Solved Malware Taking Over

[Resolved] Malware Taking Over

Hey guys,

I have a bad google redirect malware that has been bothering me for a few days on both Chrome and Firefox. Tonight, though, I have something that opens the "Open With" box every single time I open a program. No antivirus/antimalware programs I have are detecting anything. I hope someone can help

Here are my DDS logs (2 separate posts)


DDS (Ver_10-03-17.01) - NTFSx86
Run by Sampson at 4:49:12.53 on Sun 04/11/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.490 [GMT -4:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\Sampson\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\QUALCOMM\QDLService\QDLService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sampson\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [Google Update] "c:\documents and settings\sampson\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sampson\applic~1\mozilla\firefox\profiles\l85e7cm8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - plugin: c:\documents and settings\sampson\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\sampson\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\sampson\application data\mozilla\firefox\profiles\l85e7cm8.default\extensions\justintvpublisher@justin.tv\platform\winnt_x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\documents and settings\sampson\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\sampson\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google updater\2.4.1908.5032\npCIDetect14.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 149040]
R1 MpKsl6c2173a4;MpKsl6c2173a4;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4a6cf1dc-45a6-4064-a813-f4853e2c318a}\MpKsl6c2173a4.sys [2010-4-11 28880]
R2 CrossLoopService;CrossLoop Service;c:\documents and settings\sampson\local settings\application data\crossloop\CrossLoopService.exe [2010-2-22 560792]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\qdlservice\QDLService.exe [2008-11-10 345336]
S1 aisggsig;aisggsig;\??\c:\windows\system32\drivers\aisggsig.sys --> c:\windows\system32\drivers\aisggsig.sys [?]
S1 cpoxzgoh;cpoxzgoh;\??\c:\windows\system32\drivers\cpoxzgoh.sys --> c:\windows\system32\drivers\cpoxzgoh.sys [?]
S1 dwttwlcm;dwttwlcm;\??\c:\windows\system32\drivers\dwttwlcm.sys --> c:\windows\system32\drivers\dwttwlcm.sys [?]
S1 keagzpqu;keagzpqu;\??\c:\windows\system32\drivers\keagzpqu.sys --> c:\windows\system32\drivers\keagzpqu.sys [?]
S1 leuaoesr;leuaoesr;\??\c:\windows\system32\drivers\leuaoesr.sys --> c:\windows\system32\drivers\leuaoesr.sys [?]
S1 oewprgpm;oewprgpm;\??\c:\windows\system32\drivers\oewprgpm.sys --> c:\windows\system32\drivers\oewprgpm.sys [?]
S1 vrmxrfzv;vrmxrfzv;\??\c:\windows\system32\drivers\vrmxrfzv.sys --> c:\windows\system32\drivers\vrmxrfzv.sys [?]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-20 30192]
S3 QCFilterGAD;Gobi AD USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterGAD.sys [2009-7-24 5248]
S3 qcusbnetGAD;Gobi AD USB-NDIS miniport;c:\windows\system32\drivers\qcusbnetGAD.sys [2009-7-24 115200]
S3 qcusbserGAD;Gobi AD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserGAD.sys [2009-2-17 103680]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\rkpavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 uvnc_service;uvnc_service;c:\documents and settings\sampson\local settings\application data\crossloop\winvnc.exe [2010-2-22 1590216]

============== File Associations ===============

.exe=secfile

=============== Created Last 30 ================

2010-04-09 21:44:15 0 d-sha-r- C:\cmdcons
2010-04-09 21:42:38 98816 ----a-w- c:\windows\sed.exe
2010-04-09 21:42:38 77312 ----a-w- c:\windows\MBR.exe
2010-04-09 21:42:38 161792 ----a-w- c:\windows\SWREG.exe
2010-04-09 16:17:23 53088 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-09 16:17:23 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-09 16:17:16 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-09 16:16:53 50 ----a-w- c:\windows\wininit.ini
2010-04-09 15:44:19 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys4E5EA5B4
2010-04-08 17:36:15 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-08 17:30:36 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-08 17:30:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-04-08 17:30:15 0 d-----w- c:\program files\Hitman Pro 3.5
2010-04-08 12:17:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-08 12:16:55 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-07 21:01:38 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-27 01:45:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Research In Motion

==================== Find3M ====================

2010-04-09 15:53:19 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-03-11 12:38:54 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2009-01-20 18:25:44 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-07-24 08:04:30 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009072420090725\index.dat

============= FINISH: 4:51:15.56 ===============

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/24/2009 4:06:44 AM
System Uptime: 4/11/2010 4:28:22 AM (0 hours ago)

Motherboard: Acer | |
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU | 1596/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 143 GiB total, 125.956 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP150: 1/10/2010 6:20:24 AM - Microsoft Antimalware Checkpoint
RP151: 1/11/2010 3:00:35 AM - Software Distribution Service 3.0
RP152: 1/11/2010 2:04:46 PM - Software Distribution Service 3.0
RP153: 1/12/2010 3:00:44 AM - Software Distribution Service 3.0
RP154: 1/12/2010 4:49:45 PM - Software Distribution Service 3.0
RP155: 1/13/2010 3:00:17 AM - Software Distribution Service 3.0
RP156: 1/14/2010 3:02:52 AM - System Checkpoint
RP157: 1/14/2010 8:57:51 AM - Software Distribution Service 3.0
RP158: 1/14/2010 6:33:15 PM - Microsoft Antimalware Checkpoint
RP159: 1/16/2010 12:41:08 PM - Software Distribution Service 3.0
RP160: 1/17/2010 1:40:43 PM - System Checkpoint
RP161: 1/18/2010 4:10:37 AM - Microsoft Antimalware Checkpoint
RP162: 1/18/2010 5:07:03 PM - Software Distribution Service 3.0
RP163: 1/19/2010 5:47:32 PM - System Checkpoint
RP164: 1/20/2010 9:08:17 AM - Software Distribution Service 3.0
RP165: 1/20/2010 6:28:59 PM - Microsoft Antimalware Checkpoint
RP166: 1/21/2010 9:08:08 AM - Software Distribution Service 3.0
RP167: 1/22/2010 3:00:18 AM - Software Distribution Service 3.0
RP168: 1/24/2010 8:03:46 PM - Software Distribution Service 3.0
RP169: 1/25/2010 7:58:09 PM - Software Distribution Service 3.0
RP170: 1/26/2010 7:58:13 PM - Software Distribution Service 3.0
RP171: 1/27/2010 7:58:16 PM - Software Distribution Service 3.0
RP172: 1/28/2010 7:58:22 PM - Software Distribution Service 3.0
RP173: 1/29/2010 10:04:02 PM - System Checkpoint
RP174: 1/30/2010 8:49:28 AM - Software Distribution Service 3.0
RP175: 1/31/2010 2:13:50 AM - Software Distribution Service 3.0
RP176: 1/31/2010 5:24:02 PM - Software Distribution Service 3.0
RP177: 2/1/2010 5:24:22 PM - Software Distribution Service 3.0
RP178: 2/2/2010 5:24:18 PM - Software Distribution Service 3.0
RP179: 2/3/2010 5:24:24 PM - Software Distribution Service 3.0
RP180: 2/4/2010 8:02:19 PM - System Checkpoint
RP181: 2/5/2010 11:56:45 AM - Software Distribution Service 3.0
RP182: 2/6/2010 11:56:58 AM - Software Distribution Service 3.0
RP183: 2/7/2010 1:57:34 AM - Software Distribution Service 3.0
RP184: 2/7/2010 11:57:04 AM - Software Distribution Service 3.0
RP185: 2/8/2010 11:57:00 AM - Software Distribution Service 3.0
RP186: 2/9/2010 11:56:29 AM - Software Distribution Service 3.0
RP187: 2/10/2010 11:57:04 AM - Software Distribution Service 3.0
RP188: 2/11/2010 3:00:17 AM - Software Distribution Service 3.0
RP189: 2/12/2010 2:26:28 AM - Software Distribution Service 3.0
RP190: 2/13/2010 2:59:18 AM - System Checkpoint
RP191: 2/14/2010 3:00:22 AM - System Checkpoint
RP192: 2/16/2010 1:08:59 AM - System Checkpoint
RP193: 2/16/2010 5:22:47 PM - Software Distribution Service 3.0
RP194: 2/17/2010 1:01:55 AM - Software Distribution Service 3.0
RP195: 2/17/2010 6:13:19 PM - Microsoft Antimalware Checkpoint
RP196: 2/18/2010 5:04:01 PM - Software Distribution Service 3.0
RP197: 2/19/2010 5:04:04 PM - Software Distribution Service 3.0
RP198: 2/20/2010 5:03:41 PM - Software Distribution Service 3.0
RP199: 2/21/2010 2:23:53 AM - Software Distribution Service 3.0
RP200: 2/21/2010 5:03:50 PM - Software Distribution Service 3.0
RP201: 2/22/2010 11:19:52 AM - Installed LogMeIn
RP202: 2/22/2010 5:04:06 PM - Software Distribution Service 3.0
RP203: 2/23/2010 5:04:10 PM - Software Distribution Service 3.0
RP204: 2/24/2010 3:00:25 AM - Software Distribution Service 3.0
RP205: 2/25/2010 8:05:57 AM - System Checkpoint
RP206: 2/26/2010 8:59:52 AM - System Checkpoint
RP207: 2/28/2010 12:39:32 AM - System Checkpoint
RP208: 3/1/2010 4:28:22 AM - System Checkpoint
RP209: 3/2/2010 1:13:52 AM - Software Distribution Service 3.0
RP210: 3/3/2010 5:01:53 AM - System Checkpoint
RP211: 3/3/2010 12:55:54 PM - Software Distribution Service 3.0
RP212: 3/4/2010 12:55:24 PM - Software Distribution Service 3.0
RP213: 3/5/2010 12:55:31 PM - Software Distribution Service 3.0
RP214: 3/5/2010 3:46:46 PM - Installed BlackBerry Desktop Software 5.0.
RP215: 3/6/2010 1:36:50 PM - Software Distribution Service 3.0
RP216: 3/7/2010 1:35:19 AM - Software Distribution Service 3.0
RP217: 3/7/2010 1:36:45 PM - Software Distribution Service 3.0
RP218: 3/8/2010 1:36:45 PM - Software Distribution Service 3.0
RP219: 3/9/2010 1:37:01 PM - Software Distribution Service 3.0
RP220: 3/10/2010 1:37:18 PM - Software Distribution Service 3.0
RP221: 3/11/2010 3:00:27 AM - Software Distribution Service 3.0
RP222: 3/12/2010 3:11:24 AM - Software Distribution Service 3.0
RP223: 3/13/2010 3:11:20 AM - Software Distribution Service 3.0
RP224: 3/14/2010 7:31:34 AM - System Checkpoint
RP225: 3/14/2010 9:35:32 PM - Software Distribution Service 3.0
RP226: 3/15/2010 3:11:20 AM - Software Distribution Service 3.0
RP227: 3/16/2010 5:50:26 AM - System Checkpoint
RP228: 3/16/2010 5:57:44 AM - Software Distribution Service 3.0
RP229: 3/17/2010 10:58:36 PM - Software Distribution Service 3.0
RP230: 3/18/2010 11:38:34 PM - Software Distribution Service 3.0
RP231: 3/20/2010 1:15:14 AM - System Checkpoint
RP232: 3/20/2010 12:39:55 PM - Software Distribution Service 3.0
RP233: 3/21/2010 1:42:24 AM - Software Distribution Service 3.0
RP234: 3/21/2010 12:40:04 PM - Software Distribution Service 3.0
RP235: 3/22/2010 12:39:59 PM - Software Distribution Service 3.0
RP236: 3/23/2010 2:58:33 PM - Software Distribution Service 3.0
RP237: 3/24/2010 12:40:00 PM - Software Distribution Service 3.0
RP238: 3/25/2010 12:39:45 PM - Software Distribution Service 3.0
RP239: 3/26/2010 12:52:13 PM - System Checkpoint
RP240: 3/27/2010 12:54:40 AM - Software Distribution Service 3.0
RP241: 3/27/2010 2:22:32 PM - Software Distribution Service 3.0
RP242: 3/28/2010 1:49:00 AM - Software Distribution Service 3.0
RP243: 3/29/2010 7:56:46 AM - System Checkpoint
RP244: 3/30/2010 12:55:24 AM - Software Distribution Service 3.0
RP245: 3/31/2010 12:55:26 AM - Software Distribution Service 3.0
RP246: 3/31/2010 3:00:17 AM - Software Distribution Service 3.0
RP247: 4/1/2010 3:34:23 AM - Software Distribution Service 3.0
RP248: 4/2/2010 7:12:45 AM - System Checkpoint
RP249: 4/2/2010 2:05:32 PM - Software Distribution Service 3.0
RP250: 4/3/2010 5:29:24 PM - System Checkpoint
RP251: 4/3/2010 5:40:10 PM - Software Distribution Service 3.0
RP252: 4/4/2010 8:53:14 PM - System Checkpoint
RP253: 4/5/2010 2:01:13 PM - Software Distribution Service 3.0
RP254: 4/6/2010 5:42:14 PM - Software Distribution Service 3.0
RP255: 4/7/2010 1:59:39 PM - Software Distribution Service 3.0
RP256: 4/8/2010 11:55:40 AM - Spyware Doctor: Cleaning Threats
RP257: 4/9/2010 1:28:43 PM - System Checkpoint
RP258: 4/11/2010 4:28:06 AM - Restore Operation

