:34 . 2010-04-14 14:34 -------- d-----w- c:\program files\RootQuest
    2010-04-14 10:59 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
    2010-04-14 10:26 . 2010-04-14 10:26 -------- d-----w- c:\documents and settings\NetworkService\outlook logging
    2010-04-14 09:32 . 2010-04-14 09:32 -------- d-----w- c:\documents and settings\Administrator\Rar$EX00.047
    2010-04-13 21:22 . 2010-04-13 21:22 13778 ----a-w- C:\exe.dat
    2010-04-13 20:26 . 2010-04-13 20:26 -------- d-----w- c:\program files\Enigma Software Group
    2010-04-13 20:18 . 2010-04-13 20:18 -------- d-----w- c:\documents and settings\NetworkService\bdrb.tmp
    2010-04-13 20:13 . 2010-04-13 20:13 -------- d-----w- c:\documents and settings\NetworkService\qxxo.tmp
    2010-04-13 20:05 . 2010-04-13 20:06 -------- d-----w- c:\documents and settings\NetworkService\baiw.tmp
    2010-04-13 20:04 . 2010-04-13 20:04 -------- d-----w- c:\documents and settings\Administrator\plugtmp-7
    2010-04-13 20:00 . 2010-04-13 20:00 -------- d-----w- c:\documents and settings\NetworkService\nldq.tmp
    2010-04-13 19:55 . 2010-04-13 19:55 -------- d-----w- c:\documents and settings\NetworkService\lemr.tmp
    2010-04-13 19:50 . 2010-04-13 20:54 147456 ----a-w- C:\catchme.exe
    2010-04-13 19:50 . 2010-04-13 19:50 -------- d-----w- c:\documents and settings\NetworkService\ddgx.tmp
    2010-04-13 19:45 . 2010-04-13 19:45 -------- d-----w- c:\documents and settings\NetworkService\hial.tmp
    2010-04-13 19:40 . 2010-04-13 19:40 -------- d-----w- c:\documents and settings\NetworkService\abmw.tmp
    2010-04-13 19:37 . 2010-04-13 19:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan
    2010-04-13 19:34 . 2010-04-13 19:35 -------- d-----w- c:\documents and settings\NetworkService\ejib.tmp
    2010-04-13 19:29 . 2010-04-13 19:29 -------- d-----w- c:\documents and settings\NetworkService\ulfh.tmp
    2010-04-13 19:24 . 2010-04-13 19:24 -------- d-----w- c:\documents and settings\NetworkService\doid.tmp
    2010-04-13 19:19 . 2010-04-13 19:19 -------- d-----w- c:\documents and settings\NetworkService\ftei.tmp
    2010-04-13 19:14 . 2010-04-13 19:14 -------- d-----w- c:\documents and settings\NetworkService\rodr.tmp
    2010-04-13 19:09 . 2010-04-13 19:09 -------- d-----w- c:\documents and settings\NetworkService\iiiy.tmp
    2010-04-13 19:04 . 2010-04-13 19:04 -------- d-----w- c:\documents and settings\NetworkService\pysf.tmp
    2010-04-13 18:59 . 2010-04-13 19:00 -------- d-----w- c:\documents and settings\NetworkService\xxti.tmp
    2010-04-13 18:58 . 2010-04-13 19:12 -------- d-----w- c:\documents and settings\Administrator\HouseCall
    2010-04-13 18:58 . 2010-04-13 19:00 -------- d-----w- c:\documents and settings\Administrator\HCBackup
    2010-04-13 18:49 . 2010-04-13 18:49 -------- d-----w- c:\documents and settings\NetworkService\pfvr.tmp
    2010-04-13 18:37 . 2010-04-13 18:37 -------- d-----w- c:\documents and settings\NetworkService\cdti.tmp
    2010-04-13 18:04 . 2010-04-13 18:04 -------- d-----w- c:\documents and settings\NetworkService\soxh.tmp
    2010-04-13 17:59 . 2010-04-13 17:59 -------- d-----w- c:\documents and settings\NetworkService\xteo.tmp
    2010-04-13 17:54 . 2010-04-13 17:54 -------- d-----w- c:\documents and settings\NetworkService\wdjj.tmp
    2010-04-13 17:49 . 2010-04-13 17:49 -------- d-----w- c:\documents and settings\NetworkService\ljin.tmp
    2010-04-13 17:44 . 2010-04-13 17:44 -------- d-----w- c:\documents and settings\NetworkService\meov.tmp
    2010-04-13 17:39 . 2010-04-13 17:39 -------- d-----w- c:\documents and settings\NetworkService\pyab.tmp
    2010-04-13 17:34 . 2010-04-13 17:34 -------- d-----w- c:\documents and settings\NetworkService\vmno.tmp
    2010-04-13 17:29 . 2010-04-13 17:29 -------- d-----w- c:\documents and settings\NetworkService\nfvc.tmp
    2010-04-13 17:23 . 2010-04-13 17:23 -------- d-----w- c:\documents and settings\NetworkService\owbv.tmp
    2010-04-13 17:18 . 2010-04-13 17:18 -------- d-----w- c:\documents and settings\NetworkService\lwfh.tmp
    2010-04-13 17:13 . 2010-04-13 17:13 -------- d-----w- c:\documents and settings\NetworkService\tvxv.tmp
    2010-04-13 17:08 . 2010-04-13 17:08 -------- d-----w- c:\documents and settings\NetworkService\ssuu.tmp
    2010-04-13 17:03 . 2010-04-13 17:03 -------- d-----w- c:\documents and settings\NetworkService\xtpe.tmp
    2010-04-13 16:58 . 2010-04-13 16:58 -------- d-----w- c:\documents and settings\NetworkService\bdie.tmp
    2010-04-12 19:47 . 2010-04-12 19:59 -------- d-----w- c:\documents and settings\Administrator\hsperfdata_Administrator
    2010-04-12 17:50 . 2010-04-12 17:50 -------- d-s---w- c:\documents and settings\NetworkService\UserData
    2010-04-12 13:46 . 2010-04-12 15:59 -------- d-----w- c:\documents and settings\Administrator\plugtmp-4
    2010-04-12 12:21 . 2010-04-12 12:22 -------- d-----w- c:\documents and settings\Administrator\hsperfdata_SYSTEM
    2010-04-11 12:30 . 2010-04-11 12:54 554064 ----a-w- c:\documents and settings\Administrator\LiveUpdate.exe
    2010-04-11 12:30 . 2010-04-11 12:54 554064 ----a-w- c:\documents and settings\Administrator\LiveUpdate.dat
    2010-04-11 12:28 . 2010-04-11 12:29 -------- d-----w- c:\documents and settings\Administrator\LiveUpdate
    2010-04-11 10:29 . 2010-04-11 12:25 -------- d-----w- c:\documents and settings\Administrator\plugtmp-3
    2010-04-11 10:09 . 2010-04-11 10:09 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
    2010-04-11 10:09 . 2010-04-11 10:09 -------- d-----w- c:\documents and settings\Administrator\bye52C4.tmp
    2010-04-11 10:07 . 2010-04-11 10:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intuit
    2010-04-11 10:07 . 2010-04-11 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
    2010-04-11 00:04 . 2010-04-11 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
    2010-04-05 17:33 . 2010-04-05 19:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
    2010-04-04 16:21 . 2010-04-04 16:21 -------- d-----w- c:\program files\STOIK Imaging
    2010-04-04 16:21 . 2010-04-04 16:21 -------- d-----w- c:\documents and settings\Administrator\isp19ED.tmp
    2010-04-04 16:19 . 2010-01-08 04:51 7680 ------w- c:\documents and settings\Administrator\SegPlayPCDXCheck.exe
    2010-04-04 16:19 . 2009-06-27 17:44 7680 ------w- c:\documents and settings\Administrator\SegPlayPCRegisterPatterns.exe
    2010-04-04 16:19 . 2008-12-28 22:17 6656 ------w- c:\documents and settings\Administrator\SegPlayPCInstallCheck.exe
    2010-04-04 16:19 . 2006-12-02 13:22 479232 ------w- c:\documents and settings\Administrator\msvcm80.dll
    2010-04-04 16:19 . 2006-12-02 05:03 626688 ------w- c:\documents and settings\Administrator\msvcr80.dll
    2010-04-04 16:19 . 2006-12-02 05:03 548864 ------w- c:\documents and settings\Administrator\msvcp80.dll
    2010-04-04 16:19 . 2006-02-03 16:41 74448 ------w- c:\documents and settings\Administrator\DSETUP.dll
    2010-04-04 16:19 . 2010-04-04 16:19 -------- d-----w- c:\program files\Segmation
    2010-04-02 10:58 . 2010-04-02 10:58 -------- d-----w- c:\documents and settings\Administrator\RarSFX0
    2010-03-30 08:55 . 2010-03-30 10:19 -------- d-----w- c:\documents and settings\Administrator\plugtmp-2
    2010-03-29 20:44 . 2010-03-29 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\FNET
    2010-03-29 20:44 . 2010-03-29 20:44 7936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
    2010-03-29 20:44 . 2010-03-29 20:44 -------- d-----w- c:\program files\PcCloneEX
    2010-03-29 13:53 . 2010-03-29 13:53 -------- d-----w- c:\documents and settings\Administrator\plugtmp-1
    2010-03-29 13:46 . 2010-03-29 13:46 28480 ----a-r- c:\documents and settings\Administrator\AMPing.exe
    2010-03-28 02:59 . 2010-04-13 20:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Mufe
    2010-03-27 23:48 . 2010-04-11 12:32 701808 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-03-27 12:47 . 2010-03-27 17:27 -------- d-----w- c:\documents and settings\Administrator\plugtmp
    2010-03-25 23:57 . 2010-03-22 22:54 128536 ----a-w- c:\documents and settings\Administrator\DAPREMOVE.EXE
    2010-03-24 20:52 . 2010-03-24 20:52 -------- d-----w- c:\documents and settings\Administrator\OIS
    2010-03-24 15:30 . 2010-03-24 15:30 -------- d-----w- c:\documents and settings\Administrator\VBE
    2010-03-23 18:17 . 2010-04-05 19:36 -------- d-----w- c:\documents and settings\Administrator\Acrobat Distiller 8
    2010-03-23 15:53 . 2010-03-23 15:53 3532 ----a-w- C:\drmHeader.bin
    2010-03-23 13:09 . 2010-03-23 13:09 -------- d-----w- c:\program files\Seagate
    2010-03-23 10:55 . 2010-03-23 10:55 -------- d-----w- c:\temp\MotoConnectTemp
    2010-03-22 22:54 . 2010-03-22 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
    2010-03-22 22:54 . 2009-10-12 15:21 138760 ----a-w- c:\documents and settings\Administrator\RunWizards.exe
    2010-03-22 22:53 . 2010-03-22 22:53 -------- d-----w- c:\documents and settings\Administrator\LocalesU
    2010-03-22 22:53 . 2010-02-22 17:42 99800 ----a-w- c:\documents and settings\Administrator\cabex.dll
    2010-03-20 21:25 . 2010-03-20 21:26 -------- d-----w- c:\documents and settings\Administrator\plugtmp-52
    2010-03-18 10:05 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
    2010-03-17 18:48 . 2010-03-17 18:48 -------- d-----w- C:\8d113d41ec57f411bf7fbeb77296
    2010-03-17 16:07 . 2010-03-17 16:07 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
    2010-03-17 14:36 . 2010-03-17 14:36 -------- d-----w- c:\program files\XP_Key_Changer
    2010-03-17 09:53 . 2010-03-17 09:53 -------- d-----w- c:\documents and settings\Administrator\{EAAB5FBB-9737-4A6C-A5C0-4B3D76BC932B}
    2010-03-16 21:21 . 2010-03-16 21:21 -------- d-----w- c:\program files\Loaris
    2010-03-16 20:59 . 2010-03-16 20:59 -------- d-----w- c:\windows\system32\CatRoot_bak
    2010-03-16 20:50 . 2009-11-27 17:11 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
    2010-03-16 20:50 . 2009-07-31 10:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2010-03-16 20:49 . 2009-11-27 16:07 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
    2010-03-16 20:49 . 2009-11-27 16:07 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
    2010-03-16 20:46 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-03-16 20:46 . 2009-12-08 19:26 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2010-03-16 20:46 . 2009-12-08 19:27 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2010-03-16 20:46 . 2009-12-08 18:43 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2010-03-16 20:41 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
    2010-03-16 20:04 . 2010-03-16 20:04 -------- d-----w- c:\documents and settings\Administrator\{CD20B98A-59DB-4AC6-A0D3-320C9DE30F71}
    2010-03-16 20:03 . 2010-03-16 20:03 -------- d-----w- c:\documents and settings\Administrator\{A0BFB9A9-14B5-4ECC-A95C-A1E4F73187D5}
    2010-03-16 20:02 . 2010-03-16 20:02 -------- d-----w- c:\documents and settings\Administrator\{F49C43BB-75D0-4254-981A-7BD8DC9B7CB4}
    2010-03-16 19:54 . 2010-03-16 19:54 -------- d-----w- c:\documents and settings\Administrator\{748C82FE-86A8-4EBC-8F2A-E62F02EC1EA4}
    2010-03-16 19:33 . 2010-03-16 19:33 -------- d-----w- c:\documents and settings\Administrator\{3C3EB740-800F-47A4-805E-A0F1FF2DB3A1}
    2010-03-16 19:32 . 2010-03-16 19:32 -------- d-----w- c:\documents and settings\Administrator\{60406820-78A4-4B73-B854-0FD24274B3DD}
    2010-03-16 19:31 . 2010-03-16 19:31 -------- d-----w- c:\documents and settings\Administrator\{77F02026-2A07-412B-9BC9-31C821E564B9}
    2010-03-16 19:31 . 2010-03-16 19:31 -------- d-----w- c:\documents and settings\Administrator\{AD7FCDD2-E764-4A32-9EA3-DFB3A0D7F316}
    2010-03-16 19:31 . 2010-03-16 19:31 -------- d-----w- c:\documents and settings\Administrator\{54B73E95-C0BA-468B-8F17-165FA66899CF}
    2010-03-16 19:31 . 2010-03-16 19:31 -------- d-----w- c:\documents and settings\Administrator\{EF72E2D7-2A39-4189-8F4E-D7F8A71B1F05}
    2010-03-16 19:31 . 2010-03-16 19:31 -------- d-----w- c:\documents and settings\Administrator\{40B2F6E0-A451-47D9-8EAC-771513FF197B}
    2010-03-16 19:31 . 2010-03-16 19:31 -------- d-----w- c:\documents and settings\Administrator\{16C661F1-8928-430A-8521-2C6C022F80FB}
    2010-03-16 15:30 . 2010-03-16 15:30 494 ----a-w- C:\appbckp1.reg
    2010-03-16 15:30 . 2010-03-16 15:30 1234874 ----a-w- C:\appbckp2.reg
    2010-03-16 15:28 . 2010-03-25 22:28 -------- d-----w- c:\program files\%temp%
    2010-03-16 14:10 . 2010-03-16 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AltrixSoft
    2010-03-16 14:09 . 2010-03-25 22:28 -------- d-----w- c:\program files\Hard Drive Inspector
    2010-03-16 14:09 . 2010-03-16 14:09 -------- d-----w- c:\program files\Common Files\AltrixSoft
    2010-03-16 14:09 . 2010-03-16 14:10 -------- d-----w- c:\documents and settings\Administrator\nsp3D1C.tmp
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-14 17:12 . 2010-04-14 17:12 32768 ----atw- c:\documents and settings\LocalService\cch16.tmp
    2010-04-14 17:12 . 2010-04-14 17:12 32768 ----atw- c:\documents and settings\LocalService\cch15.tmp
    2010-04-14 17:09 . 2008-02-26 10:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2010-04-14 16:52 . 2008-02-26 13:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\PocoMail
    2010-04-14 13:49 . 2008-12-07 11:45 -------- d-----w- c:\program files\Web Publish
    2010-04-14 12:59 . 2007-07-18 19:05 96384 ------w- c:\windows\system32\drivers\atapi.sys
    2010-04-14 12:47 . 2010-04-14 12:47 32768 ----atw- c:\documents and settings\LocalService\cchA07.tmp
    2010-04-14 12:47 . 2010-04-14 12:47 32768 ----atw- c:\documents and settings\LocalService\cchA06.tmp
    2010-04-14 12:47 . 2010-04-14 12:47 32768 ----atw- c:\documents and settings\LocalService\cchA01.tmp
    2010-04-14 12:47 . 2010-04-14 12:47 32768 ----atw- c:\documents and settings\LocalService\cchA00.tmp
    2010-04-14 12:47 . 2010-04-14 12:47 32768 ----atw- c:\documents and settings\LocalService\cch9FE.tmp
    2010-04-14 12:47 . 2010-04-14 12:47 32768 ----atw- c:\documents and settings\LocalService\cch9FD.tmp