==== Installed Programs ======================


µTorrent
Acer 3G Connection Manager
Acer Crystal Eye webcam
Acer ScreenSaver
Acrobat.com
Actual Keylogger 2.3
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlackBerry Desktop Software 5.0.1
Bonjour
Carbonite Online Backup Setup
Choice Guard
CrossLoop 2.71
eSobi v2
Free YouTube to MP3 Converter version 3.2
Google Chrome
Google Desktop
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Updater
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) Graphics Media Accelerator Driver
InterVideo Register Manager
InterVideo WinDVD
iTunes
Java(TM) 6 Update 16
JMicron JMB38X Flash Media Controller
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Move Media Player
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Qualcomm Gobi Driver Package
Qualcomm Gobi Images
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Synaptics Pointing Device Driver
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer

==== Event Viewer Messages From Past Week ========

4/9/2010 11:52:35 AM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\drivers\mouclass.sys could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
4/9/2010 11:49:38 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Alureon.H&threatid=2147632576 User: ACER-E817FAE0D8\Sampson Name: Virus:Win32/Alureon.H ID: 2147632576 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.79.1469.0, AS: 1.79.1469.0 Engine Version: 1.1.5605.0
4/9/2010 11:46:57 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Alureon.H&threatid=2147632576 User: ACER-E817FAE0D8\Sampson Name: Virus:Win32/Alureon.H ID: 2147632576 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.79.1469.0, AS: 1.79.1469.0 Engine Version: 1.1.5605.0
4/9/2010 11:45:56 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file mouclass.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
4/9/2010 11:45:31 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Alureon.H&threatid=2147632576 User: ACER-E817FAE0D8\Sampson Name: Virus:Win32/Alureon.H ID: 2147632576 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.79.1469.0, AS: 1.79.1469.0 Engine Version: 1.1.5605.0
4/9/2010 11:45:31 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Alureon.H&threatid=2147632576 User: ACER-E817FAE0D8\Sampson Name: Virus:Win32/Alureon.H ID: 2147632576 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.79.1469.0, AS: 1.79.1469.0 Engine Version: 1.1.5605.0
4/9/2010 11:44:20 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Alureon.H&threatid=2147632576 User: ACER-E817FAE0D8\Sampson Name: Virus:Win32/Alureon.H ID: 2147632576 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.79.1469.0, AS: 1.79.1469.0 Engine Version: 1.1.5605.0
4/9/2010 11:43:15 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Alureon.H&threatid=2147632576 User: ACER-E817FAE0D8\Sampson Name: Virus:Win32/Alureon.H ID: 2147632576 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.79.1469.0, AS: 1.79.1469.0 Engine Version: 1.1.5605.0
4/9/2010 11:42:04 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Alureon.H&threatid=2147632576 User: ACER-E817FAE0D8\Sampson Name: Virus:Win32/Alureon.H ID: 2147632576 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.79.1469.0, AS: 1.79.1469.0 Engine Version: 1.1.5605.0
4/9/2010 11:42:04 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Alureon.H&threatid=2147632576 User: ACER-E817FAE0D8\Sampson Name: Virus:Win32/Alureon.H ID: 2147632576 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.79.1469.0, AS: 1.79.1469.0 Engine Version: 1.1.5605.0
4/9/2010 11:42:04 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Alureon.H&threatid=2147632576 User: ACER-E817FAE0D8\Sampson Name: Virus:Win32/Alureon.H ID: 2147632576 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.79.1469.0, AS: 1.79.1469.0 Engine Version: 1.1.5605.0
4/9/2010 11:42:04 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Alureon.H&threatid=2147632576 User: ACER-E817FAE0D8\Sampson Name: Virus:Win32/Alureon.H ID: 2147632576 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.79.1469.0, AS: 1.79.1469.0 Engine Version: 1.1.5605.0
4/9/2010 11:41:31 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Alureon.H&threatid=2147632576 User: ACER-E817FAE0D8\Sampson Name: Virus:Win32/Alureon.H ID: 2147632576 Severity: Severe Category: Virus Path: Action: Clean Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.79.1469.0, AS: 1.79.1469.0 Engine Version: 1.1.5605.0
4/9/2010 10:21:45 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
4/9/2010 10:21:45 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
4/8/2010 9:24:26 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
4/8/2010 4:13:43 PM, error: Service Control Manager [7034] - The CrossLoop Service service terminated unexpectedly. It has done this 1 time(s).
4/8/2010 4:13:43 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/8/2010 1:24:31 AM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
4/7/2010 5:05:23 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=MonitoringTool:Win32/ActualSpy&threatid=14895 User: ACER-E817FAE0D8\Sampson Name: MonitoringTool:Win32/ActualSpy ID: 14895 Severity: Medium Category: Monitoring Software Path: Action: Allow Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.79.1379.0, AS: 1.79.1379.0 Engine Version: 1.1.5605.0
4/5/2010 3:58:48 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.79.1076.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5605.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/11/2010 4:14:44 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
4/11/2010 4:14:44 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/11/2010 4:14:44 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/11/2010 4:14:44 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/11/2010 4:14:44 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/11/2010 4:14:44 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/11/2010 4:14:44 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/11/2010 4:14:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/11/2010 4:14:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/11/2010 4:07:27 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

==== End Of File ===========================

 

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

====

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

It will not let me run combofix again, however I ran it yesterday before i posted this and here is what I got:

ComboFix 10-04-08.06 - Sampson 04/09/2010 17:46:48.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.479 [GMT -4:00]
Running from: c:\documents and settings\Sampson\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
PEV Error: LocalSettingsFile

((((((((((((((((((((((((( Files Created from 2010-03-09 to 2010-04-09 )))))))))))))))))))))))))))))))
.

2010-04-09 16:17 . 2010-04-09 16:17 53088 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-09 16:17 . 2010-04-09 16:17 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-09 16:17 . 2010-04-09 16:17 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-09 15:54 . 2010-04-09 15:54 28880 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1E6A47E8-FFF8-426F-A009-7C2EDED19234}\MpKslcb734e66.sys
2010-04-08 17:36 . 2010-04-09 14:34 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-08 17:30 . 2010-04-09 20:57 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-08 17:30 . 2010-04-08 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-04-08 17:30 . 2010-04-08 17:30 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-08 15:47 . 2010-04-09 15:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-08 15:43 . 2010-04-08 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-08 12:17 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-08 12:16 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-07 21:01 . 2010-04-07 21:01 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-05 07:58 . 2010-04-05 07:58 -------- d-----w- c:\documents and settings\Sampson\Local Settings\Application Data\PCHealth
2010-03-27 18:17 . 2010-03-27 18:25 -------- d-----w- c:\documents and settings\Sampson\Local Settings\Application Data\ctrxmt
2010-03-27 01:45 . 2010-03-27 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-03-11 08:03 . 2010-03-11 08:03 31648712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{9D85C76A-1F9E-A22B-971A-80DD87C7B4EF}-MRT.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-09 15:53 . 2008-04-14 20:00 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-04-09 15:44 . 2010-04-09 15:44 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys4E5EA5B4
2010-04-08 15:43 . 2009-01-20 19:22 -------- d-----w- c:\program files\Google
2010-04-08 12:17 . 2010-01-09 19:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 21:01 . 2009-08-24 16:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-04 01:53 . 2009-09-06 12:29 -------- d-----w- c:\program files\AKProg
2010-03-31 07:26 . 2009-08-02 07:15 -------- d-----w- c:\documents and settings\Sampson\Application Data\uTorrent
2010-03-11 12:38 . 2008-10-16 20:38 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2008-04-14 20:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2008-04-14 20:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-11 08:06 . 2009-01-20 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-11 08:05 . 2010-01-09 20:41 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-08 03:58 . 2010-03-08 03:58 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-03-06 05:18 . 2010-03-05 20:50 256 ----a-w- c:\windows\system32\pool.bin
2010-03-05 20:56 . 2010-03-05 20:56 -------- d-----w- c:\documents and settings\Sampson\Application Data\Blackberry Desktop
2010-03-05 20:49 . 2010-03-05 20:49 -------- d-----w- c:\documents and settings\Sampson\Application Data\Research In Motion
2010-03-05 20:47 . 2010-03-05 20:47 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-03-05 20:47 . 2010-03-05 20:47 -------- d-----w- c:\program files\Research In Motion
2010-02-24 14:16 . 2010-01-09 20:43 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 16:25 . 2010-02-22 16:25 -------- d-----w- c:\documents and settings\Sampson\Application Data\UltraVNC
2010-02-05 15:39 . 2010-02-05 15:39 251376 ----a-w- c:\documents and settings\Sampson\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-01-12 21:38 . 2009-07-24 08:07 60592 ----a-w- c:\documents and settings\Sampson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 68856]
"Google Update "= "c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-16 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"AzMixerSel "= "c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-18 53248]
"LManager "= "c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"PLFSetL "= "c:\windows\PLFSetL.exe" [2007-07-05 94208]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"BlackBerryAutoUpdate "= "c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"HitmanPro35 "= "c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-04-08 5650240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 10:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 23:20 57344 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2008-10-03 19:18 294544 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2008-09-04 05:46 425984 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-20 19:22 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-16 16:05 133104 ----atw- c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 20:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 06:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 20:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 20:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 20:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-12-30 21:58 18082304 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-09 20:50 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-24 08:14 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-25 16:32 1044480 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Documents and Settings\\Sampson\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll "=
"c:\\Documents and Settings\\Sampson\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Documents and Settings\\Sampson\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP "= 5910:TCP:vnc5910

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [4/9/2010 12:17 PM 30280]
R1 MpKslcb734e66;MpKslcb734e66;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1E6A47E8-FFF8-426F-A009-7C2EDED19234}\MpKslcb734e66.sys [4/9/2010 11:54 AM 28880]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [4/9/2010 12:17 PM 53088]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [11/10/2008 2:43 AM 345336]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [4/9/2010 12:17 PM 24368]
S1 aisggsig;aisggsig;\??\c:\windows\system32\drivers\aisggsig.sys --> c:\windows\system32\drivers\aisggsig.sys [?]
S1 cpoxzgoh;cpoxzgoh;\??\c:\windows\system32\drivers\cpoxzgoh.sys --> c:\windows\system32\drivers\cpoxzgoh.sys [?]
S1 dwttwlcm;dwttwlcm;\??\c:\windows\system32\drivers\dwttwlcm.sys --> c:\windows\system32\drivers\dwttwlcm.sys [?]
S1 keagzpqu;keagzpqu;\??\c:\windows\system32\drivers\keagzpqu.sys --> c:\windows\system32\drivers\keagzpqu.sys [?]
S1 leuaoesr;leuaoesr;\??\c:\windows\system32\drivers\leuaoesr.sys --> c:\windows\system32\drivers\leuaoesr.sys [?]
S1 oewprgpm;oewprgpm;\??\c:\windows\system32\drivers\oewprgpm.sys --> c:\windows\system32\drivers\oewprgpm.sys [?]
S1 vrmxrfzv;vrmxrfzv;\??\c:\windows\system32\drivers\vrmxrfzv.sys --> c:\windows\system32\drivers\vrmxrfzv.sys [?]
S2 CrossLoopService;CrossLoop Service;c:\documents and settings\Sampson\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [2/22/2010 10:11 AM 560792]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/20/2009 3:22 PM 30192]
S3 QCFilterGAD;Gobi AD USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterGAD.sys [7/24/2009 4:08 AM 5248]
S3 qcusbnetGAD;Gobi AD USB-NDIS miniport;c:\windows\system32\drivers\qcusbnetGAD.sys [7/24/2009 4:08 AM 115200]
S3 qcusbserGAD;Gobi AD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserGAD.sys [2/17/2009 12:42 AM 103680]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 uvnc_service;uvnc_service;c:\documents and settings\Sampson\Local Settings\Application Data\CrossLoop\winvnc.exe [2/22/2010 10:11 AM 1590216]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CSISCANNER
*NewlyCreated* - MPKSLCB734E66
*NewlyCreated* - PXKBF
*NewlyCreated* - PXRTS
*NewlyCreated* - PXSCAN
*Deregistered* - CSIScanner
.
Contents of the 'Scheduled Tasks' folder