    2010-04-14 12:47 . 2010-04-14 12:47 32768 ----atw- c:\documents and settings\LocalService\cch9FB.tmp
    2010-04-14 12:47 . 2010-04-14 12:47 32768 ----atw- c:\documents and settings\LocalService\cch9FA.tmp
    2010-04-14 12:47 . 2010-04-14 12:47 32768 ----atw- c:\documents and settings\LocalService\cch9F8.tmp
    2010-04-14 12:47 . 2010-04-14 12:47 32768 ----atw- c:\documents and settings\LocalService\cch9F7.tmp
    2010-04-14 12:47 . 2010-04-14 12:47 32768 ----atw- c:\documents and settings\LocalService\cch9CB.tmp
    2010-04-14 12:47 . 2010-04-14 12:47 32768 ----atw- c:\documents and settings\LocalService\cch9CA.tmp
    2010-04-14 12:46 . 2010-04-14 12:46 203 ----a-w- c:\documents and settings\Administrator\~fx9BF.tmp
    2010-04-14 12:46 . 2010-04-14 12:46 127 ----a-w- c:\documents and settings\Administrator\~fx9BE.tmp
    2010-04-14 12:46 . 2010-04-14 12:46 127 ----a-w- c:\documents and settings\Administrator\~fx9BA.tmp
    2010-04-14 12:46 . 2010-04-14 12:46 7705 ----a-w- c:\documents and settings\Administrator\~fx995.tmp
    2010-04-14 12:24 . 2010-04-14 12:24 32768 ----atw- c:\documents and settings\LocalService\cch50B.tmp
    2010-04-14 12:24 . 2010-04-14 12:24 32768 ----atw- c:\documents and settings\LocalService\cch50A.tmp
    2010-04-14 11:56 . 2010-04-14 11:56 32768 ----atw- c:\documents and settings\LocalService\cch274.tmp
    2010-04-14 11:56 . 2010-04-14 11:56 32768 ----atw- c:\documents and settings\LocalService\cch273.tmp
    2010-04-14 11:56 . 2010-04-14 11:56 32768 ----atw- c:\documents and settings\LocalService\cch271.tmp
    2010-04-14 11:56 . 2010-04-14 11:56 32768 ----atw- c:\documents and settings\LocalService\cch270.tmp
    2010-04-14 11:26 . 2008-02-26 13:01 -------- d-----w- c:\program files\FlashFXP
    2010-04-14 09:45 . 2010-04-14 09:45 637798 ----a-w- c:\documents and settings\NetworkService\fla2D.tmp
    2010-04-14 09:40 . 2010-04-14 09:40 98304 ----a-w- c:\windows\system32\drivers\tsk11.tmp
    2010-04-13 23:39 . 2010-04-13 23:39 29614081 ----a-w- c:\documents and settings\Administrator\fla370.tmp
    2010-04-13 23:29 . 2009-01-12 23:52 -------- d-----w- c:\program files\Orbitdownloader
    2010-04-13 20:22 . 2008-10-14 17:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Fuil
    2010-04-13 20:07 . 2008-10-24 11:15 -------- d-----w- c:\program files\eFax Messenger 4.4
    2010-04-13 18:41 . 2009-02-16 16:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-13 18:37 . 2010-04-13 18:37 311296 ----a-w- c:\documents and settings\Administrator\~DF7E5C.tmp
    2010-04-13 18:36 . 2009-02-16 16:23 5918775 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-04-13 17:35 . 2010-04-13 17:35 311296 ----a-w- c:\documents and settings\Administrator\~DF713C.tmp
    2010-04-13 14:58 . 2010-04-13 19:34 670696 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0f2z73s5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    2010-04-13 14:58 . 2010-04-13 19:34 833960 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0f2z73s5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    2010-04-13 12:14 . 2008-04-14 11:24 -------- d-----w- c:\program files\Advanced System Optimizer
    2010-04-13 10:33 . 2010-04-13 10:33 213 ----a-w- c:\documents and settings\Administrator\~fx12.tmp
    2010-04-13 10:33 . 2010-04-13 10:33 127 ----a-w- c:\documents and settings\Administrator\~fx11.tmp
    2010-04-13 10:33 . 2010-04-13 10:33 2407 ----a-w- c:\documents and settings\Administrator\~fx10.tmp
    2010-04-13 09:34 . 2008-02-26 16:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Vso
    2010-04-12 22:37 . 2010-04-12 22:37 0 ----a-w- c:\documents and settings\Administrator\tmp947.tmp
    2010-04-12 22:37 . 2010-04-12 22:37 0 ----a-w- c:\documents and settings\Administrator\tmp946.tmp
    2010-04-12 22:37 . 2010-04-12 22:37 0 ----a-w- c:\documents and settings\Administrator\tmp945.tmp
    2010-04-12 22:37 . 2010-04-12 22:37 0 ----a-w- c:\documents and settings\Administrator\tmp944.tmp
    2010-04-12 22:37 . 2010-04-12 22:37 0 ----a-w- c:\documents and settings\Administrator\tmp943.tmp
    2010-04-12 21:01 . 2010-04-12 21:01 0 ----a-w- c:\documents and settings\Administrator\tmp66.tmp
    2010-04-12 21:01 . 2010-04-12 21:01 0 ----a-w- c:\documents and settings\Administrator\tmp65.tmp
    2010-04-12 21:01 . 2010-04-12 21:01 0 ----a-w- c:\documents and settings\Administrator\tmp64.tmp
    2010-04-12 21:01 . 2010-04-12 21:01 0 ----a-w- c:\documents and settings\Administrator\tmp63.tmp
    2010-04-12 21:01 . 2010-04-12 21:01 0 ----a-w- c:\documents and settings\Administrator\tmp62.tmp
    2010-04-12 21:01 . 2010-04-12 21:01 0 ----a-w- c:\documents and settings\Administrator\tmp61.tmp
    2010-04-12 19:57 . 2009-09-18 15:44 -------- d-----w- c:\program files\Coupon Printer
    2010-04-12 17:55 . 2010-04-12 17:55 311296 ----a-w- c:\documents and settings\Administrator\~DF57B1.tmp
    2010-04-12 15:59 . 2010-04-12 15:59 65536 ----a-w- c:\documents and settings\Administrator\ima91F3.tmp
    2010-04-12 15:59 . 2010-04-12 15:59 65536 ----a-w- c:\documents and settings\Administrator\ima91F2.tmp
    2010-04-12 14:27 . 2010-04-12 14:27 32768 ----atw- c:\documents and settings\LocalService\cch8989.tmp
    2010-04-12 14:27 . 2010-04-12 14:27 32768 ----atw- c:\documents and settings\LocalService\cch8988.tmp
    2010-04-12 14:03 . 2010-04-12 14:03 798 ----atw- c:\documents and settings\Administrator\AcrC657.tmp
    2010-04-12 14:03 . 2010-04-12 14:03 358 ----a-w- c:\documents and settings\Administrator\AcrC656.tmp
    2010-04-11 18:30 . 2009-03-21 00:11 -------- d-----w- c:\program files\Hide-IP-Browser
    2010-04-11 18:29 . 2008-09-20 08:59 -------- d-----w- c:\program files\EphPod
    2010-04-11 18:28 . 2008-02-26 10:18 -------- d-----w- c:\program files\DAMN NFO Viewer
    2010-04-11 18:15 . 2009-06-16 09:17 -------- d-----w- c:\program files\Audio Mid Recorder
    2010-04-11 13:30 . 2010-04-11 13:30 32768 ----atw- c:\documents and settings\LocalService\cch5DF.tmp
    2010-04-11 13:30 . 2010-04-11 13:30 32768 ----atw- c:\documents and settings\LocalService\cch5DE.tmp
    2010-04-11 13:30 . 2010-04-11 13:30 32768 ----atw- c:\documents and settings\LocalService\cch5DC.tmp
    2010-04-11 13:30 . 2010-04-11 13:30 32768 ----atw- c:\documents and settings\LocalService\cch5DB.tmp
    2010-04-11 12:54 . 2010-04-11 12:54 32768 ----a-w- c:\documents and settings\Administrator\~DF182B.tmp
    2010-04-11 12:32 . 2009-01-12 23:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Orbit
    2010-04-11 10:10 . 2010-04-11 10:10 155 ----a-w- c:\documents and settings\Administrator\qfn53A4.tmp
    2010-04-11 10:10 . 2010-04-11 10:10 155 ----a-w- c:\documents and settings\Administrator\qfn5399.tmp
    2010-04-11 10:10 . 2010-04-11 10:10 156 ----a-w- c:\documents and settings\Administrator\qfn537E.tmp
    2010-04-11 10:10 . 2010-04-11 10:10 156 ----a-w- c:\documents and settings\Administrator\qfn537C.tmp
    2010-04-11 10:09 . 2010-04-11 10:09 581 ----a-w- c:\documents and settings\Administrator\qfn534F.tmp