2010-04-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-24 15:43]

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006Core.job
- c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-16 16:05]

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006UA.job
- c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-16 16:05]

2010-04-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - plugin: c:\documents and settings\Sampson\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Sampson\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\documents and settings\Sampson\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1908.5032\npCIDetect14.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-09 17:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86125AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf76ebf28
\Driver\ACPI -> ACPI.sys @ 0xf765ecb8
\Driver\atapi -> atapi.sys @ 0xf7616852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
SecurityProcedure -> ntoskrnl.exe @ 0x805d96a1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
SecurityProcedure -> ntoskrnl.exe @ 0x805d96a1
NDIS: Atheros AR5007EG Wireless Network Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7523bd4
PacketIndicateHandler -> NDIS.sys @ 0xf752fa21
SendHandler -> NDIS.sys @ 0xf7523d44
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(780)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1456)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-04-09 18:03:39
ComboFix-quarantined-files.txt 2010-04-09 22:03

Pre-Run: 135,025,762,304 bytes free
Post-Run: 135,443,763,200 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 20B1CD8CD51791159F5D28D2189C9A26

 

Here is my OTL.Txt log:

OTL logfile created on: 4/11/2010 9:13:24 AM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Sampson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 469.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.20 Gb Total Space | 126.09 Gb Free Space | 88.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-E817FAE0D8
Current User Name: Sampson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/11 09:12:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sampson\Desktop\OTL.exe
PRC - [2010/02/15 20:07:02 | 000,560,792 | ---- | M] (CrossLoop Inc) -- C:\Documents and Settings\Sampson\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
PRC - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/12/09 19:02:36 | 000,202,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2008/11/10 02:43:44 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) -- C:\QUALCOMM\QDLService\QDLService.exe
PRC - [2008/04/14 16:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/04/11 09:12:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sampson\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/15 20:07:02 | 000,560,792 | ---- | M] (CrossLoop Inc) [Auto | Running] -- C:\Documents and Settings\Sampson\Local Settings\Application Data\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/06 22:12:48 | 001,590,216 | ---- | M] (UltraVNC) [On_Demand | Stopped] -- C:\Documents and Settings\Sampson\Local Settings\Application Data\CrossLoop\winvnc.exe -- (uvnc_service)
SRV - [2009/01/20 15:22:52 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-092308-165331)
SRV - [2008/11/10 02:43:44 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\QUALCOMM\QDLService\QDLService.exe -- (QDLService)
SRV - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.gmail.com "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: justintvpublisher@justin.tv:3.1.5.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/08 01:49:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/08 01:49:24 | 000,000,000 | ---D | M]

[2009/08/01 20:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Mozilla\Extensions
[2010/04/11 05:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\extensions
[2009/09/03 09:57:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/07 22:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\extensions\justintvpublisher@justin.tv
[2010/04/11 05:02:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/04/14 16:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/20 14:11:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/02/17 00:41:36 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 14 Days ==========

[2010/04/11 09:12:14 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sampson\Desktop\OTL.exe
[2010/04/09 19:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/09 19:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/09 19:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/09 17:44:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/09 17:42:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/09 17:42:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/09 17:42:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/09 17:42:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/09 17:42:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/09 17:41:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/09 12:17:23 | 000,053,088 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/04/09 12:17:23 | 000,030,280 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/04/09 12:17:16 | 000,024,368 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/04/08 13:36:15 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/04/08 13:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/08 13:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/08 11:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/08 11:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2010/04/08 08:17:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/08 08:16:55 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/07 19:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/07 19:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/05 03:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sampson\Local Settings\Application Data\PCHealth
[2010/03/05 16:46:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/13 14:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/07/24 05:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/02/17 00:35:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/02/17 00:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/04/02 15:40:54 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2005/11/23 10:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Sampson\Desktop\*.tmp files -> C:\Documents and Settings\Sampson\Desktop\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/11 09:12:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sampson\Desktop\OTL.exe
[2010/04/11 08:27:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006UA.job
[2010/04/11 04:34:29 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/11 04:32:59 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/11 04:32:59 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/11 04:32:59 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/11 04:30:03 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/11 04:29:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/11 04:28:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/11 04:28:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/11 04:28:40 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/11 04:23:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Sampson\ntuser.ini
[2010/04/11 04:23:32 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Sampson\NTUSER.DAT
[2010/04/11 04:23:19 | 001,930,896 | -H-- | M] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\IconCache.db
[2010/04/10 13:27:01 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006Core.job
[2010/04/10 13:25:16 | 000,016,488 | -HS- | M] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\Sn5p4E4Q
[2010/04/10 13:25:16 | 000,016,488 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\Sn5p4E4Q
[2010/04/09 23:20:36 | 000,034,478 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\jeff.jpg
[2010/04/09 19:30:36 | 000,000,852 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\L8qmQ8G1Kj
[2010/04/09 17:58:34 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/09 17:44:23 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/09 12:17:23 | 000,053,088 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/04/09 12:17:23 | 000,030,280 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/04/09 12:17:22 | 000,024,368 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/04/09 12:16:53 | 000,000,050 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/04/09 12:13:33 | 000,002,330 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\Google Chrome.lnk
[2010/04/09 11:44:19 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\drivers\mouclass.sys4E5EA5B4
[2010/04/09 10:34:07 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/04/08 13:30:28 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/08 08:17:08 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/07 19:30:37 | 000,000,718 | ---- | M] () -- C:\WINDOWS\System\akstart.lnk
[2010/04/07 18:14:05 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\Michael Wills Resume.doc
[2010/04/07 17:01:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/07 17:01:38 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Sampson\Desktop\*.tmp files -> C:\Documents and Settings\Sampson\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/11 04:28:40 | 1061,105,664 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/10 12:48:46 | 000,016,488 | -HS- | C] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\Sn5p4E4Q
[2010/04/10 07:47:04 | 000,016,508 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sn5p4E4Q
[2010/04/10 07:47:04 | 000,016,488 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Sn5p4E4Q
[2010/04/09 23:20:35 | 000,034,478 | ---- | C] () -- C:\Documents and Settings\Sampson\Desktop\jeff.jpg
[2010/04/09 19:30:36 | 000,000,852 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\L8qmQ8G1Kj
[2010/04/09 19:30:36 | 000,000,852 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\L8qmQ8G1Kj
[2010/04/09 17:44:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/09 17:44:17 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/09 17:42:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/09 17:42:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/09 17:42:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/09 17:42:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/09 12:16:53 | 000,000,050 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/04/09 11:44:19 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\mouclass.sys4E5EA5B4
[2010/04/08 13:30:36 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/08 13:30:28 | 000,001,667 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/08 11:43:17 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/08 08:17:08 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/07 17:01:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/09 15:48:43 | 000,236,544 | ---- | C] () -- C:\Documents and Settings\Sampson\pev.exe
[2010/01/09 15:48:43 | 000,008,984 | ---- | C] () -- C:\Documents and Settings\Sampson\ncmd.cfxxe
[2010/01/09 15:48:43 | 000,000,476 | ---- | C] () -- C:\Documents and Settings\Sampson\rkill.reg
[2009/07/24 04:07:36 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Sampson\ntuser.dat.LOG
[2009/07/24 04:07:36 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Sampson\ntuser.ini
[2009/07/24 04:07:35 | 003,407,872 | -H-- | C] () -- C:\Documents and Settings\Sampson\NTUSER.DAT
[2009/07/24 04:06:42 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/07/24 04:06:42 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2009/02/17 00:42:48 | 000,001,233 | ---- | C] () -- C:\WINDOWS\SASETS.INI
[2009/01/20 19:12:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/30 22:37:26 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/05/16 19:12:30 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2008/04/14 16:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/02/15 16:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2007/10/01 17:59:46 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2007/05/09 18:16:40 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2005/03/28 18:45:26 | 000,000,141 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2002/11/22 06:57:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2002/11/22 06:57:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2002/11/22 06:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2002/11/22 06:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2002/11/22 06:57:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2002/11/22 06:57:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

========== LOP Check ==========

[2009/02/17 00:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010/04/08 13:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/07/24 04:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QUALCOMM
[2010/03/26 21:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/01/10 08:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/04/09 11:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/25 22:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/05 16:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Blackberry Desktop
[2009/07/30 07:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\eSobi
[2009/07/27 13:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\InterVideo
[2009/08/04 05:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Panda Security
[2010/03/05 16:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Research In Motion
[2010/03/31 03:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\uTorrent
[2010/04/11 04:34:29 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 16:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008/04/14 16:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 16:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/14 16:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 04:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 04:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 04:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 16:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 16:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 16:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 16:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 16:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 16:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 16:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 16:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 16:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 16:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/03/11 08:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/03/11 08:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2009/01/20 06:03:20 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/01/20 06:03:20 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/01/20 06:03:20 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
< End of report >

 

Why did you want to? I did request that you run it once, after all.

There is another part to the OTL scan. Please post it.

==

Run OTL

• Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
  
  
  Code:

  :Files
  [2010/04/09 19:30:36 | 000,000,852 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\L8qmQ8G1Kj
  [2010/04/09 19:30:36 | 000,000,852 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\L8qmQ8G1Kj
  
  :Commands
  [emptytemp]
  [resethosts]
  [Reboot]

• Then click the [color= "#FF0000"]Run Fix[/color] button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post log from this run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

 

dsafadsfasf
sadfasdfdasfd

 

fsafsdafasd
dfsadfdsafdas

Right back at you .

 

I'm sorry for some reason everytime I tried to post this on the infected laptop it never went through. I am on another computer now:

OTL Extras logfile created on: 4/11/2010 9:13:24 AM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Sampson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 469.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.20 Gb Total Space | 126.09 Gb Free Space | 88.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-E817FAE0D8
Current User Name: Sampson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5910:TCP" = 5910:TCP:*:Enabled:vnc5910

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Sampson\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Sampson\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Sampson\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Sampson\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Sampson\Local Settings\Application Data\CrossLoop\vncviewer.exe" = C:\Documents and Settings\Sampson\Local Settings\Application Data\CrossLoop\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B38A008F-21AA-4478-AE9C-D53976959F6E}" = Qualcomm Gobi Driver Package
"{BBF6D0CD-A081-369F-B0B8-F168594CBB6B}" = Google Talk Plugin
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F943FB25-4CC8-4EDD-A498-D6688466AFA7}" = Qualcomm Gobi Images
"{FDCBB7C3-57ED-4A6C-849F-E66026CE918A}" = Acer 3G Connection Manager
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Actual Keylogger_is1" = Actual Keylogger 2.3
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CrossLoop_is1" = CrossLoop 2.71
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HitmanPro35" = Hitman Pro 3.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/6/2010 8:27:05 AM | Computer Name = ACER-E817FAE0D8 | Source = Google Update | ID = 20
Description =

Error - 4/6/2010 9:27:05 AM | Computer Name = ACER-E817FAE0D8 | Source = Google Update | ID = 20
Description =

Error - 4/7/2010 5:02:32 PM | Computer Name = ACER-E817FAE0D8 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module 3difr.x3d, version 9.0.0.0, fault address 0x0001d5ff.

Error - 4/7/2010 5:02:49 PM | Computer Name = ACER-E817FAE0D8 | Source = Application Error | ID = 1001
Description = Fault bucket 1632194818.

Error - 4/7/2010 11:34:04 PM | Computer Name = ACER-E817FAE0D8 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10b.ocx, version 10.0.22.87, fault address 0x00225c8a.

Error - 4/8/2010 10:08:46 PM | Computer Name = ACER-E817FAE0D8 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10b.ocx, version 10.0.22.87, fault address 0x000e5ac0.