    2010-04-11 10:09 . 2010-04-11 10:09 122 ----a-w- c:\documents and settings\Administrator\qfn534E.tmp
    2010-04-11 10:09 . 2010-04-11 10:09 127 ----a-w- c:\documents and settings\Administrator\~fx532B.tmp
    2010-04-11 10:09 . 2008-02-26 08:08 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-04-11 10:08 . 2010-04-11 10:08 2293 ----a-w- c:\documents and settings\Administrator\~fx52C3.tmp
    2010-04-11 10:08 . 2010-04-11 10:08 5166 ----a-w- c:\documents and settings\Administrator\~fx52BE.tmp
    2010-04-11 10:07 . 2010-04-11 10:07 371 ----a-w- c:\documents and settings\Administrator\~fx52BC.tmp
    2010-04-11 10:07 . 2010-04-11 10:07 567 ----a-w- c:\documents and settings\Administrator\~fx52B7.tmp
    2010-04-10 15:58 . 2010-04-10 15:58 201 ----a-w- c:\documents and settings\Administrator\1CA9223A.TMP
    2010-04-10 15:06 . 2010-04-10 15:06 358 ----a-w- c:\documents and settings\Administrator\Acr390A.tmp
    2010-04-10 12:48 . 2008-02-26 13:08 -------- d-----w- c:\program files\PocoMail4
    2010-04-09 18:51 . 2010-04-09 18:51 72 ----a-w- c:\documents and settings\Administrator\DFB96C33.TMP
    2010-04-08 14:05 . 2010-03-09 17:29 0 ----a-w- c:\windows\system32\drivers\nStandard.bin
    2010-04-07 17:11 . 2010-04-07 17:11 65536 ----a-w- c:\documents and settings\Administrator\imaD9D.tmp
    2010-04-07 17:11 . 2010-04-07 17:11 65536 ----a-w- c:\documents and settings\Administrator\imaD9C.tmp
    2010-04-05 17:33 . 2010-04-05 19:39 110592 ----a-w- c:\documents and settings\Administrator\Application Data\U3\temp\cleanup.exe
    2010-04-05 10:32 . 2010-04-05 10:32 65536 ----a-w- c:\documents and settings\Administrator\ima3AA9.tmp
    2010-04-02 10:53 . 2008-12-07 19:16 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2010-04-02 10:53 . 2008-12-07 19:16 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2010-03-29 23:46 . 2009-02-16 16:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-29 23:45 . 2009-02-16 16:23 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-07-09 14:28 . 2008-02-26 10:27 212884256 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2009-07-09 14:28 . 2008-02-26 10:27 3929888 --sha-w- c:\windows\system32\drivers\fidbox2.dat
    .
    ((((((((((((((((((((((((((((( [email protected]_13.49.15 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-03-31 15:48 . 2008-03-20 15:41 49152 c:\windows\system32\SysTrayDll.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "ShowDeskFix"="shell32" [X]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
    "c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\ffmpeg.exe"=
    "c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\receiver.exe"=
    "c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\sharefolder.exe"=
    "c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\tagtool.exe"=
    "c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\sjcmdwiz.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "<NO NAME>"=
    "49153:UDP"= 49153:UDP:UDP49153
    "49154:UDP"= 49154:UDP:UDP49154
    "49155:UDP"= 49155:UDP:UDP49155
    "49156:TCP"= 49156:TCP:TCP49156
    "49158:TCP"= 49158:TCP:TCP49158
    "49159:TCP"= 49159:TCP:TCP49159
    "49152:UDP"= 49152:UDP:UDP49152
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 21:41 33808]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/03/2008 10:44 716272]
    R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [29/03/2010 21:44 7936]
    R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [26/02/2008 21:18 3744]
    R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [26/02/2008 21:18 3904]
    R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [23/08/2009 14:38 91392]
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [26/02/2008 09:16 38656]
    R3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [25/05/2007 13:48 17792]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 18:46 31760]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 21:59 19472]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16/02/2009 17:23 20824]
    S1 07061031;07061031;c:\windows\system32\DRIVERS\07061031.sys --> c:\windows\system32\DRIVERS\07061031.sys [?]
    S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16/02/2009 17:23 303952]
    S3 serusb;Motorola USB Comm Port;c:\windows\system32\drivers\usbser.sys [13/06/2008 11:17 25728]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    2010-04-14 c:\windows\Tasks\SDMsgUpdate (TE).job
    - c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-03-31 08:53]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = go.microsoft.com/fwlink/?LinkId=69157
    uInternet Settings,ProxyOverride = local;*.local
    uInternet Settings,ProxyServer = 127.0.0.1:8080
    IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
    IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0f2z73s5.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2383985&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.teamtalk.com/football/liverpool/0,16370,1776,00.html
    FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0f2z73s5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
    FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0f2z73s5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    ---- FIREFOX POLICIES ----
    FF - user.js: network.proxy.type - 0
    FF - user.js: network.proxy.http -
    FF - user.js: network.proxy.http_port - 0
    FF - user.js: network.proxy.ssl -
    FF - user.js: network.proxy.ssl_port - 0
    FF - user.js: network.proxy.ftp -
    FF - user.js: network.proxy.ftp_port - 0
    FF - user.js: network.proxy.gopher -
    FF - user.js: network.proxy.gopher_port - 0
    FF - user.js: network.proxy.socks_version - 5
    FF - user.js: network.proxy.socks -
    FF - user.js: network.proxy.socks_port - 0
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-14 18:09
    Windows 5.1.2600 Service Pack 3, v.5913 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):2f,dc,c3,19,7b,78,1e,06,97,b3,bc,6b,7e,78,86,ad,eb,63,65,43,4e,
    62,02,ba,e0,8b,73,89,91,bc,12,c3,68,38,96,11,44,e3,76,09,00,00,00,00,00,00,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a58038e8-b5a1-40ea-ba69-09493dee79cc}]
    @Denied: (Full) (Everyone)
    "Model"=dword:0000007f
    "Therad"=dword:0000000f
    "MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
    4b,7b,ad,04,7a,b1,b5,76,9b,27,47,2d,87,8e,50,e4,4d,0f,23,8e,09,53,4f,63,bc,\