Error - 4/9/2010 9:52:09 AM | Computer Name = ACER-E817FAE0D8 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.3743, faulting module
unknown, version 0.0.0.0, fault address 0xbace7e79.

Error - 4/9/2010 1:58:39 PM | Computer Name = ACER-E817FAE0D8 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/9/2010 3:58:41 PM | Computer Name = ACER-E817FAE0D8 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/11/2010 4:04:04 AM | Computer Name = ACER-E817FAE0D8 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
shlwapi.dll, version 6.0.2900.5912, fault address 0x0002c4d8.

[ System Events ]
Error - 4/11/2010 4:26:48 AM | Computer Name = ACER-E817FAE0D8 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 4/11/2010 4:26:48 AM | Computer Name = ACER-E817FAE0D8 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 4/11/2010 4:26:48 AM | Computer Name = ACER-E817FAE0D8 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 4/11/2010 4:26:48 AM | Computer Name = ACER-E817FAE0D8 | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 4/11/2010 4:26:48 AM | Computer Name = ACER-E817FAE0D8 | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 4/11/2010 4:26:48 AM | Computer Name = ACER-E817FAE0D8 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 4/11/2010 4:26:48 AM | Computer Name = ACER-E817FAE0D8 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 4/11/2010 4:29:09 AM | Computer Name = ACER-E817FAE0D8 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 4/11/2010 4:29:09 AM | Computer Name = ACER-E817FAE0D8 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 4/11/2010 9:13:27 AM | Computer Name = ACER-E817FAE0D8 | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/FakeSpypro&threatid=2147620018

User:
NT AUTHORITY\SYSTEM Name: Trojan:Win32/FakeSpypro ID: 2147620018 Severity: High Category:
Trojan Path: Action: %%808 Error Code: 0x80508023 Error description: The program could
not find the spyware and other potentially unwanted software on this computer.
Status: Signature Version: AV: 1.79.1559.0, AS: 1.79.1559.0 Engine Version: 1.1.5605.0


< End of report >

 

That is the log you originally posted. You need to follow the instructions from my previous post and post the 2 new logs.

 

OTL logfile created on: 4/11/2010 9:13:24 AM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Sampson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 469.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.20 Gb Total Space | 126.09 Gb Free Space | 88.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-E817FAE0D8
Current User Name: Sampson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/11 09:12:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sampson\Desktop\OTL.exe
PRC - [2010/02/15 20:07:02 | 000,560,792 | ---- | M] (CrossLoop Inc) -- C:\Documents and Settings\Sampson\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
PRC - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/12/09 19:02:36 | 000,202,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2008/11/10 02:43:44 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) -- C:\QUALCOMM\QDLService\QDLService.exe
PRC - [2008/04/14 16:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/04/11 09:12:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sampson\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/15 20:07:02 | 000,560,792 | ---- | M] (CrossLoop Inc) [Auto | Running] -- C:\Documents and Settings\Sampson\Local Settings\Application Data\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/06 22:12:48 | 001,590,216 | ---- | M] (UltraVNC) [On_Demand | Stopped] -- C:\Documents and Settings\Sampson\Local Settings\Application Data\CrossLoop\winvnc.exe -- (uvnc_service)
SRV - [2009/01/20 15:22:52 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-092308-165331)
SRV - [2008/11/10 02:43:44 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\QUALCOMM\QDLService\QDLService.exe -- (QDLService)
SRV - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.gmail.com "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: justintvpublisher@justin.tv:3.1.5.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/08 01:49:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/08 01:49:24 | 000,000,000 | ---D | M]

[2009/08/01 20:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Mozilla\Extensions
[2010/04/11 05:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\extensions
[2009/09/03 09:57:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/07 22:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\extensions\justintvpublisher@justin.tv
[2010/04/11 05:02:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/04/14 16:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/20 14:11:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/02/17 00:41:36 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 14 Days ==========

[2010/04/11 09:12:14 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sampson\Desktop\OTL.exe
[2010/04/09 19:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/09 19:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/09 19:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/09 17:44:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/09 17:42:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/09 17:42:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/09 17:42:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/09 17:42:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/09 17:42:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/09 17:41:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/09 12:17:23 | 000,053,088 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/04/09 12:17:23 | 000,030,280 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/04/09 12:17:16 | 000,024,368 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/04/08 13:36:15 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/04/08 13:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/08 13:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/08 11:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/08 11:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2010/04/08 08:17:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/08 08:16:55 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/07 19:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/07 19:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/05 03:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sampson\Local Settings\Application Data\PCHealth
[2010/03/05 16:46:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/13 14:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/07/24 05:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/02/17 00:35:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/02/17 00:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/04/02 15:40:54 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2005/11/23 10:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Sampson\Desktop\*.tmp files -> C:\Documents and Settings\Sampson\Desktop\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/11 09:12:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sampson\Desktop\OTL.exe
[2010/04/11 08:27:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006UA.job
[2010/04/11 04:34:29 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/11 04:32:59 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/11 04:32:59 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/11 04:32:59 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/11 04:30:03 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/11 04:29:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/11 04:28:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/11 04:28:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/11 04:28:40 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/11 04:23:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Sampson\ntuser.ini
[2010/04/11 04:23:32 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Sampson\NTUSER.DAT
[2010/04/11 04:23:19 | 001,930,896 | -H-- | M] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\IconCache.db
[2010/04/10 13:27:01 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006Core.job
[2010/04/10 13:25:16 | 000,016,488 | -HS- | M] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\Sn5p4E4Q
[2010/04/10 13:25:16 | 000,016,488 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\Sn5p4E4Q
[2010/04/09 23:20:36 | 000,034,478 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\jeff.jpg
[2010/04/09 19:30:36 | 000,000,852 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\L8qmQ8G1Kj
[2010/04/09 17:58:34 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/09 17:44:23 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/09 12:17:23 | 000,053,088 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/04/09 12:17:23 | 000,030,280 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/04/09 12:17:22 | 000,024,368 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/04/09 12:16:53 | 000,000,050 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/04/09 12:13:33 | 000,002,330 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\Google Chrome.lnk
[2010/04/09 11:44:19 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\drivers\mouclass.sys4E5EA5B4
[2010/04/09 10:34:07 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/04/08 13:30:28 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/08 08:17:08 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/07 19:30:37 | 000,000,718 | ---- | M] () -- C:\WINDOWS\System\akstart.lnk
[2010/04/07 18:14:05 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\Michael Wills Resume.doc
[2010/04/07 17:01:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/07 17:01:38 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Sampson\Desktop\*.tmp files -> C:\Documents and Settings\Sampson\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/11 04:28:40 | 1061,105,664 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/10 12:48:46 | 000,016,488 | -HS- | C] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\Sn5p4E4Q
[2010/04/10 07:47:04 | 000,016,508 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sn5p4E4Q
[2010/04/10 07:47:04 | 000,016,488 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Sn5p4E4Q
[2010/04/09 23:20:35 | 000,034,478 | ---- | C] () -- C:\Documents and Settings\Sampson\Desktop\jeff.jpg
[2010/04/09 19:30:36 | 000,000,852 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\L8qmQ8G1Kj
[2010/04/09 19:30:36 | 000,000,852 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\L8qmQ8G1Kj
[2010/04/09 17:44:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/09 17:44:17 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/09 17:42:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/09 17:42:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/09 17:42:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/09 17:42:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/09 12:16:53 | 000,000,050 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/04/09 11:44:19 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\mouclass.sys4E5EA5B4
[2010/04/08 13:30:36 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/08 13:30:28 | 000,001,667 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/08 11:43:17 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/08 08:17:08 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/07 17:01:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/09 15:48:43 | 000,236,544 | ---- | C] () -- C:\Documents and Settings\Sampson\pev.exe
[2010/01/09 15:48:43 | 000,008,984 | ---- | C] () -- C:\Documents and Settings\Sampson\ncmd.cfxxe
[2010/01/09 15:48:43 | 000,000,476 | ---- | C] () -- C:\Documents and Settings\Sampson\rkill.reg
[2009/07/24 04:07:36 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Sampson\ntuser.dat.LOG
[2009/07/24 04:07:36 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Sampson\ntuser.ini
[2009/07/24 04:07:35 | 003,407,872 | -H-- | C] () -- C:\Documents and Settings\Sampson\NTUSER.DAT
[2009/07/24 04:06:42 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/07/24 04:06:42 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2009/02/17 00:42:48 | 000,001,233 | ---- | C] () -- C:\WINDOWS\SASETS.INI
[2009/01/20 19:12:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/30 22:37:26 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/05/16 19:12:30 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2008/04/14 16:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/02/15 16:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2007/10/01 17:59:46 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2007/05/09 18:16:40 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2005/03/28 18:45:26 | 000,000,141 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2002/11/22 06:57:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2002/11/22 06:57:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2002/11/22 06:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2002/11/22 06:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2002/11/22 06:57:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2002/11/22 06:57:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

========== LOP Check ==========

[2009/02/17 00:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010/04/08 13:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/07/24 04:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QUALCOMM
[2010/03/26 21:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/01/10 08:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/04/09 11:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/25 22:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/05 16:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Blackberry Desktop
[2009/07/30 07:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\eSobi
[2009/07/27 13:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\InterVideo
[2009/08/04 05:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Panda Security
[2010/03/05 16:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Research In Motion
[2010/03/31 03:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\uTorrent
[2010/04/11 04:34:29 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 16:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008/04/14 16:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 16:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/14 16:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 04:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 04:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 04:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 16:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 16:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 16:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 16:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 16:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 16:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 16:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 16:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 16:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 16:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/03/11 08:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/03/11 08:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2009/01/20 06:03:20 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/01/20 06:03:20 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/01/20 06:03:20 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
< End of report >

 

That is still the same one. The date & time of the scan is at the head of the log.
When you have completed the steps I gave in post #6 you should have 2 logs to post me. One from the fix and the other from the quick scan.

 

OTL logfile created on: 4/16/2010 12:23:48 AM - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Sampson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 399.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.20 Gb Total Space | 125.40 Gb Free Space | 87.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-E817FAE0D8
Current User Name: Sampson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/11 09:12:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sampson\Desktop\OTL.exe
PRC - [2010/03/27 23:13:16 | 000,530,416 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Sampson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/02/21 06:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces .exe
PRC - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/11/10 02:43:44 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) -- C:\QUALCOMM\QDLService\QDLService.exe
PRC - [2008/04/14 16:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/04/11 09:12:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sampson\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/15 20:07:02 | 000,560,792 | ---- | M] (CrossLoop Inc) [Auto | Stopped] -- C:\Documents and Settings\Sampson\Local Settings\Application Data\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/06 22:12:48 | 001,590,216 | ---- | M] (UltraVNC) [On_Demand | Stopped] -- C:\Documents and Settings\Sampson\Local Settings\Application Data\CrossLoop\winvnc.exe -- (uvnc_service)
SRV - [2009/01/20 15:22:52 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-092308-165331)
SRV - [2008/11/10 02:43:44 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\QUALCOMM\QDLService\QDLService.exe -- (QDLService)
SRV - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.gmail.com "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: justintvpublisher@justin.tv:3.1.5.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/08 01:49:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/08 01:49:24 | 000,000,000 | ---D | M]

[2009/08/01 20:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Mozilla\Extensions
[2010/04/14 17:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\extensions
[2009/09/03 09:57:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/07 22:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\extensions\justintvpublisher@justin.tv
[2010/04/14 09:12:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/04/14 16:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/20 14:11:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/04/14 21:32:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/12 03:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/11 09:12:14 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sampson\Desktop\OTL.exe
[2010/04/09 19:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/09 19:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/09 17:44:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/09 17:42:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/09 17:42:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/09 17:42:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/09 17:42:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/09 17:42:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/09 17:41:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/09 12:17:23 | 000,053,088 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/04/09 12:17:23 | 000,030,280 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/04/09 12:17:16 | 000,024,368 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/04/08 13:36:15 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/04/08 13:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/08 13:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/08 11:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/08 11:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2010/04/08 08:17:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/08 08:16:55 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/07 19:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/07 19:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/05 03:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sampson\Local Settings\Application Data\PCHealth
[2010/03/05 16:46:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/13 14:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/07/24 05:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/02/17 00:35:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/02/17 00:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/04/02 15:40:54 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2005/11/23 10:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Sampson\Desktop\*.tmp files -> C:\Documents and Settings\Sampson\Desktop\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/16 00:11:35 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/16 00:10:10 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/16 00:10:10 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/16 00:10:10 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/16 00:06:13 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/16 00:05:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/16 00:05:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/16 00:05:51 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/16 00:03:56 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Sampson\NTUSER.DAT
[2010/04/16 00:03:56 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Sampson\ntuser.ini
[2010/04/16 00:03:47 | 004,300,978 | -H-- | M] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\IconCache.db
[2010/04/15 23:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/04/15 23:27:01 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006UA.job
[2010/04/15 22:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/04/15 21:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/04/15 20:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/04/15 19:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/04/15 18:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/04/15 17:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/04/15 16:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/04/15 15:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/04/15 14:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/04/15 13:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/04/15 13:27:04 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006Core.job
[2010/04/15 12:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/04/15 11:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/04/15 10:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/04/15 09:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/04/15 08:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/04/15 07:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/04/15 06:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/04/15 05:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/04/15 04:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/04/15 03:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/04/15 02:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/04/15 01:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/04/15 00:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/04/14 06:19:30 | 000,001,164 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\Fm8hV5
[2010/04/14 03:05:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/12 23:00:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/04/12 23:00:12 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/11 09:12:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sampson\Desktop\OTL.exe
[2010/04/10 13:25:16 | 000,016,488 | -HS- | M] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\Sn5p4E4Q
[2010/04/10 13:25:16 | 000,016,488 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\Sn5p4E4Q
[2010/04/09 23:20:36 | 000,034,478 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\jeff.jpg
[2010/04/09 19:30:36 | 000,000,852 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\L8qmQ8G1Kj
[2010/04/09 17:58:34 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/09 17:44:23 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/09 12:17:23 | 000,053,088 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/04/09 12:17:23 | 000,030,280 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/04/09 12:17:22 | 000,024,368 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/04/09 12:16:53 | 000,000,050 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/04/09 12:13:33 | 000,002,330 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\Google Chrome.lnk
[2010/04/09 11:44:19 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\drivers\mouclass.sys4E5EA5B4
[2010/04/08 13:30:28 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/08 08:17:08 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/07 19:30:37 | 000,000,718 | ---- | M] () -- C:\WINDOWS\System\akstart.lnk
[2010/04/07 18:14:05 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\Michael Wills Resume.doc
[2010/04/07 17:01:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/07 17:01:38 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Sampson\Desktop\*.tmp files -> C:\Documents and Settings\Sampson\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/14 06:19:30 | 000,001,164 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Fm8hV5
[2010/04/14 06:19:30 | 000,001,164 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Fm8hV5
[2010/04/14 06:19:29 | 000,185,344 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe
[2010/04/12 16:20:53 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/04/12 16:20:51 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/04/12 16:20:51 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/04/12 16:20:51 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/04/12 16:20:51 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/04/12 16:20:51 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/04/12 16:20:51 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/04/12 16:20:51 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/04/12 16:20:51 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/04/12 16:20:51 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/04/12 16:20:50 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/04/11 04:28:40 | 1061,105,664 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/10 12:48:46 | 000,016,488 | -HS- | C] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\Sn5p4E4Q
[2010/04/10 07:47:04 | 000,016,508 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sn5p4E4Q
[2010/04/10 07:47:04 | 000,016,488 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Sn5p4E4Q
[2010/04/09 23:20:35 | 000,034,478 | ---- | C] () -- C:\Documents and Settings\Sampson\Desktop\jeff.jpg
[2010/04/09 19:30:36 | 000,000,852 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\L8qmQ8G1Kj
[2010/04/09 19:30:36 | 000,000,852 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\L8qmQ8G1Kj
[2010/04/09 17:44:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/09 17:44:17 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/09 17:42:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/09 17:42:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/09 17:42:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/09 17:42:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/09 12:16:53 | 000,000,050 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/04/09 11:44:19 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\mouclass.sys4E5EA5B4
[2010/04/08 13:30:36 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/08 13:30:28 | 000,001,667 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/08 11:43:17 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/08 08:17:08 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/07 17:01:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/09 15:48:43 | 000,236,544 | ---- | C] () -- C:\Documents and Settings\Sampson\pev.exe
[2010/01/09 15:48:43 | 000,008,984 | ---- | C] () -- C:\Documents and Settings\Sampson\ncmd.cfxxe
[2010/01/09 15:48:43 | 000,000,476 | ---- | C] () -- C:\Documents and Settings\Sampson\rkill.reg
[2009/07/24 04:07:36 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Sampson\ntuser.dat.LOG
[2009/07/24 04:07:36 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Sampson\ntuser.ini
[2009/07/24 04:07:35 | 003,407,872 | -H-- | C] () -- C:\Documents and Settings\Sampson\NTUSER.DAT
[2009/07/24 04:06:42 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/07/24 04:06:42 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2009/02/17 00:42:48 | 000,001,233 | ---- | C] () -- C:\WINDOWS\SASETS.INI
[2009/01/20 19:12:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/30 22:37:26 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/05/16 19:12:30 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2008/04/14 16:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/02/15 16:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2007/10/01 17:59:46 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2007/05/09 18:16:40 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2005/03/28 18:45:26 | 000,000,141 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2002/11/22 06:57:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2002/11/22 06:57:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2002/11/22 06:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2002/11/22 06:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2002/11/22 06:57:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2002/11/22 06:57:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

========== LOP Check ==========

[2009/02/17 00:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010/04/08 13:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/07/24 04:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QUALCOMM
[2010/03/26 21:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/01/10 08:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/04/09 11:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/25 22:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/05 16:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Blackberry Desktop
[2009/07/30 07:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\eSobi
[2009/07/27 13:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\InterVideo
[2009/08/04 05:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Panda Security
[2010/03/05 16:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Research In Motion
[2010/04/16 00:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\uTorrent
[2010/04/15 00:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/04/15 09:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/04/15 10:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/04/15 11:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/04/15 12:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/04/15 13:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/04/15 14:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/04/15 15:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/04/15 16:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/04/15 17:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/04/15 18:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/04/15 01:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/04/15 19:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/04/15 20:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/04/15 21:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/04/15 22:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/04/15 23:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/04/15 02:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/04/15 03:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/04/15 04:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/04/15 05:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/04/15 06:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/04/15 07:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/04/15 08:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/04/16 00:11:35 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
< End of report >

 

And the log from doing this? http://www.windowsbbs.com/malware-virus-removal/92413-active-malware-taking-over.html#post510554

 

OTL logfile created on: 4/16/2010 12:36:46 AM - Run 3
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Sampson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 414.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.20 Gb Total Space | 125.43 Gb Free Space | 87.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-E817FAE0D8
Current User Name: Sampson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/11 09:12:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sampson\Desktop\OTL.exe
PRC - [2010/03/27 23:13:16 | 000,530,416 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Sampson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/02/21 06:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces .exe
PRC - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/11/10 02:43:44 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) -- C:\QUALCOMM\QDLService\QDLService.exe
PRC - [2008/04/14 16:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/04/11 09:12:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sampson\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/15 20:07:02 | 000,560,792 | ---- | M] (CrossLoop Inc) [Auto | Stopped] -- C:\Documents and Settings\Sampson\Local Settings\Application Data\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/06 22:12:48 | 001,590,216 | ---- | M] (UltraVNC) [On_Demand | Stopped] -- C:\Documents and Settings\Sampson\Local Settings\Application Data\CrossLoop\winvnc.exe -- (uvnc_service)
SRV - [2009/01/20 15:22:52 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-092308-165331)
SRV - [2008/11/10 02:43:44 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\QUALCOMM\QDLService\QDLService.exe -- (QDLService)
SRV - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.gmail.com "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: justintvpublisher@justin.tv:3.1.5.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/08 01:49:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/08 01:49:24 | 000,000,000 | ---D | M]

[2009/08/01 20:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Mozilla\Extensions
[2010/04/14 17:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\extensions
[2009/09/03 09:57:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/07 22:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\extensions\justintvpublisher@justin.tv
[2010/04/14 09:12:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/04/14 16:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/20 14:11:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/04/14 21:32:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/12 03:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/11 09:12:14 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sampson\Desktop\OTL.exe
[2010/04/09 19:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/09 19:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/09 17:44:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/09 17:42:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/09 17:42:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/09 17:42:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/09 17:42:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/09 17:42:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/09 17:41:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/09 12:17:23 | 000,053,088 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/04/09 12:17:23 | 000,030,280 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/04/09 12:17:16 | 000,024,368 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/04/08 13:36:15 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/04/08 13:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/08 13:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/08 11:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/08 11:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2010/04/08 08:17:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/08 08:16:55 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/07 19:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/07 19:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/05 03:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sampson\Local Settings\Application Data\PCHealth
[2010/03/05 16:46:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/13 14:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/07/24 05:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/02/17 00:35:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/02/17 00:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/04/02 15:40:54 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2005/11/23 10:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Sampson\Desktop\*.tmp files -> C:\Documents and Settings\Sampson\Desktop\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/16 00:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/04/16 00:27:01 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006UA.job
[2010/04/16 00:11:35 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/16 00:10:10 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/16 00:10:10 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/16 00:10:10 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/16 00:06:13 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/16 00:05:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/16 00:05:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/16 00:05:51 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/16 00:03:56 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Sampson\NTUSER.DAT
[2010/04/16 00:03:56 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Sampson\ntuser.ini
[2010/04/16 00:03:47 | 004,300,978 | -H-- | M] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\IconCache.db
[2010/04/15 23:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/04/15 22:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/04/15 21:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/04/15 20:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/04/15 19:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/04/15 18:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/04/15 17:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/04/15 16:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/04/15 15:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/04/15 14:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/04/15 13:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/04/15 13:27:04 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006Core.job
[2010/04/15 12:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/04/15 11:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/04/15 10:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/04/15 09:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/04/15 08:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/04/15 07:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/04/15 06:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/04/15 05:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/04/15 04:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/04/15 03:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/04/15 02:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/04/15 01:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/04/14 06:19:30 | 000,001,164 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\Fm8hV5
[2010/04/14 03:05:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/12 23:00:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/04/12 23:00:12 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/11 09:12:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sampson\Desktop\OTL.exe
[2010/04/10 13:25:16 | 000,016,488 | -HS- | M] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\Sn5p4E4Q
[2010/04/10 13:25:16 | 000,016,488 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\Sn5p4E4Q
[2010/04/09 23:20:36 | 000,034,478 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\jeff.jpg
[2010/04/09 19:30:36 | 000,000,852 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\L8qmQ8G1Kj
[2010/04/09 17:58:34 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/09 17:44:23 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/09 12:17:23 | 000,053,088 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/04/09 12:17:23 | 000,030,280 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/04/09 12:17:22 | 000,024,368 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/04/09 12:16:53 | 000,000,050 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/04/09 12:13:33 | 000,002,330 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\Google Chrome.lnk
[2010/04/09 11:44:19 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\drivers\mouclass.sys4E5EA5B4
[2010/04/08 13:30:28 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/08 08:17:08 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/07 19:30:37 | 000,000,718 | ---- | M] () -- C:\WINDOWS\System\akstart.lnk
[2010/04/07 18:14:05 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\Michael Wills Resume.doc
[2010/04/07 17:01:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/07 17:01:38 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Sampson\Desktop\*.tmp files -> C:\Documents and Settings\Sampson\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/14 06:19:30 | 000,001,164 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Fm8hV5
[2010/04/14 06:19:30 | 000,001,164 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Fm8hV5
[2010/04/14 06:19:29 | 000,185,344 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe
[2010/04/12 16:20:53 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/04/12 16:20:52 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/04/12 16:20:51 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/04/12 16:20:51 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/04/12 16:20:51 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/04/12 16:20:51 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/04/12 16:20:51 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/04/12 16:20:51 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/04/12 16:20:51 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/04/12 16:20:51 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/04/12 16:20:51 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/04/12 16:20:50 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/04/11 04:28:40 | 1061,105,664 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/10 12:48:46 | 000,016,488 | -HS- | C] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\Sn5p4E4Q
[2010/04/10 07:47:04 | 000,016,508 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sn5p4E4Q
[2010/04/10 07:47:04 | 000,016,488 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Sn5p4E4Q
[2010/04/09 23:20:35 | 000,034,478 | ---- | C] () -- C:\Documents and Settings\Sampson\Desktop\jeff.jpg
[2010/04/09 19:30:36 | 000,000,852 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\L8qmQ8G1Kj
[2010/04/09 19:30:36 | 000,000,852 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\L8qmQ8G1Kj
[2010/04/09 17:44:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/09 17:44:17 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/09 17:42:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/09 17:42:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/09 17:42:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/09 17:42:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/09 12:16:53 | 000,000,050 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/04/09 11:44:19 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\mouclass.sys4E5EA5B4
[2010/04/08 13:30:36 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/08 13:30:28 | 000,001,667 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/08 11:43:17 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/08 08:17:08 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/07 17:01:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/09 15:48:43 | 000,236,544 | ---- | C] () -- C:\Documents and Settings\Sampson\pev.exe
[2010/01/09 15:48:43 | 000,008,984 | ---- | C] () -- C:\Documents and Settings\Sampson\ncmd.cfxxe
[2010/01/09 15:48:43 | 000,000,476 | ---- | C] () -- C:\Documents and Settings\Sampson\rkill.reg
[2009/07/24 04:07:36 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Sampson\ntuser.dat.LOG
[2009/07/24 04:07:36 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Sampson\ntuser.ini
[2009/07/24 04:07:35 | 003,407,872 | -H-- | C] () -- C:\Documents and Settings\Sampson\NTUSER.DAT
[2009/07/24 04:06:42 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/07/24 04:06:42 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2009/02/17 00:42:48 | 000,001,233 | ---- | C] () -- C:\WINDOWS\SASETS.INI
[2009/01/20 19:12:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/30 22:37:26 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/05/16 19:12:30 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2008/04/14 16:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/02/15 16:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2007/10/01 17:59:46 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2007/05/09 18:16:40 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2005/03/28 18:45:26 | 000,000,141 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2002/11/22 06:57:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2002/11/22 06:57:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2002/11/22 06:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2002/11/22 06:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2002/11/22 06:57:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2002/11/22 06:57:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