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG10.00.00.01WORKSTATION"="3FD30FB91373E6FC0D4582EF7868E1B743371C52DA752858C172C647FA6E94DE4AE58A33BC8765FD98EB47C8226891F9449437EE9BC18716F314CCBCA1FAA01364AB59FC23E77B413D2E85C03F1A939AB118998DD5B6BB71FA2A158C5E605532FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC7933FEBC9E127BECC74CFBEE69B6AEB2806E2530264CAE1364CB3B14A2BF8A8DBE03E0EF8039A5E9687714E80A38672C97CD9A9447CCA07C1E284B276C5B2BA7F5FA1F3F0DF5EE25A5E5972CA5BDACB2EFA5745D77609B82550FB4CBAD1951EDE1A26EFE554A04474EA570202922113074D3B89CA851E0060B9E3B58FC540C5BB678ED7137435D836D36B80E56C21A2CA47AA1441F6EA2095239D38AC4EADB0B3E41F23BE1F1E9B0205D43244101445893801C2BF68B8AB4D4082982444134BF5606836659690C4619A494755342FE07688EC90E9BFCB4D54EF39A448F40005DEE925B61F34499651FD9647847712B2E5E94800CD09E2FD98FAD3A380BD21B6C0E76EAFA601D5BCC0C0D9E8831FBA1E74544C9282B500057FB284FA9F169D71B4D86D46A9B1611E4CE13E3E1F2D1AC75801362C914F19F840D1AD34BD4F4F9B7D9DA71497AD3EBB568078A2946E90C3986BBBBBCCA6DF63D4DFDF5B11470BA3AF34F4A94257E91EE6FC41962B8BE72B8E23BFCAFDFA969825E1418D26855473BF103212C16C21D610F6CCC7AA9CB8620B4557EB6B919C877F3DF510CDB2341753E5C68581FD01B030565953E4F15E2BD300FCEC8122CDE64D6A76C1ECD60BC4B5302C8C0625E8FED245799E0B19E18851CB3ACC2F559E6B462F667AD701144C0C3609CF158236E5FD0AF31F62DF1A78C53D01161C89D1078881C7543C9C35200B528F25F4C5C233A881FE67DF31E098E453824C9BE74FE63CBAB7BC93585D9D5E04C915D5F4A0B04569BFC518834A8EB767F42046262CC4E457C9514626CC0B193866C2503B178665E5EE6354649E3A4FB027E7911ED04B3A12992D3538EDC2A2F51B3D4805CB1B0D5E44ECF58778D62825E1F7BFC22A5B59F1073A35F87FDF6A86EC26D74157052886F8E2BBFDB6E6DC8F49ABC2B8CA49595D66FFDAFF765F589612FD44DADE2625382B8B6D19940B7236D215377BFE9BCE961714545834527EDF140534EF92A1CA86892433754B1D1F63214BC0DD352379ADD183D7151492F892D701711D3DDDA8FAE13876B3767F2416F0757EE622BB3B63A358D5B0D0DD81F6171B17F968723A225661FC0EF76F69098C5E6F10A3B0863A84F43FCE5230F892525975A24A3180F61ED075CAE6B5C09E34C92426E3AAA57A1224E27900FE334CE23233660260696BDBEA2B4AAC4C5E04B4DE5DAB4D1B66060"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'explorer.exe'(1720)
    c:\windows\system32\hnetcfg.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\windows\system32\wpdshserviceobj.dll
    c:\windows\system32\BsLangInDepRes.dll
    c:\windows\system32\Bs2Res.dll
    c:\windows\system32\portabledevicetypes.dll
    c:\windows\system32\portabledeviceapi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\crypserv.exe
    c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
    c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\oodag.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Motorola\MotoConnectService\MotoConnect.exe
    .
    **************************************************************************
    .
    Completion time: 2010-04-14 18:17:15 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-04-14 17:17
    ComboFix2.txt 2010-04-14 14:01
    Pre-Run: 9,552,904,192 bytes free
    Post-Run: 9,516,449,792 bytes free
    - - End Of File - - 4658EB83CC9CB948C55B253A27A91428
     
  2. snifferhann

    snifferhann Thread Starter

    Joined:
    Apr 14, 2010
    Messages:
    3
    I ve just seen a similar problem on this site so have ran dds. Log below:


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Administrator at 19:00:57.71 on 14/04/2010
    Internet Explorer: 6.0.2900.3180 BrowserJavaVersion: 1.6.0_03
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3327.2617 [GMT 1:00]
    AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    ============== Running Processes ===============
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Orbitdownloader\orbitdm.exe
    C:\Program Files\Orbitdownloader\orbitnet.exe
    C:\Documents and Settings\Administrator\Desktop\dds.com
    ============== Pseudo HJT Report ===============
    uStart Page = go.microsoft.com/fwlink/?LinkId=69157
    uInternet Settings,ProxyOverride = local;*.local
    uInternet Settings,ProxyServer = 127.0.0.1:8080
    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
    dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
    IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
    IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
    IE: &Download with &DAP - c:\program files\dap\dapextie.htm
    IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
    IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
    IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
    IE: Download Link Using Mega Manager... - c:\program files\megaupload\mega manager\mm_file.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} -
    WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
    WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
    WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
    WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
    WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
    WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
    Notify: klogon - c:\windows\system32\klogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    ================= FIREFOX ===================
    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\0f2z73s5.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2383985&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.teamtalk.com/football/liverpool/0,16370,1776,00.html
    FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\0f2z73s5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    FF - component: c:\program files\mozilla firefox\extensions\[email protected]\components\KavLinkFilter.dll
    FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\0f2z73s5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    ---- FIREFOX POLICIES ----
    FF - user.js: network.proxy.type - 0
    FF - user.js: network.proxy.http -
    FF - user.js: network.proxy.http_port - 0
    FF - user.js: network.proxy.ssl -
    FF - user.js: network.proxy.ssl_port - 0
    FF - user.js: network.proxy.ftp -
    FF - user.js: network.proxy.ftp_port - 0
    FF - user.js: network.proxy.gopher -
    FF - user.js: network.proxy.gopher_port - 0
    FF - user.js: network.proxy.socks_version - 5
    FF - user.js: network.proxy.socks -
    FF - user.js: network.proxy.socks_port - 0
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    ============= SERVICES / DRIVERS ===============
    R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
    R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-6-15 128016]
    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
    R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2010-4-14 3968]
    R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-3-29 7936]
    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-3-2 296976]
    R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-7-3 303376]
    R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2008-2-26 3744]
    R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2008-2-26 3904]
    R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2009-8-23 91392]
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-2-26 38656]
    R3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [2007-5-25 17792]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 31760]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-2-16 20824]
    S1 07061031;07061031;c:\windows\system32\drivers\07061031.sys --> c:\windows\system32\drivers\07061031.sys [?]
    S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-2-16 303952]
    S3 cpuz132;cpuz132;\??\c:\documents and settings\administrator\cpuz132\cpuz132_x32.sys --> c:\documents and settings\administrator\cpuz132\cpuz132_x32.sys [?]