========== LOP Check ==========

[2009/02/17 00:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010/04/08 13:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/07/24 04:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QUALCOMM
[2010/03/26 21:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/01/10 08:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/04/09 11:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/25 22:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/05 16:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Blackberry Desktop
[2009/07/30 07:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\eSobi
[2009/07/27 13:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\InterVideo
[2009/08/04 05:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Panda Security
[2010/03/05 16:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Research In Motion
[2010/04/16 00:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\uTorrent
[2010/04/16 00:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/04/15 09:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/04/15 10:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/04/15 11:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/04/15 12:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/04/15 13:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/04/15 14:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/04/15 15:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/04/15 16:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/04/15 17:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/04/15 18:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/04/15 01:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/04/15 19:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/04/15 20:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/04/15 21:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/04/15 22:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/04/15 23:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/04/15 02:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/04/15 03:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/04/15 04:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/04/15 05:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/04/15 06:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/04/15 07:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/04/15 08:36:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/04/16 00:11:35 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< :Files >

< [2010/04/09 19:30:36 | 000,000,852 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\L8qmQ8G1Kj >
Invalid Switch: 09 19:30:36 | 000,000,852 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\L8qmQ8G1Kj

< [2010/04/09 19:30:36 | 000,000,852 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\L8qmQ8G1Kj >
Invalid Switch: 09 19:30:36 | 000,000,852 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\L8qmQ8G1Kj


< >

< :Commands >

< [emptytemp] >

< [resethosts] >

< [Reboot] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

< End of report >

 

When you ran the fix, did you include everything in the code box?
You need to include the : in front of the Files for the fix to work.

Let me know.

 

Hey thanks a lot for this... yes I included everything, even the :

 

• Download Avenger by Swandog and unzip it to your Desktop.
  
  Note: This program must be run from an account with Administrator privileges.
  
  
• Open the Avenger folder and double click Avenger.exe to launch the programme.
• Copy the text in the code box below and Paste it into the Input script here: box.

Code:

Files to delete:
C:\Documents and Settings\NetworkService\Local Settings\Application Data\L8qmQ8G1Kj
C:\Documents and Settings\All Users\Application Data\L8qmQ8G1Kj

• Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
  
  
• Ensure the following:
  • Scan for Rootkits is checked.
  • Automatically disable any rootkits found is Unchecked.
• Press the Execute key.
• Avenger will now process the script you've pasted (this may involve more than one re-boot), when finished it will produce a log file.
• Post the log back here please. (it can also be found at C:\avenger.txt)

=============

Can you move Combofix to the desktop (where I originally requested it be run from) and run it again as per my previous instructions.
Post it's log when done.

 

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Documents and Settings\NetworkService\Local Settings\Application Data\L8qmQ8G1Kj" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\L8qmQ8G1Kj" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

 

ComboFix 10-04-15.05 - Sampson 04/16/2010 10:49:35.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.550 [GMT -4:00]
Running from: c:\documents and settings\Sampson\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NetworkService\Local Settings\Application Data\ave.exe
c:\windows\PLFSetL .exe

.
((((((((((((((((((((((((( Files Created from 2010-03-16 to 2010-04-16 )))))))))))))))))))))))))))))))
.

2010-04-16 14:42 . 2010-04-16 14:42 28880 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{41DFD1F1-65AD-45EC-8545-DC6EDCAB87F4}\MpKsl6bf71d01.sys
2010-04-16 14:40 . 2010-04-16 14:40 3911239 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{43B820EB-C7E1-BA8A-A752-341526E9D0AE}-ComboFix.exe
2010-04-16 14:40 . 2010-04-16 14:40 3911239 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{683ED95A-ABBF-EE9D-10B5-281651854DD4}-ComboFix.exe
2010-04-16 14:35 . 2010-04-16 14:35 28880 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{41DFD1F1-65AD-45EC-8545-DC6EDCAB87F4}\MpKsl99f20418.sys
2010-04-14 07:04 . 2008-04-14 20:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-04-13 03:44 . 2010-04-13 03:44 41476 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{FA92E1DB-5140-3ED3-BE0B-7E7EA9361750}-qttask .exe
2010-04-12 20:35 . 2010-04-12 20:35 41476 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{25AAC0DA-1079-78DA-00F3-F8B1FE2B74CD}-dwtrig20.exe
2010-04-12 20:30 . 2010-04-12 20:30 41476 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{7A6E8AB2-D246-4461-DC43-B8466BFD85FA}-dwtrig20.exe
2010-04-09 23:30 . 2010-04-12 07:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-09 16:17 . 2010-04-09 16:17 53088 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-09 16:17 . 2010-04-09 16:17 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-09 16:17 . 2010-04-09 16:17 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-08 17:36 . 2010-04-13 03:00 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-08 17:30 . 2010-04-13 03:00 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-08 17:30 . 2010-04-08 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-04-08 17:30 . 2010-04-13 03:00 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-08 15:47 . 2010-04-09 15:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-08 15:43 . 2010-04-08 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-08 12:17 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-08 12:16 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-07 21:01 . 2010-04-07 21:01 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-05 07:58 . 2010-04-05 07:58 -------- d-----w- c:\documents and settings\Sampson\Local Settings\Application Data\PCHealth
2010-03-27 18:17 . 2010-03-27 18:25 -------- d-----w- c:\documents and settings\Sampson\Local Settings\Application Data\ctrxmt
2010-03-27 01:45 . 2010-03-27 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-03-22 20:04 . 2010-03-22 20:04 255472 ----a-w- c:\documents and settings\Sampson\Application Data\Mozilla\plugins\npgoogletalk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-16 04:05 . 2008-04-14 20:00 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-04-16 04:03 . 2009-08-02 07:15 -------- d-----w- c:\documents and settings\Sampson\Application Data\uTorrent
2010-04-14 07:13 . 2009-12-26 02:42 -------- d-----w- c:\program files\QuickTime
2010-04-14 07:13 . 2009-01-20 18:43 -------- d-----w- c:\program files\Launch Manager
2010-04-14 07:06 . 2009-01-20 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-12 20:20 . 2010-01-09 20:41 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-04-09 15:44 . 2010-04-09 15:44 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys4E5EA5B4
2010-04-08 15:43 . 2009-01-20 19:22 -------- d-----w- c:\program files\Google
2010-04-08 12:17 . 2010-01-09 19:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 21:01 . 2009-08-24 16:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-04 01:53 . 2009-09-06 12:29 -------- d-----w- c:\program files\AKProg
2010-03-11 12:38 . 2008-10-16 20:38 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2008-04-14 20:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2008-04-14 20:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2008-05-09 10:53 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 03:58 . 2010-03-08 03:58 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-03-06 05:18 . 2010-03-05 20:50 256 ----a-w- c:\windows\system32\pool.bin
2010-03-05 20:56 . 2010-03-05 20:56 -------- d-----w- c:\documents and settings\Sampson\Application Data\Blackberry Desktop
2010-03-05 20:49 . 2010-03-05 20:49 -------- d-----w- c:\documents and settings\Sampson\Application Data\Research In Motion
2010-03-05 20:47 . 2010-03-05 20:47 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-03-05 20:47 . 2010-03-05 20:47 -------- d-----w- c:\program files\Research In Motion
2010-02-24 14:16 . 2010-01-09 20:43 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 13:11 . 2008-10-24 11:21 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 16:25 . 2010-02-22 16:25 -------- d-----w- c:\documents and settings\Sampson\Application Data\UltraVNC
2010-02-16 14:08 . 2008-08-14 10:09 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-08-14 09:33 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-04-14 20:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-14 20:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

Code:

<pre>
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Hitman Pro 3.5\HitmanPro35 .exe
c:\program files\Launch Manager\QtZgAcer .exe
c:\program files\Microsoft Security Essentials\msseces .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Realtek\Audio\Drivers\AzMixerSel .exe
</pre>

((((((((((((((((((((((((((((( SnapShot@2010-04-09_21.58.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-16 14:34 . 2010-04-16 14:34 16384 c:\windows\Temp\Perflib_Perfdata_88.dat
- 2006-09-07 01:43 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe
+ 2006-09-07 01:43 . 2007-07-28 03:11 26488 c:\windows\system32\spupdsvc.exe
+ 2009-01-20 20:20 . 2010-04-16 14:38 72134 c:\windows\system32\perfc009.dat
- 2009-01-20 20:20 . 2010-04-09 15:57 72134 c:\windows\system32\perfc009.dat
+ 2008-04-14 20:00 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
- 2009-07-24 08:06 . 2009-01-20 19:23 60592 c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
+ 2009-07-24 08:06 . 2010-04-10 11:47 60592 c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
+ 2008-04-14 20:00 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
- 2009-01-20 19:19 . 2010-03-11 08:06 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-01-20 19:19 . 2010-04-14 07:06 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-01-20 19:19 . 2010-04-14 07:06 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-20 19:19 . 2010-03-11 08:06 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-01-20 19:19 . 2010-04-14 07:06 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-01-20 19:19 . 2010-03-11 08:06 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-10-25 13:18 . 2008-10-25 13:18 72568 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONFILTER.DLL
+ 2008-10-25 13:18 . 2008-10-25 13:18 98696 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONENOTEM.EXE
+ 2008-04-14 20:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2009-01-20 20:20 . 2010-04-16 14:38 443034 c:\windows\system32\perfh009.dat
- 2009-01-20 20:20 . 2010-04-09 15:57 443034 c:\windows\system32\perfh009.dat
+ 2008-04-14 20:00 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2008-05-09 10:53 . 2010-03-09 11:09 430080 c:\windows\system32\dllcache\vbscript.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 430080 c:\windows\system32\dllcache\vbscript.dll
+ 2008-04-14 20:00 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-10-24 11:21 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-04-14 20:00 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2010-04-12 07:28 . 2010-04-12 07:28 305664 c:\windows\Installer\124706d.msi
- 2009-01-20 19:19 . 2010-03-11 08:06 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-01-20 19:19 . 2010-04-14 07:06 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-20 19:19 . 2010-03-11 08:06 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-01-20 19:19 . 2010-04-14 07:06 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-01-20 19:19 . 2010-04-14 07:06 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-01-20 19:19 . 2010-03-11 08:06 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-01-20 19:19 . 2010-04-14 07:06 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2009-01-20 19:19 . 2010-03-11 08:06 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-10-25 12:52 . 2008-10-25 12:52 664968 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONBTTNOL.DLL
+ 2008-10-25 12:52 . 2008-10-25 12:52 604056 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONBTTNIE.DLL
- 2008-04-14 20:00 . 2009-07-12 16:21 4874240 c:\windows\system32\wmp.dll
+ 2008-04-14 20:00 . 2010-03-19 22:05 4874240 c:\windows\system32\wmp.dll
+ 2008-04-14 20:00 . 2010-03-19 22:05 4874240 c:\windows\system32\dllcache\wmp.dll
- 2008-04-14 20:00 . 2009-07-12 16:21 4874240 c:\windows\system32\dllcache\wmp.dll
+ 2008-08-14 10:11 . 2010-02-17 13:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 09:33 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 09:33 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 10:09 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2010-02-21 05:03 . 2010-02-21 05:03 4472832 c:\windows\Installer\6049453.msp
- 2009-01-20 19:19 . 2010-03-11 08:06 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-01-20 19:19 . 2010-04-14 07:06 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-03-06 09:00 . 2009-03-06 09:00 6596472 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONMAIN.DLL
+ 2008-11-10 15:49 . 2008-11-10 15:49 1165680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONLIBS.DLL
+ 2008-11-25 03:16 . 2008-11-25 03:16 1020776 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONENOTE.EXE
+ 2009-07-28 07:35 . 2010-04-06 17:52 31971272 c:\windows\system32\MRT.exe
+ 2010-03-22 20:03 . 2010-03-22 20:03 11732992 c:\windows\Installer\6049464.msp
+ 2009-04-03 23:46 . 2009-04-03 23:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSO.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 68856]
"Google Update "= "c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-16 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"BlackBerryAutoUpdate "= "c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"HitmanPro35 "= "c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [N/A]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 10:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 23:20 57344 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2008-10-03 19:18 294544 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2008-09-04 05:46 425984 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-20 19:22 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-16 16:05 133104 ----atw- c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 20:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 06:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 20:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 20:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 20:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\QTTask.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-12-30 21:58 18082304 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-09 20:50 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-24 08:14 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-25 16:32 1044480 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
"DisableNotifications "= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Documents and Settings\\Sampson\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll "=
"c:\\Documents and Settings\\Sampson\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Documents and Settings\\Sampson\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP "= 5910:TCP:vnc5910

R1 MpKsl6bf71d01;MpKsl6bf71d01;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{41DFD1F1-65AD-45EC-8545-DC6EDCAB87F4}\MpKsl6bf71d01.sys [4/16/2010 10:42 AM 28880]
R1 MpKsl99f20418;MpKsl99f20418;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{41DFD1F1-65AD-45EC-8545-DC6EDCAB87F4}\MpKsl99f20418.sys [4/16/2010 10:35 AM 28880]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [11/10/2008 2:43 AM 345336]
S1 adfyiqew;adfyiqew;\??\c:\windows\system32\drivers\adfyiqew.sys --> c:\windows\system32\drivers\adfyiqew.sys [?]
S1 afiwatfs;afiwatfs;\??\c:\windows\system32\drivers\afiwatfs.sys --> c:\windows\system32\drivers\afiwatfs.sys [?]
S1 ailgulld;ailgulld;\??\c:\windows\system32\drivers\ailgulld.sys --> c:\windows\system32\drivers\ailgulld.sys [?]
S1 aisggsig;aisggsig;\??\c:\windows\system32\drivers\aisggsig.sys --> c:\windows\system32\drivers\aisggsig.sys [?]
S1 alruyfvg;alruyfvg;\??\c:\windows\system32\drivers\alruyfvg.sys --> c:\windows\system32\drivers\alruyfvg.sys [?]
S1 apkxbpue;apkxbpue;\??\c:\windows\system32\drivers\apkxbpue.sys --> c:\windows\system32\drivers\apkxbpue.sys [?]
S1 atmmxame;atmmxame;\??\c:\windows\system32\drivers\atmmxame.sys --> c:\windows\system32\drivers\atmmxame.sys [?]
S1 bumfnder;bumfnder;\??\c:\windows\system32\drivers\bumfnder.sys --> c:\windows\system32\drivers\bumfnder.sys [?]
S1 busaarbc;busaarbc;\??\c:\windows\system32\drivers\busaarbc.sys --> c:\windows\system32\drivers\busaarbc.sys [?]
S1 bxydhbzh;bxydhbzh;\??\c:\windows\system32\drivers\bxydhbzh.sys --> c:\windows\system32\drivers\bxydhbzh.sys [?]
S1 cifivddr;cifivddr;\??\c:\windows\system32\drivers\cifivddr.sys --> c:\windows\system32\drivers\cifivddr.sys [?]
S1 cpoxzgoh;cpoxzgoh;\??\c:\windows\system32\drivers\cpoxzgoh.sys --> c:\windows\system32\drivers\cpoxzgoh.sys [?]
S1 cvermjmb;cvermjmb;\??\c:\windows\system32\drivers\cvermjmb.sys --> c:\windows\system32\drivers\cvermjmb.sys [?]
S1 cxiotagl;cxiotagl;\??\c:\windows\system32\drivers\cxiotagl.sys --> c:\windows\system32\drivers\cxiotagl.sys [?]
S1 cyyymcxa;cyyymcxa;\??\c:\windows\system32\drivers\cyyymcxa.sys --> c:\windows\system32\drivers\cyyymcxa.sys [?]
S1 daxohfla;daxohfla;\??\c:\windows\system32\drivers\daxohfla.sys --> c:\windows\system32\drivers\daxohfla.sys [?]
S1 dwttwlcm;dwttwlcm;\??\c:\windows\system32\drivers\dwttwlcm.sys --> c:\windows\system32\drivers\dwttwlcm.sys [?]
S1 eluhfmvh;eluhfmvh;\??\c:\windows\system32\drivers\eluhfmvh.sys --> c:\windows\system32\drivers\eluhfmvh.sys [?]
S1 enrwgrwn;enrwgrwn;\??\c:\windows\system32\drivers\enrwgrwn.sys --> c:\windows\system32\drivers\enrwgrwn.sys [?]
S1 envjojgn;envjojgn;\??\c:\windows\system32\drivers\envjojgn.sys --> c:\windows\system32\drivers\envjojgn.sys [?]
S1 eoypwiud;eoypwiud;\??\c:\windows\system32\drivers\eoypwiud.sys --> c:\windows\system32\drivers\eoypwiud.sys [?]
S1 excptvku;excptvku;\??\c:\windows\system32\drivers\excptvku.sys --> c:\windows\system32\drivers\excptvku.sys [?]
S1 fneemrct;fneemrct;\??\c:\windows\system32\drivers\fneemrct.sys --> c:\windows\system32\drivers\fneemrct.sys [?]
S1 fyzzajvd;fyzzajvd;\??\c:\windows\system32\drivers\fyzzajvd.sys --> c:\windows\system32\drivers\fyzzajvd.sys [?]
S1 gcgtyqnz;gcgtyqnz;\??\c:\windows\system32\drivers\gcgtyqnz.sys --> c:\windows\system32\drivers\gcgtyqnz.sys [?]
S1 glgrkqgo;glgrkqgo;\??\c:\windows\system32\drivers\glgrkqgo.sys --> c:\windows\system32\drivers\glgrkqgo.sys [?]
S1 gxkhluqx;gxkhluqx;\??\c:\windows\system32\drivers\gxkhluqx.sys --> c:\windows\system32\drivers\gxkhluqx.sys [?]
S1 hcmqfbkr;hcmqfbkr;\??\c:\windows\system32\drivers\hcmqfbkr.sys --> c:\windows\system32\drivers\hcmqfbkr.sys [?]
S1 hemwhtco;hemwhtco;\??\c:\windows\system32\drivers\hemwhtco.sys --> c:\windows\system32\drivers\hemwhtco.sys [?]
S1 hnflobwb;hnflobwb;\??\c:\windows\system32\drivers\hnflobwb.sys --> c:\windows\system32\drivers\hnflobwb.sys [?]
S1 hsdzegox;hsdzegox;\??\c:\windows\system32\drivers\hsdzegox.sys --> c:\windows\system32\drivers\hsdzegox.sys [?]
S1 htiattnr;htiattnr;\??\c:\windows\system32\drivers\htiattnr.sys --> c:\windows\system32\drivers\htiattnr.sys [?]
S1 htiffrkc;htiffrkc;\??\c:\windows\system32\drivers\htiffrkc.sys --> c:\windows\system32\drivers\htiffrkc.sys [?]
S1 iemmvdae;iemmvdae;\??\c:\windows\system32\drivers\iemmvdae.sys --> c:\windows\system32\drivers\iemmvdae.sys [?]
S1 iigpwxuz;iigpwxuz;\??\c:\windows\system32\drivers\iigpwxuz.sys --> c:\windows\system32\drivers\iigpwxuz.sys [?]
S1 ivmxxizo;ivmxxizo;\??\c:\windows\system32\drivers\ivmxxizo.sys --> c:\windows\system32\drivers\ivmxxizo.sys [?]
S1 jigqmujs;jigqmujs;\??\c:\windows\system32\drivers\jigqmujs.sys --> c:\windows\system32\drivers\jigqmujs.sys [?]
S1 jkxixymb;jkxixymb;\??\c:\windows\system32\drivers\jkxixymb.sys --> c:\windows\system32\drivers\jkxixymb.sys [?]
S1 jodvzvic;jodvzvic;\??\c:\windows\system32\drivers\jodvzvic.sys --> c:\windows\system32\drivers\jodvzvic.sys [?]
S1 jrsbflhy;jrsbflhy;\??\c:\windows\system32\drivers\jrsbflhy.sys --> c:\windows\system32\drivers\jrsbflhy.sys [?]
S1 jwjstrcn;jwjstrcn;\??\c:\windows\system32\drivers\jwjstrcn.sys --> c:\windows\system32\drivers\jwjstrcn.sys [?]
S1 jyaajtlb;jyaajtlb;\??\c:\windows\system32\drivers\jyaajtlb.sys --> c:\windows\system32\drivers\jyaajtlb.sys [?]
S1 kcknzwpd;kcknzwpd;\??\c:\windows\system32\drivers\kcknzwpd.sys --> c:\windows\system32\drivers\kcknzwpd.sys [?]
S1 kdhzzjrp;kdhzzjrp;\??\c:\windows\system32\drivers\kdhzzjrp.sys --> c:\windows\system32\drivers\kdhzzjrp.sys [?]
S1 keagzpqu;keagzpqu;\??\c:\windows\system32\drivers\keagzpqu.sys --> c:\windows\system32\drivers\keagzpqu.sys [?]
S1 kjzewzjg;kjzewzjg;\??\c:\windows\system32\drivers\kjzewzjg.sys --> c:\windows\system32\drivers\kjzewzjg.sys [?]
S1 klikbyhe;klikbyhe;\??\c:\windows\system32\drivers\klikbyhe.sys --> c:\windows\system32\drivers\klikbyhe.sys [?]
S1 kqqjhrxt;kqqjhrxt;\??\c:\windows\system32\drivers\kqqjhrxt.sys --> c:\windows\system32\drivers\kqqjhrxt.sys [?]
S1 ldmhzbfv;ldmhzbfv;\??\c:\windows\system32\drivers\ldmhzbfv.sys --> c:\windows\system32\drivers\ldmhzbfv.sys [?]
S1 leuaoesr;leuaoesr;\??\c:\windows\system32\drivers\leuaoesr.sys --> c:\windows\system32\drivers\leuaoesr.sys [?]
S1 lgpeogpg;lgpeogpg;\??\c:\windows\system32\drivers\lgpeogpg.sys --> c:\windows\system32\drivers\lgpeogpg.sys [?]
S1 lnbhhpva;lnbhhpva;\??\c:\windows\system32\drivers\lnbhhpva.sys --> c:\windows\system32\drivers\lnbhhpva.sys [?]
S1 lnemnyam;lnemnyam;\??\c:\windows\system32\drivers\lnemnyam.sys --> c:\windows\system32\drivers\lnemnyam.sys [?]
S1 lnlshdlv;lnlshdlv;\??\c:\windows\system32\drivers\lnlshdlv.sys --> c:\windows\system32\drivers\lnlshdlv.sys [?]
S1 lotqaikm;lotqaikm;\??\c:\windows\system32\drivers\lotqaikm.sys --> c:\windows\system32\drivers\lotqaikm.sys [?]
S1 lsadewkd;lsadewkd;\??\c:\windows\system32\drivers\lsadewkd.sys --> c:\windows\system32\drivers\lsadewkd.sys [?]
S1 mdosmnaq;mdosmnaq;\??\c:\windows\system32\drivers\mdosmnaq.sys --> c:\windows\system32\drivers\mdosmnaq.sys [?]
S1 mkbxtgce;mkbxtgce;\??\c:\windows\system32\drivers\mkbxtgce.sys --> c:\windows\system32\drivers\mkbxtgce.sys [?]
S1 mkjkywdx;mkjkywdx;\??\c:\windows\system32\drivers\mkjkywdx.sys --> c:\windows\system32\drivers\mkjkywdx.sys [?]
S1 mpbptoxg;mpbptoxg;\??\c:\windows\system32\drivers\mpbptoxg.sys --> c:\windows\system32\drivers\mpbptoxg.sys [?]
S1 mxghughy;mxghughy;\??\c:\windows\system32\drivers\mxghughy.sys --> c:\windows\system32\drivers\mxghughy.sys [?]
S1 nlanccde;nlanccde;\??\c:\windows\system32\drivers\nlanccde.sys --> c:\windows\system32\drivers\nlanccde.sys [?]
S1 npmyxkah;npmyxkah;\??\c:\windows\system32\drivers\npmyxkah.sys --> c:\windows\system32\drivers\npmyxkah.sys [?]
S1 octroxqf;octroxqf;\??\c:\windows\system32\drivers\octroxqf.sys --> c:\windows\system32\drivers\octroxqf.sys [?]
S1 oewprgpm;oewprgpm;\??\c:\windows\system32\drivers\oewprgpm.sys --> c:\windows\system32\drivers\oewprgpm.sys [?]
S1 ofepepqd;ofepepqd;\??\c:\windows\system32\drivers\ofepepqd.sys --> c:\windows\system32\drivers\ofepepqd.sys [?]
S1 pioikkst;pioikkst;\??\c:\windows\system32\drivers\pioikkst.sys --> c:\windows\system32\drivers\pioikkst.sys [?]
S1 pjgooijz;pjgooijz;\??\c:\windows\system32\drivers\pjgooijz.sys --> c:\windows\system32\drivers\pjgooijz.sys [?]
S1 plucvslj;plucvslj;\??\c:\windows\system32\drivers\plucvslj.sys --> c:\windows\system32\drivers\plucvslj.sys [?]
S1 ppefzsvk;ppefzsvk;\??\c:\windows\system32\drivers\ppefzsvk.sys --> c:\windows\system32\drivers\ppefzsvk.sys [?]
S1 ppvopmjx;ppvopmjx;\??\c:\windows\system32\drivers\ppvopmjx.sys --> c:\windows\system32\drivers\ppvopmjx.sys [?]
S1 pseexmir;pseexmir;\??\c:\windows\system32\drivers\pseexmir.sys --> c:\windows\system32\drivers\pseexmir.sys [?]
S1 qfohcaif;qfohcaif;\??\c:\windows\system32\drivers\qfohcaif.sys --> c:\windows\system32\drivers\qfohcaif.sys [?]
S1 qgtuwpbk;qgtuwpbk;\??\c:\windows\system32\drivers\qgtuwpbk.sys --> c:\windows\system32\drivers\qgtuwpbk.sys [?]
S1 qtfqfaua;qtfqfaua;\??\c:\windows\system32\drivers\qtfqfaua.sys --> c:\windows\system32\drivers\qtfqfaua.sys [?]
S1 rkxiudjf;rkxiudjf;\??\c:\windows\system32\drivers\rkxiudjf.sys --> c:\windows\system32\drivers\rkxiudjf.sys [?]
S1 sgpszqvc;sgpszqvc;\??\c:\windows\system32\drivers\sgpszqvc.sys --> c:\windows\system32\drivers\sgpszqvc.sys [?]
S1 svfexkuk;svfexkuk;\??\c:\windows\system32\drivers\svfexkuk.sys --> c:\windows\system32\drivers\svfexkuk.sys [?]
S1 tbwvivmo;tbwvivmo;\??\c:\windows\system32\drivers\tbwvivmo.sys --> c:\windows\system32\drivers\tbwvivmo.sys [?]
S1 tcjsouln;tcjsouln;\??\c:\windows\system32\drivers\tcjsouln.sys --> c:\windows\system32\drivers\tcjsouln.sys [?]
S1 tcxftcir;tcxftcir;\??\c:\windows\system32\drivers\tcxftcir.sys --> c:\windows\system32\drivers\tcxftcir.sys [?]
S1 teoblrbl;teoblrbl;\??\c:\windows\system32\drivers\teoblrbl.sys --> c:\windows\system32\drivers\teoblrbl.sys [?]
S1 tfttfuvx;tfttfuvx;\??\c:\windows\system32\drivers\tfttfuvx.sys --> c:\windows\system32\drivers\tfttfuvx.sys [?]
S1 tidfpoko;tidfpoko;\??\c:\windows\system32\drivers\tidfpoko.sys --> c:\windows\system32\drivers\tidfpoko.sys [?]
S1 toqfbdod;toqfbdod;\??\c:\windows\system32\drivers\toqfbdod.sys --> c:\windows\system32\drivers\toqfbdod.sys [?]
S1 tutpypmd;tutpypmd;\??\c:\windows\system32\drivers\tutpypmd.sys --> c:\windows\system32\drivers\tutpypmd.sys [?]
S1 uajvtaov;uajvtaov;\??\c:\windows\system32\drivers\uajvtaov.sys --> c:\windows\system32\drivers\uajvtaov.sys [?]
S1 uqabyyyb;uqabyyyb;\??\c:\windows\system32\drivers\uqabyyyb.sys --> c:\windows\system32\drivers\uqabyyyb.sys [?]
S1 uxmsljlj;uxmsljlj;\??\c:\windows\system32\drivers\uxmsljlj.sys --> c:\windows\system32\drivers\uxmsljlj.sys [?]
S1 vbetfiky;vbetfiky;\??\c:\windows\system32\drivers\vbetfiky.sys --> c:\windows\system32\drivers\vbetfiky.sys [?]
S1 vczqsput;vczqsput;\??\c:\windows\system32\drivers\vczqsput.sys --> c:\windows\system32\drivers\vczqsput.sys [?]
S1 vdsyuxmu;vdsyuxmu;\??\c:\windows\system32\drivers\vdsyuxmu.sys --> c:\windows\system32\drivers\vdsyuxmu.sys [?]
S1 vfseajww;vfseajww;\??\c:\windows\system32\drivers\vfseajww.sys --> c:\windows\system32\drivers\vfseajww.sys [?]
S1 vrmxrfzv;vrmxrfzv;\??\c:\windows\system32\drivers\vrmxrfzv.sys --> c:\windows\system32\drivers\vrmxrfzv.sys [?]
S1 vrnrdnbt;vrnrdnbt;\??\c:\windows\system32\drivers\vrnrdnbt.sys --> c:\windows\system32\drivers\vrnrdnbt.sys [?]
S1 vspqeuet;vspqeuet;\??\c:\windows\system32\drivers\vspqeuet.sys --> c:\windows\system32\drivers\vspqeuet.sys [?]
S1 wbcksbzu;wbcksbzu;\??\c:\windows\system32\drivers\wbcksbzu.sys --> c:\windows\system32\drivers\wbcksbzu.sys [?]
S1 weeqjijd;weeqjijd;\??\c:\windows\system32\drivers\weeqjijd.sys --> c:\windows\system32\drivers\weeqjijd.sys [?]
S1 wgppprhv;wgppprhv;\??\c:\windows\system32\drivers\wgppprhv.sys --> c:\windows\system32\drivers\wgppprhv.sys [?]
S1 wjjinjiw;wjjinjiw;\??\c:\windows\system32\drivers\wjjinjiw.sys --> c:\windows\system32\drivers\wjjinjiw.sys [?]
S1 wkaoilby;wkaoilby;\??\c:\windows\system32\drivers\wkaoilby.sys --> c:\windows\system32\drivers\wkaoilby.sys [?]
S1 wvcrotwx;wvcrotwx;\??\c:\windows\system32\drivers\wvcrotwx.sys --> c:\windows\system32\drivers\wvcrotwx.sys [?]
S1 xdtmlija;xdtmlija;\??\c:\windows\system32\drivers\xdtmlija.sys --> c:\windows\system32\drivers\xdtmlija.sys [?]
S1 xhlsrnsk;xhlsrnsk;\??\c:\windows\system32\drivers\xhlsrnsk.sys --> c:\windows\system32\drivers\xhlsrnsk.sys [?]
S1 xkjwarsp;xkjwarsp;\??\c:\windows\system32\drivers\xkjwarsp.sys --> c:\windows\system32\drivers\xkjwarsp.sys [?]
S1 xmaiqrfy;xmaiqrfy;\??\c:\windows\system32\drivers\xmaiqrfy.sys --> c:\windows\system32\drivers\xmaiqrfy.sys [?]
S1 xqljlier;xqljlier;\??\c:\windows\system32\drivers\xqljlier.sys --> c:\windows\system32\drivers\xqljlier.sys [?]
S1 xumzmlmm;xumzmlmm;\??\c:\windows\system32\drivers\xumzmlmm.sys --> c:\windows\system32\drivers\xumzmlmm.sys [?]
S1 xvrqezgj;xvrqezgj;\??\c:\windows\system32\drivers\xvrqezgj.sys --> c:\windows\system32\drivers\xvrqezgj.sys [?]
S1 xvtsyrth;xvtsyrth;\??\c:\windows\system32\drivers\xvtsyrth.sys --> c:\windows\system32\drivers\xvtsyrth.sys [?]
S1 xwcdgmtg;xwcdgmtg;\??\c:\windows\system32\drivers\xwcdgmtg.sys --> c:\windows\system32\drivers\xwcdgmtg.sys [?]
S1 xxrjdfft;xxrjdfft;\??\c:\windows\system32\drivers\xxrjdfft.sys --> c:\windows\system32\drivers\xxrjdfft.sys [?]
S1 zazgskap;zazgskap;\??\c:\windows\system32\drivers\zazgskap.sys --> c:\windows\system32\drivers\zazgskap.sys [?]
S1 zdcxqdaw;zdcxqdaw;\??\c:\windows\system32\drivers\zdcxqdaw.sys --> c:\windows\system32\drivers\zdcxqdaw.sys [?]
S1 zgunwcaw;zgunwcaw;\??\c:\windows\system32\drivers\zgunwcaw.sys --> c:\windows\system32\drivers\zgunwcaw.sys [?]
S2 CrossLoopService;CrossLoop Service;c:\documents and settings\Sampson\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [2/22/2010 10:11 AM 560792]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/20/2009 3:22 PM 30192]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [4/8/2010 1:30 PM 15944]
S3 QCFilterGAD;Gobi AD USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterGAD.sys [7/24/2009 4:08 AM 5248]
S3 qcusbnetGAD;Gobi AD USB-NDIS miniport;c:\windows\system32\drivers\qcusbnetGAD.sys [7/24/2009 4:08 AM 115200]
S3 qcusbserGAD;Gobi AD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserGAD.sys [2/17/2009 12:42 AM 103680]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 uvnc_service;uvnc_service;c:\documents and settings\Sampson\Local Settings\Application Data\CrossLoop\winvnc.exe [2/22/2010 10:11 AM 1590216]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MPKSL6BF71D01
*NewlyCreated* - MPKSL99F20418
.
Contents of the 'Scheduled Tasks' folder