    S3 serusb;Motorola USB Comm Port;c:\windows\system32\drivers\usbser.sys [2008-6-13 25728]
    =============== Created Last 30 ================
    2010-04-14 18:00:56 0 d-----w- c:\documents and settings\administrator\781.tmp
    2010-04-14 17:41:42 0 d-----w- c:\documents and settings\administrator\WPDNSE
    2010-04-14 14:34:51 0 d-----w- c:\program files\RootQuest
    2010-04-14 13:26:45 0 d-sha-r- C:\cmdcons
    2010-04-14 13:24:18 98816 ----a-w- c:\windows\sed.exe
    2010-04-14 13:24:18 77312 ----a-w- c:\windows\MBR.exe
    2010-04-14 13:24:18 261632 ----a-w- c:\windows\PEV.exe
    2010-04-14 13:24:18 161792 ----a-w- c:\windows\SWREG.exe
    2010-04-14 12:58:50 96384 ----a-w- c:\documents and settings\administrator\bck1.tmp
    2010-04-14 12:46:53 203 ----a-w- c:\documents and settings\administrator\~fx9BF.tmp
    2010-04-14 12:46:52 127 ----a-w- c:\documents and settings\administrator\~fx9BE.tmp
    2010-04-14 12:46:51 127 ----a-w- c:\documents and settings\administrator\~fx9BA.tmp
    2010-04-14 12:46:47 7705 ----a-w- c:\documents and settings\administrator\~fx995.tmp
    2010-04-14 10:59:52 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
    2010-04-14 10:56:08 96384 ----a-w- c:\documents and settings\administrator\bckE16.tmp
    2010-04-14 09:44:21 96384 ----a-w- c:\documents and settings\administrator\bck22.tmp
    2010-04-14 09:40:36 98304 ----a-w- c:\windows\system32\drivers\tsk11.tmp
    2010-04-14 09:40:25 96384 ----a-w- c:\documents and settings\administrator\bck10.tmp
    2010-04-14 09:32:50 96384 ----a-w- c:\documents and settings\administrator\bck618.tmp
    2010-04-14 09:32:15 0 d-----w- c:\documents and settings\administrator\Rar$EX00.047
    2010-04-13 23:39:41 29614081 ----a-w- c:\documents and settings\administrator\fla370.tmp
    2010-04-13 21:22:58 13778 ----a-w- C:\exe.dat
    2010-04-13 20:26:39 0 d-----w- c:\program files\Enigma Software Group
    2010-04-13 20:04:16 0 d-----w- c:\documents and settings\administrator\plugtmp-7
    2010-04-13 19:50:41 147456 ----a-w- C:\catchme.exe
    2010-04-13 19:37:01 0 d-----w- c:\docume~1\admini~1\applic~1\QuickScan
    2010-04-13 18:58:48 0 d-----w- c:\documents and settings\administrator\HouseCall
    2010-04-13 18:58:38 0 d-----w- c:\documents and settings\administrator\HCBackup
    2010-04-13 18:37:15 311296 ----a-w- c:\documents and settings\administrator\~DF7E5C.tmp
    2010-04-13 17:35:48 311296 ----a-w- c:\documents and settings\administrator\~DF713C.tmp
    2010-04-13 16:45:28 707348 ----a-w- c:\documents and settings\administrator\IMTE.xml
    2010-04-13 16:45:28 426 ----a-w- c:\documents and settings\administrator\IMTD.xml
    2010-04-13 16:45:28 1994 ----a-w- c:\documents and settings\administrator\IMTC.xml
    2010-04-13 10:33:19 213 ----a-w- c:\documents and settings\administrator\~fx12.tmp
    2010-04-13 10:33:18 127 ----a-w- c:\documents and settings\administrator\~fx11.tmp
    2010-04-13 10:33:13 2407 ----a-w- c:\documents and settings\administrator\~fx10.tmp
    2010-04-12 22:37:59 0 ----a-w- c:\documents and settings\administrator\tmp947.tmp
    2010-04-12 22:37:59 0 ----a-w- c:\documents and settings\administrator\tmp946.tmp
    2010-04-12 22:37:59 0 ----a-w- c:\documents and settings\administrator\tmp945.tmp
    2010-04-12 22:37:57 0 ----a-w- c:\documents and settings\administrator\tmp944.tmp
    2010-04-12 22:37:57 0 ----a-w- c:\documents and settings\administrator\tmp943.tmp
    2010-04-12 21:01:34 0 ----a-w- c:\documents and settings\administrator\tmp66.tmp
    2010-04-12 21:01:34 0 ----a-w- c:\documents and settings\administrator\tmp65.tmp
    2010-04-12 21:01:34 0 ----a-w- c:\documents and settings\administrator\tmp64.tmp
    2010-04-12 21:01:34 0 ----a-w- c:\documents and settings\administrator\tmp63.tmp
    2010-04-12 21:01:15 0 ----a-w- c:\documents and settings\administrator\tmp62.tmp
    2010-04-12 21:01:14 0 ----a-w- c:\documents and settings\administrator\tmp61.tmp
    2010-04-12 19:47:26 0 d-----w- c:\documents and settings\administrator\hsperfdata_Administrator
    2010-04-12 17:55:44 311296 ----a-w- c:\documents and settings\administrator\~DF57B1.tmp
    2010-04-12 15:59:57 65536 ----a-w- c:\documents and settings\administrator\ima91F3.tmp
    2010-04-12 15:59:57 65536 ----a-w- c:\documents and settings\administrator\ima91F2.tmp
    2010-04-12 15:55:55 1272663 ----a-r- c:\documents and settings\administrator\Crazy on the Outside disc.rar
    2010-04-12 14:03:51 798 ----atw- c:\documents and settings\administrator\AcrC657.tmp
    2010-04-12 14:03:19 358 ----a-w- c:\documents and settings\administrator\AcrC656.tmp
    2010-04-12 13:46:19 0 d-----w- c:\documents and settings\administrator\plugtmp-4
    2010-04-12 12:21:39 0 d-----w- c:\documents and settings\administrator\hsperfdata_SYSTEM
    2010-04-11 12:54:23 32768 ----a-w- c:\documents and settings\administrator\~DF182B.tmp
    2010-04-11 12:30:41 554064 ----a-w- c:\documents and settings\administrator\LiveUpdate.exe
    2010-04-11 12:30:41 554064 ----a-w- c:\documents and settings\administrator\LiveUpdate.dat
    2010-04-11 12:28:59 0 d-----w- c:\documents and settings\administrator\LiveUpdate
    2010-04-11 10:29:06 0 d-----w- c:\documents and settings\administrator\plugtmp-3
    2010-04-11 10:10:14 155 ----a-w- c:\documents and settings\administrator\qfn53A4.tmp
    2010-04-11 10:10:14 155 ----a-w- c:\documents and settings\administrator\qfn5399.tmp
    2010-04-11 10:10:09 156 ----a-w- c:\documents and settings\administrator\qfn537E.tmp
    2010-04-11 10:10:09 156 ----a-w- c:\documents and settings\administrator\qfn537C.tmp
    2010-04-11 10:09:58 581 ----a-w- c:\documents and settings\administrator\qfn534F.tmp
    2010-04-11 10:09:58 122 ----a-w- c:\documents and settings\administrator\qfn534E.tmp
    2010-04-11 10:09:40 127 ----a-w- c:\documents and settings\administrator\~fx532B.tmp
    2010-04-11 10:09:09 0 d-----w- c:\program files\common files\AnswerWorks 5.0
    2010-04-11 10:09:03 0 d-----w- c:\documents and settings\administrator\bye52C4.tmp
    2010-04-11 10:08:59 2293 ----a-w- c:\documents and settings\administrator\~fx52C3.tmp
    2010-04-11 10:08:15 5166 ----a-w- c:\documents and settings\administrator\~fx52BE.tmp
    2010-04-11 10:07:44 0 d-----w- c:\docume~1\admini~1\applic~1\Intuit
    2010-04-11 10:07:43 371 ----a-w- c:\documents and settings\administrator\~fx52BC.tmp
    2010-04-11 10:07:33 31 ----a-w- c:\windows\QUICKEN.INI
    2010-04-11 10:07:16 567 ----a-w- c:\documents and settings\administrator\~fx52B7.tmp
    2010-04-11 10:07:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit
    2010-04-11 00:04:49 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
    2010-04-10 15:58:39 201 ----a-w- c:\documents and settings\administrator\1CA9223A.TMP
    2010-04-10 15:06:46 358 ----a-w- c:\documents and settings\administrator\Acr390A.tmp
    2010-04-09 18:51:12 72 ----a-w- c:\documents and settings\administrator\DFB96C33.TMP
    2010-04-07 17:11:10 65536 ----a-w- c:\documents and settings\administrator\imaD9D.tmp
    2010-04-07 17:11:10 65536 ----a-w- c:\documents and settings\administrator\imaD9C.tmp
    2010-04-06 11:11:39 74390 ----a-w- c:\documents and settings\administrator\2kdnsygk.bmp
    2010-04-05 10:32:02 65536 ----a-w- c:\documents and settings\administrator\ima3AA9.tmp