2010-04-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-24 15:43]

2010-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006Core.job
- c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-16 16:05]

2010-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006UA.job
- c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-16 16:05]

2010-04-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - plugin: c:\documents and settings\Sampson\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Sampson\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\documents and settings\Sampson\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Sampson\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1908.5032\npCIDetect14.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HitmanPro35 - c:\program files\Hitman Pro 3.5\HitmanPro35.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-16 11:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86954AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf753bf28
\Driver\ACPI -> ACPI.sys @ 0xf749ecb8
\Driver\atapi -> atapi.sys @ 0xf7456852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
SecurityProcedure -> ntoskrnl.exe @ 0x805df529
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
SecurityProcedure -> ntoskrnl.exe @ 0x805df529
NDIS: Atheros AR5007EG Wireless Network Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7363bd4
PacketIndicateHandler -> NDIS.sys @ 0xf736fa21
SendHandler -> NDIS.sys @ 0xf7363d44
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(780)
c:\windows\system32\WININET.dll
.
Completion time: 2010-04-16 11:07:06
ComboFix-quarantined-files.txt 2010-04-16 15:06
ComboFix2.txt 2010-04-09 22:03

Pre-Run: 134,995,714,048 bytes free
Post-Run: 135,054,753,792 bytes free

- - End Of File - - B2D8636EB919A599297BBA832C2162DA