    2010-04-04 16:21:33 0 d-----w- c:\program files\STOIK Imaging
    2010-04-04 16:21:02 0 d-----w- c:\documents and settings\administrator\isp19ED.tmp
    2010-04-04 16:19:43 7680 ------w- c:\documents and settings\administrator\SegPlayPCRegisterPatterns.exe
    2010-04-04 16:19:43 7680 ------w- c:\documents and settings\administrator\SegPlayPCDXCheck.exe
    2010-04-04 16:19:43 74448 ------w- c:\documents and settings\administrator\DSETUP.dll
    2010-04-04 16:19:43 6656 ------w- c:\documents and settings\administrator\SegPlayPCInstallCheck.exe
    2010-04-04 16:19:43 626688 ------w- c:\documents and settings\administrator\msvcr80.dll
    2010-04-04 16:19:43 548864 ------w- c:\documents and settings\administrator\msvcp80.dll
    2010-04-04 16:19:43 479232 ------w- c:\documents and settings\administrator\msvcm80.dll
    2010-04-04 16:19:43 1869 ------w- c:\documents and settings\administrator\Microsoft.VC80.CRT.manifest
    2010-04-04 16:19:40 0 d-----w- c:\program files\Segmation
    2010-04-02 10:58:30 0 d-----w- c:\documents and settings\administrator\RarSFX0
    2010-03-30 14:45:19 0 ----a-w- c:\documents and settings\administrator\mmc2B206E82.xml
    2010-03-30 14:31:16 0 ----a-w- c:\documents and settings\administrator\mmc04FB70EC.xml
    2010-03-30 14:29:00 0 ----a-w- c:\documents and settings\administrator\mmc03E8EDF4.xml
    2010-03-30 14:02:38 0 ----a-w- c:\documents and settings\administrator\mmc00F47DD0.xml
    2010-03-30 10:28:00 0 ----a-w- c:\documents and settings\administrator\mmc11DE3390.xml
    2010-03-30 10:10:58 0 ----a-w- c:\documents and settings\administrator\mmc07174260.xml
    2010-03-30 08:55:40 0 d-----w- c:\documents and settings\administrator\plugtmp-2
    2010-03-29 20:44:57 0 d-----w- c:\docume~1\alluse~1\applic~1\FNET
    2010-03-29 20:44:49 7936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
    2010-03-29 20:44:44 0 d-----w- c:\program files\PcCloneEX
    2010-03-29 13:53:42 0 d-----w- c:\documents and settings\administrator\plugtmp-1
    2010-03-29 13:46:40 28480 ----a-r- c:\documents and settings\administrator\AMPing.exe
    2010-03-28 02:59:10 0 d-----w- c:\docume~1\admini~1\applic~1\Mufe
    2010-03-27 12:47:28 0 d-----w- c:\documents and settings\administrator\plugtmp
    2010-03-25 23:58:54 123 ----a-w- c:\documents and settings\administrator\CFG8056.tmp
    2010-03-25 23:57:28 128536 ----a-w- c:\documents and settings\administrator\DAPREMOVE.EXE
    2010-03-25 00:32:13 65536 ----a-w- c:\documents and settings\administrator\~DFC889.tmp
    2010-03-25 00:31:56 65536 ----a-w- c:\documents and settings\administrator\~DF2BD0.tmp
    2010-03-25 00:31:28 65536 ----a-w- c:\documents and settings\administrator\~DF5C4B.tmp
    2010-03-24 20:52:53 0 d-----w- c:\documents and settings\administrator\OIS
    2010-03-24 15:30:02 0 d-----w- c:\documents and settings\administrator\VBE
    2010-03-23 18:17:17 0 d-----w- c:\documents and settings\administrator\Acrobat Distiller 8
    2010-03-23 15:53:15 3532 ----a-w- C:\drmHeader.bin
    2010-03-23 13:09:09 0 d-----w- c:\program files\Seagate
    2010-03-23 13:04:21 71680 ----a-w- c:\documents and settings\administrator\GLBFD7.tmp
    2010-03-23 10:55:31 0 d-----w- c:\temp\MotoConnectTemp
    2010-03-23 09:44:03 65536 ----a-w- c:\documents and settings\administrator\~DF4243.tmp
    2010-03-22 22:54:16 0 d-----w- c:\docume~1\alluse~1\applic~1\SpeedBit
    2010-03-22 22:54:12 138760 ----a-w- c:\documents and settings\administrator\RunWizards.exe
    2010-03-22 22:53:45 99800 ----a-w- c:\documents and settings\administrator\cabex.dll
    2010-03-22 22:53:45 1748 ----a-w- c:\documents and settings\administrator\dapcleanerie.htm
    2010-03-22 22:53:45 0 d-----w- c:\documents and settings\administrator\LocalesU
    2010-03-22 22:34:39 65536 ----a-w- c:\documents and settings\administrator\~DFDBB7.tmp
    2010-03-22 22:31:16 65536 ----a-w- c:\documents and settings\administrator\~DF7D9A.tmp
    2010-03-22 14:45:10 65536 ----a-w- c:\documents and settings\administrator\~DF4DB1.tmp
    2010-03-22 00:10:54 1192 ----a-w- c:\documents and settings\administrator\Address Labels (902794588844).pdf
    2010-03-20 21:25:25 0 d-----w- c:\documents and settings\administrator\plugtmp-52
    2010-03-19 21:58:52 65536 ----a-w- c:\documents and settings\administrator\ima344E.tmp
    2010-03-18 16:31:27 65536 ----a-w- c:\documents and settings\administrator\~DF8791.tmp
    2010-03-18 16:22:56 65536 ----a-w- c:\documents and settings\administrator\~DF8AB.tmp
    2010-03-18 16:17:34 65536 ----a-w- c:\documents and settings\administrator\ima3365.tmp
    2010-03-18 16:17:34 65536 ----a-w- c:\documents and settings\administrator\ima3364.tmp
    2010-03-18 15:06:16 65536 ----a-w- c:\documents and settings\administrator\~DF530A.tmp
    2010-03-18 10:05:17 265728 -c----w- c:\windows\system32\dllcache\http.sys
    2010-03-18 09:38:20 113 ----a-w- c:\documents and settings\administrator\010ADD2C.TMP
    2010-03-18 08:42:26 977 ----atw- c:\documents and settings\administrator\BCGB.tmp
    2010-03-18 08:42:26 977 ----atw- c:\documents and settings\administrator\BCGA.tmp
    2010-03-18 00:36:16 473 ----a-w- c:\documents and settings\administrator\DLL_{42929F0F-CE14-47AF-9FC7-FF297A603021}.ini
    2010-03-18 00:36:16 0 ----a-w- c:\documents and settings\administrator\is1679.tmp
    2010-03-17 18:48:03 0 d-----w- C:\8d113d41ec57f411bf7fbeb77296
    2010-03-17 18:47:22 0 ----a-w- c:\documents and settings\administrator\~A.tmp
    2010-03-17 14:36:48 36864 ----a-w- c:\windows\system32\MD5.ocx
    2010-03-17 14:36:47 0 d-----w- c:\program files\XP_Key_Changer
    2010-03-17 14:22:18 0 ----a-w- c:\documents and settings\administrator\aax2331.tmp
    2010-03-17 14:15:11 0 ----a-w- c:\documents and settings\administrator\aax22AA.tmp
    2010-03-17 09:53:53 0 d-----w- c:\documents and settings\administrator\{EAAB5FBB-9737-4A6C-A5C0-4B3D76BC932B}
    2010-03-16 21:21:59 0 d-----w- c:\program files\Loaris
    2010-03-16 20:59:32 0 d-----w- c:\windows\system32\CatRoot_bak
    2010-03-16 20:50:27 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
    2010-03-16 20:50:00 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2010-03-16 20:49:56 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
    2010-03-16 20:49:56 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
    2010-03-16 20:46:34 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-03-16 20:46:10 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2010-03-16 20:46:09 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2010-03-16 20:46:09 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2010-03-16 20:41:02 2560 ------w- c:\windows\system32\xpsp4res.dll
    2010-03-16 20:04:01 0 d-----w- c:\documents and settings\administrator\{CD20B98A-59DB-4AC6-A0D3-320C9DE30F71}
    2010-03-16 20:02:48 0 d-----w- c:\documents and settings\administrator\{F49C43BB-75D0-4254-981A-7BD8DC9B7CB4}
    2010-03-16 19:54:32 0 d-----w- c:\documents and settings\administrator\{748C82FE-86A8-4EBC-8F2A-E62F02EC1EA4}
    2010-03-16 19:33:11 0 d-----w- c:\documents and settings\administrator\{3C3EB740-800F-47A4-805E-A0F1FF2DB3A1}
    2010-03-16 19:32:54 0 d-----w- c:\documents and settings\administrator\{60406820-78A4-4B73-B854-0FD24274B3DD}
    2010-03-16 19:31:53 0 d-----w- c:\documents and settings\administrator\{77F02026-2A07-412B-9BC9-31C821E564B9}
    2010-03-16 19:31:45 0 d-----w- c:\documents and settings\administrator\{AD7FCDD2-E764-4A32-9EA3-DFB3A0D7F316}
    2010-03-16 19:31:42 0 d-----w- c:\documents and settings\administrator\{54B73E95-C0BA-468B-8F17-165FA66899CF}
    2010-03-16 19:31:34 0 d-----w- c:\documents and settings\administrator\{EF72E2D7-2A39-4189-8F4E-D7F8A71B1F05}
    2010-03-16 19:31:21 0 d-----w- c:\documents and settings\administrator\{40B2F6E0-A451-47D9-8EAC-771513FF197B}
    2010-03-16 19:31:01 0 d-----w- c:\documents and settings\administrator\{16C661F1-8928-430A-8521-2C6C022F80FB}
    2010-03-16 15:34:33 0 d-----w- c:\windows\system32\SoftwareDistribution
    2010-03-16 15:30:12 494 ----a-w- C:\appbckp1.reg
    2010-03-16 15:30:12 1234874 ----a-w- C:\appbckp2.reg
    2010-03-16 15:28:52 0 d-----w- c:\program files\%temp%
    2010-03-16 15:28:52 0 ----a-w- c:\documents and settings\administrator\~5E4C.tmp
    2010-03-16 14:21:39 65536 ----a-w- c:\documents and settings\administrator\~DFBF6A.tmp
    2010-03-16 14:19:41 65536 ----a-w- c:\documents and settings\administrator\~DF8315.tmp
    2010-03-16 14:11:20 65536 ----a-w- c:\documents and settings\administrator\~DFBB9.tmp
    2010-03-16 14:10:07 0 d-----w- c:\docume~1\alluse~1\applic~1\AltrixSoft
    2010-03-16 14:09:42 0 d-----w- c:\program files\Hard Drive Inspector
    2010-03-16 14:09:39 0 d-----w- c:\program files\common files\AltrixSoft
    2010-03-16 14:09:24 0 d-----w- c:\documents and settings\administrator\nsp3D1C.tmp
    2010-03-16 14:01:06 65536 ----a-w- c:\documents and settings\administrator\~DFBC8C.tmp
    2010-03-16 13:40:01 0 d-----w- c:\program files\MUP
    2010-03-16 13:34:48 0 d-----w- c:\program files\Shabestar.net
    2010-03-16 13:34:41 123 ----a-w- c:\documents and settings\administrator\CFG346E.tmp
    2010-03-16 13:34:34 123 ----a-w- c:\documents and settings\administrator\CFG346B.tmp
    ==================== Find3M ====================
    2010-04-14 12:59:47 96384 ------w- c:\windows\system32\drivers\atapi.sys
    2010-04-08 14:05:48 0 ----a-w- c:\windows\system32\drivers\nStandard.bin
    2010-04-02 10:53:39 2828 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
    2010-03-29 23:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-29 23:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-16 21:24:37 9728 ----a-w- c:\documents and settings\administrator\bassmod.dll
    2010-03-02 12:59:10 95259 ----a-w- c:\windows\system32\drivers\klick.dat
    2010-03-02 12:59:10 108059 ----a-w- c:\windows\system32\drivers\klin.dat
    2010-03-02 12:26:43 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
    2010-02-24 08:52:42 880992 ----a-r- c:\documents and settings\administrator\InstallManager_BAB_BAB.exe
    2010-02-22 18:01:49 3319168 ----a-w- c:\documents and settings\administrator\Paint.NET.3.5.3.Update.exe
    2010-02-15 14:34:11 41984 ----a-w- c:\windows\system32\RtkCoInstXP(9).dll
    2010-02-15 14:34:11 41984 ----a-w- c:\windows\system32\RtkCoInstXP(8).dll
    2010-02-15 14:34:11 41984 ----a-w- c:\windows\system32\RtkCoInstXP(7).dll
    2010-02-15 14:34:11 41984 ----a-w- c:\windows\system32\RtkCoInstXP(6).dll
    2010-02-15 14:34:11 41984 ----a-w- c:\windows\system32\RtkCoInstXP(5).dll
    2010-02-15 14:34:11 41984 ----a-w- c:\windows\system32\RtkCoInstXP(4).dll
    2010-02-15 14:34:11 41984 ----a-w- c:\windows\system32\RtkCoInstXP(3).dll
    2010-02-15 14:34:11 41984 ----a-w- c:\windows\system32\RtkCoInstXP(2).dll
    2010-02-15 14:34:11 41984 ----a-w- c:\windows\system32\RtkCoInstXP(11).dll
    2010-02-15 14:34:11 41984 ----a-w- c:\windows\system32\RtkCoInstXP(10).dll
    2010-02-03 10:16:56 2618377 ----a-w- c:\documents and settings\administrator\idman5188.exe
    2010-01-26 16:50:15 2959376 ----a-w- c:\documents and settings\administrator\dotnetfx35setup.exe
    2007-02-01 18:02:54 313344 ----a-w- c:\program files\hjsplit.exe
    2007-01-15 08:36:30 118784 ----a-w- c:\program files\FixVTS.exe
    2006-06-23 22:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe
    2009-07-09 14:28:23 212884256 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2009-07-09 14:28:23 3929888 --sha-w- c:\windows\system32\drivers\fidbox2.dat
    ============= FINISH: 19:01:51.15 ===============
     

    Attached Files:

  3. snifferhann

    snifferhann Thread Starter

    Joined:
    Apr 14, 2010
    Messages:
    3
    GMER log below. Using version 1.0.15 Wouldn't let me change as many options as described in previous threads using older GMER version, I guessed this was due to new version.

    Thanks

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-04-14 23:30:56
    Windows 5.1.2600 Service Pack 3, v.5913
    Running: use.exe

    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b107a289
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0013eff0d620
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xF9 0x6C 0xFF 0xE1 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x24 0xB9 0x04 0x92 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x87 0xFA 0x3D 0xF5 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0011b107a289 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0013eff0d620 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0xF9 0x6C 0xFF 0xE1 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x24 0xB9 0x04 0x92 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x87 0xFA 0x3D 0xF5 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] 3FD30FB91373E6FC0D4582EF7868E1B743371C52DA752858C172C647FA6E94DE4AE58A33BC8765FD98EB47C8226891F9449437EE9BC18716F314CCBCA1FAA01364AB59FC23E77B413D2E85C03F1A939AB118998DD5B6BB71FA2A158C5E605532FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC7933FEBC9E127BECC74CFBEE69B6AEB2806E2530264CAE1364CB3B14A2BF8A8DBE03E0EF8039A5E9687714E80A38672C97CD9A9447CCA07C1E284B276C5B2BA7F5FA1F3F0DF5EE25A5E5972CA5BDACB2EFA5745D77609B82550FB4CBAD1951EDE1A26EFE554A04474EA570202922113074D3B89CA851E0060B9E3B58FC540C5BB678ED7137435D836D36B80E56C21A2CA47AA1441F6EA2095239D38AC4EADB0B3E41F23BE1F1E9B0205D43244101445893801C2BF68B8AB4D4082982444134BF5606836659690C4619A494755342FE07688EC90E9BFCB4D54EF39A448F40005DEE925B61F34499651FD9647847712B2E5E94800CD09E2FD98FAD3A380BD21B6C0E76EAFA601D5BCC0C0D9E8831FBA1E74544C9282B500057FB284FA9F169D71B4D86D46A9B1611E4CE13E3E1F2D1AC75801362C914F19F840D1AD34BD4F4F9B7D9DA71497AD3EBB568078A2946E90C3986BBBBBCCA6DF63D4DF
    Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x2F 0xDC 0xC3 0x19 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{a58038e8-b5a1-40ea-ba69-09493dee79cc}@Model 127
    Reg HKLM\SOFTWARE\Classes\CLSID\{a58038e8-b5a1-40ea-ba69-09493dee79cc}@Therad 15
    Reg HKLM\SOFTWARE\Classes\CLSID\{a58038e8-b5a1-40ea-ba69-09493dee79cc}@MData 0xCB 0x9B 0xAD 0xEF ...
    ---- Files - GMER 1.0.15 ----
    File C:\Documents and Settings\LocalService\cch5E2.tmp 0 bytes
    File C:\Documents and Settings\LocalService\cch5E3.tmp 0 bytes
    File C:\TDSSKiller.2.2.8.1_14.04.2010_23.18.11_log.txt 49970 bytes
    ---- EOF - GMER 1.0.15 ----
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/916887

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice