Inactive Google Redirect and Audio/Internet Connection randomly Stopping

wealthymike · 2010/09/25

[Inactive] Google Redirect and Audio/Internet Connection randomly Stopping

I'd Appreciate any help I can get. Thank You! Here are my dds logs:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Sampson at 11:52:08.14 on Sat 09/25/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.512 [GMT -4:00]

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AKProg\AKProg.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Sampson\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\QUALCOMM\QDLService\QDLService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sampson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sampson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sampson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sampson\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mExplorerRun: [application] c:\program files\akprog\AKProg.exe hs
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sampson\applic~1\mozilla\firefox\profiles\l85e7cm8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\sampson\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\sampson\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\sampson\application data\mozilla\firefox\profiles\l85e7cm8.default\extensions\justintvpublisher@justin.tv\platform\winnt_x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\documents and settings\sampson\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\sampson\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\sampson\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google updater\2.4.1908.5032\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]
R2 CrossLoopService;CrossLoop Service;c:\documents and settings\sampson\local settings\application data\crossloop\CrossLoopService.exe [2010-2-22 560792]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\qdlservice\QDLService.exe [2008-11-10 345336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-19 135664]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-20 30192]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-4-8 16968]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-8 96856]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-4-8 38224]
S3 QCFilterGAD;Gobi AD USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterGAD.sys [2009-7-24 5248]
S3 qcusbnetGAD;Gobi AD USB-NDIS miniport;c:\windows\system32\drivers\qcusbnetGAD.sys [2009-7-24 115200]
S3 qcusbserGAD;Gobi AD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserGAD.sys [2009-2-17 103680]
S3 uvnc_service;uvnc_service;c:\documents and settings\sampson\local settings\application data\crossloop\winvnc.exe [2010-2-22 1590216]

=============== Created Last 30 ================

2010-09-17 17:26:16 0 d-sh--w- c:\program files\AKProg
2010-09-17 17:25:04 788 --sh--w- c:\windows\system\actualspystart.lnk
2010-09-16 07:23:35 0 d-----w- c:\windows\system32\MpEngineStore
2010-09-16 07:05:07 175 ----a-w- c:\windows\system32\MRT.INI
2010-09-13 03:33:46 0 d-s---w- C:\ComboFix

==================== Find3M ====================

2010-09-05 07:53:00 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2009-01-20 18:25:44 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-07-24 08:04:30 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009072420090725\index.dat

============= FINISH: 11:53:58.48 ===============

wealthymike · 2010/09/25

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/24/2009 4:06:44 AM
System Uptime: 9/25/2010 11:48:54 AM (0 hours ago)

Motherboard: Acer | |
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU | 1596/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 143 GiB total, 115.445 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP342: 6/27/2010 3:35:14 PM - Software Distribution Service 3.0
RP343: 6/28/2010 3:35:38 PM - Software Distribution Service 3.0
RP344: 6/29/2010 7:18:13 AM - Software Distribution Service 3.0
RP345: 6/29/2010 9:28:15 PM - Software Distribution Service 3.0
RP346: 6/30/2010 10:45:20 PM - Software Distribution Service 3.0
RP347: 7/2/2010 12:36:15 AM - System Checkpoint
RP348: 7/2/2010 4:05:26 AM - Software Distribution Service 3.0
RP349: 7/3/2010 4:45:56 AM - System Checkpoint
RP350: 7/3/2010 7:23:00 AM - Software Distribution Service 3.0
RP351: 7/4/2010 1:44:35 AM - Software Distribution Service 3.0
RP352: 7/5/2010 4:55:26 AM - System Checkpoint
RP353: 7/5/2010 7:25:30 AM - Software Distribution Service 3.0
RP354: 7/6/2010 11:53:19 AM - System Checkpoint
RP355: 7/7/2010 3:24:06 PM - System Checkpoint
RP356: 7/8/2010 2:43:50 PM - Software Distribution Service 3.0
RP357: 7/9/2010 2:30:26 PM - Software Distribution Service 3.0
RP358: 7/10/2010 2:30:26 PM - Software Distribution Service 3.0
RP359: 7/11/2010 2:19:43 AM - Software Distribution Service 3.0
RP360: 7/11/2010 2:29:57 PM - Software Distribution Service 3.0
RP361: 7/12/2010 2:30:26 PM - Software Distribution Service 3.0
RP362: 7/13/2010 3:12:42 PM - Software Distribution Service 3.0
RP363: 7/14/2010 3:00:18 AM - Software Distribution Service 3.0
RP364: 7/15/2010 8:20:23 AM - Software Distribution Service 3.0
RP365: 7/15/2010 10:42:43 PM - Installed Windows Media Player 11
RP366: 7/15/2010 10:43:42 PM - Software Distribution Service 3.0
RP367: 7/16/2010 7:23:46 AM - Software Distribution Service 3.0
RP368: 7/17/2010 3:00:26 AM - Software Distribution Service 3.0
RP369: 7/17/2010 10:38:10 PM - Software Distribution Service 3.0
RP370: 7/19/2010 3:29:16 AM - Software Distribution Service 3.0
RP371: 7/20/2010 9:28:13 AM - Software Distribution Service 3.0
RP372: 7/21/2010 12:17:08 PM - System Checkpoint
RP373: 7/21/2010 1:09:48 PM - Software Distribution Service 3.0
RP374: 7/22/2010 3:42:03 PM - System Checkpoint
RP375: 7/23/2010 4:40:14 AM - Software Distribution Service 3.0
RP376: 7/24/2010 8:33:34 AM - System Checkpoint
RP377: 7/24/2010 11:29:35 AM - Software Distribution Service 3.0
RP378: 7/25/2010 5:52:51 PM - Software Distribution Service 3.0
RP379: 7/26/2010 10:37:00 PM - System Checkpoint
RP380: 7/27/2010 11:30:06 AM - Software Distribution Service 3.0
RP381: 7/28/2010 6:17:34 PM - System Checkpoint
RP382: 7/29/2010 3:09:20 PM - Software Distribution Service 3.0
RP383: 7/30/2010 11:29:46 AM - Software Distribution Service 3.0
RP384: 7/31/2010 3:58:48 PM - System Checkpoint
RP385: 7/31/2010 5:36:27 PM - Software Distribution Service 3.0
RP386: 8/1/2010 2:11:36 AM - Software Distribution Service 3.0
RP387: 8/2/2010 2:45:03 AM - Software Distribution Service 3.0
RP388: 8/2/2010 11:30:16 AM - Software Distribution Service 3.0
RP389: 8/3/2010 3:00:22 AM - Software Distribution Service 3.0
RP390: 8/4/2010 1:32:28 AM - Software Distribution Service 3.0
RP391: 8/5/2010 6:02:48 AM - Software Distribution Service 3.0
RP392: 8/6/2010 10:27:23 AM - Software Distribution Service 3.0
RP393: 8/8/2010 1:37:59 AM - Software Distribution Service 3.0
RP394: 8/8/2010 10:17:33 AM - Software Distribution Service 3.0
RP395: 8/9/2010 10:16:54 AM - Software Distribution Service 3.0
RP396: 8/10/2010 11:33:00 AM - Software Distribution Service 3.0
RP397: 8/11/2010 12:23:57 PM - Software Distribution Service 3.0
RP398: 8/12/2010 3:00:36 AM - Software Distribution Service 3.0
RP399: 8/12/2010 10:52:57 PM - Software Distribution Service 3.0
RP400: 8/14/2010 2:39:19 AM - System Checkpoint
RP401: 8/14/2010 3:39:29 AM - Software Distribution Service 3.0
RP402: 8/15/2010 1:52:45 AM - Software Distribution Service 3.0
RP403: 8/16/2010 3:38:26 AM - Software Distribution Service 3.0
RP404: 8/17/2010 9:56:39 AM - Software Distribution Service 3.0
RP405: 8/18/2010 3:37:47 AM - Software Distribution Service 3.0
RP406: 8/19/2010 4:40:59 AM - Software Distribution Service 3.0
RP407: 8/20/2010 3:37:55 AM - Software Distribution Service 3.0
RP408: 8/21/2010 10:43:15 AM - Software Distribution Service 3.0
RP409: 8/22/2010 2:07:37 AM - Software Distribution Service 3.0
RP410: 8/23/2010 2:33:39 AM - System Checkpoint
RP411: 8/24/2010 6:09:26 PM - System Checkpoint
RP412: 8/29/2010 11:01:12 AM - System Checkpoint
RP413: 8/30/2010 6:48:40 PM - System Checkpoint
RP414: 9/3/2010 3:03:59 PM - System Checkpoint
RP415: 9/5/2010 4:17:57 AM - System Checkpoint
RP416: 9/8/2010 4:58:04 PM - System Checkpoint
RP417: 9/10/2010 9:30:24 AM - System Checkpoint
RP418: 9/12/2010 11:34:48 PM - ComboFix created restore point
RP419: 9/17/2010 10:29:48 AM - System Checkpoint
RP420: 9/20/2010 5:02:06 PM - System Checkpoint
RP421: 9/23/2010 8:17:40 AM - System Checkpoint
RP422: 9/25/2010 12:43:45 AM - System Checkpoint

==== Installed Programs ======================

µTorrent
Acer 3G Connection Manager
Acer Crystal Eye webcam
Acer ScreenSaver
Acrobat.com
Actual Keylogger 2.3
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlackBerry Desktop Software 5.0.1
Bonjour
Carbonite Online Backup Setup
Choice Guard
CrossLoop 2.71
eSobi v2
Free YouTube to MP3 Converter version 3.2
Google Chrome
Google Desktop
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
InterVideo Register Manager
InterVideo WinDVD
iTunes
Java(TM) 6 Update 16
JMicron JMB38X Flash Media Controller
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Move Media Player
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Qualcomm Gobi Driver Package
Qualcomm Gobi Images
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Spelling Dictionaries Support For Adobe Reader 9
Synaptics Pointing Device Driver
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11

==== Event Viewer Messages From Past Week ========

9/24/2010 12:27:42 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.91.399.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6201.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
9/24/2010 12:27:42 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.91.399.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6201.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
9/23/2010 10:44:34 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Alureon.H&threatid=2147632576 User: ACER-E817FAE0D8\Sampson Name: Virus:Win32/Alureon.H ID: 2147632576 Severity: Severe Category: Virus Path: rootkit:Alureon->Compbatt Action: Quarantine Error Code: 0x80070032 Error description: The request is not supported. Status: To finish removing spyware and other potentially unwanted software, restart the computer. To see how to finish removing spyware and other potentially unwanted software, see this support article on the Microsoft Security website. Signature Version: AV: 1.91.399.0, AS: 1.91.399.0 Engine Version: 1.1.6201.0
9/23/2010 10:44:34 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Alureon.H&threatid=2147632576 User: ACER-E817FAE0D8\Sampson Name: Virus:Win32/Alureon.H ID: 2147632576 Severity: Severe Category: Virus Path: rootkit:Alureon->Compbatt Action: Clean Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Status: To finish removing spyware and other potentially unwanted software, restart the computer. To see how to finish removing spyware and other potentially unwanted software, see this support article on the Microsoft Security website. Signature Version: AV: 1.91.399.0, AS: 1.91.399.0 Engine Version: 1.1.6201.0
9/22/2010 8:56:11 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/22/2010 8:56:07 AM, error: Service Control Manager [7034] - The CrossLoop Service service terminated unexpectedly. It has done this 1 time(s).
9/22/2010 8:56:01 AM, error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).
9/22/2010 8:55:56 AM, error: Service Control Manager [7031] - The Google Software Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
9/22/2010 8:55:38 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
9/22/2010 8:55:38 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
9/22/2010 8:52:39 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.91.141.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6201.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/22/2010 6:31:01 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
9/21/2010 2:14:43 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.91.141.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6201.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
9/21/2010 2:14:43 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.91.141.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6201.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
9/21/2010 2:08:46 PM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
9/21/2010 2:04:33 AM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
9/21/2010 2:04:29 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
9/21/2010 2:04:25 AM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
9/21/2010 2:04:25 AM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
9/21/2010 2:03:59 AM, error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
9/21/2010 2:03:54 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
9/21/2010 2:03:53 AM, error: Service Control Manager [7034] - The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).
9/20/2010 3:44:39 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
9/20/2010 12:16:50 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Alureon.H&threatid=2147632576 User: ACER-E817FAE0D8\Sampson Name: Virus:Win32/Alureon.H ID: 2147632576 Severity: Severe Category: Virus Path: rootkit:Alureon->Compbatt Action: Quarantine Error Code: 0x80070032 Error description: The request is not supported. Status: To finish removing spyware and other potentially unwanted software, restart the computer. To see how to finish removing spyware and other potentially unwanted software, see this support article on the Microsoft Security website. Signature Version: AV: 1.91.141.0, AS: 1.91.141.0 Engine Version: 1.1.6201.0
9/20/2010 12:16:49 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Alureon.H&threatid=2147632576 User: ACER-E817FAE0D8\Sampson Name: Virus:Win32/Alureon.H ID: 2147632576 Severity: Severe Category: Virus Path: rootkit:Alureon->Compbatt Action: Clean Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Status: To finish removing spyware and other potentially unwanted software, restart the computer. To see how to finish removing spyware and other potentially unwanted software, see this support article on the Microsoft Security website. Signature Version: AV: 1.91.141.0, AS: 1.91.141.0 Engine Version: 1.1.6201.0
9/20/2010 11:11:28 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Automatic Updates service to connect.
9/20/2010 11:11:28 AM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/20/2010 11:11:28 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

==== End Of File ===========================

broni · 2010/09/25

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

wealthymike · 2010/09/25

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4692

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9/25/2010 12:51:03 PM
mbam-log-2010-09-25 (12-51-03).txt

Scan type: Quick scan
Objects scanned: 149112
Time elapsed: 11 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Sampson\My Documents\downloads\actualspy.exe (Application.ActualSpy) -> Quarantined and deleted successfully.

broni · 2010/09/25

Go on....

wealthymike · 2010/09/25

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-25 22:41:11
Windows 5.1.2600 Service Pack 3
Running: x0he7ik5.exe; Driver: C:\DOCUME~1\Sampson\LOCALS~1\Temp\fglorpob.sys

---- Kernel code sections - GMER 1.0.15 ----

? gipcaqvs.sys The system cannot find the file specified. !
.rsrc C:\WINDOWS\system32\drivers\compbatt.sys entry point in ".rsrc" section [0xF7ABD214]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1092] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A
.text C:\WINDOWS\System32\svchost.exe[1092] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A
.text C:\WINDOWS\System32\svchost.exe[1092] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C
.text C:\WINDOWS\System32\svchost.exe[1092] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00F2000A
.text C:\WINDOWS\system32\wuauclt.exe[1292] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\wuauclt.exe[1292] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C3000A
.text C:\WINDOWS\system32\wuauclt.exe[1292] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C1000C
.text C:\WINDOWS\Explorer.EXE[1528] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1528] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[1528] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[1528] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtQuerySystemInformation] [01CE40D0] C:\Program Files\AKProg\hprog.dll
IAT C:\WINDOWS\Explorer.EXE[1528] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!NtQuerySystemInformation] [01CE40D0] C:\Program Files\AKProg\hprog.dll
IAT C:\WINDOWS\Explorer.EXE[1528] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtQuerySystemInformation] [01CE40D0] C:\Program Files\AKProg\hprog.dll
IAT C:\WINDOWS\Explorer.EXE[1528] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtQuerySystemInformation] [01CE40D0] C:\Program Files\AKProg\hprog.dll
IAT C:\WINDOWS\Explorer.EXE[1528] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtQuerySystemInformation] [01CE40D0] C:\Program Files\AKProg\hprog.dll
IAT C:\WINDOWS\Explorer.EXE[1528] @ C:\WINDOWS\system32\PSAPI.DLL [ntdll.dll!NtQuerySystemInformation] [01CE40D0] C:\Program Files\AKProg\hprog.dll
IAT C:\Documents and Settings\Sampson\Desktop\x0he7ik5.exe[3008] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQuerySystemInformation] [00DF40D0] C:\Program Files\AKProg\hprog.dll
IAT C:\Documents and Settings\Sampson\Desktop\x0he7ik5.exe[3008] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtQuerySystemInformation] [00DF40D0] C:\Program Files\AKProg\hprog.dll
IAT C:\Documents and Settings\Sampson\Desktop\x0he7ik5.exe[3008] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!NtQuerySystemInformation] [00DF40D0] C:\Program Files\AKProg\hprog.dll
IAT C:\Documents and Settings\Sampson\Desktop\x0he7ik5.exe[3008] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtQuerySystemInformation] [00DF40D0] C:\Program Files\AKProg\hprog.dll
IAT C:\Documents and Settings\Sampson\Desktop\x0he7ik5.exe[3008] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtQuerySystemInformation] [00DF40D0] C:\Program Files\AKProg\hprog.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 862D9EC5

---- Processes - GMER 1.0.15 ----

Process C:\Program Files\AKProg\AKProg.exe (*** hidden *** ) 2036

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 09: copy of MBR

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt 181 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@bluekai[1].txt 534 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@adap[2].txt 880 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@scanscout[1].txt 458 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@securestudies[1].txt 176 bytes
File C:\WINDOWS\system32\drivers\compbatt.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

wealthymike · 2010/09/25

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000004

Kernel Drivers (total 108):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7BA7000 \WINDOWS\system32\KDCOM.DLL
0xF7AB7000 \WINDOWS\system32\BOOTVID.dll
0xF7658000 ACPI.sys
0xF7BA9000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7647000 pci.sys
0xF76A7000 isapnp.sys
0xF7ABB000 compbatt.sys
0xF7ABF000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7C6F000 pciide.sys
0xF7927000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF76B7000 MountMgr.sys
0xF7628000 ftdisk.sys
0xF7AC3000 ACPIEC.sys
0xF7C70000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF792F000 PartMgr.sys
0xF76C7000 VolSnap.sys
0xF7610000 atapi.sys
0xF76D7000 disk.sys
0xF76E7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF75F0000 fltMgr.sys
0xF75DE000 sr.sys
0xF75C7000 KSecDD.sys
0xF753A000 Ntfs.sys
0xF750D000 NDIS.sys
0xF74F3000 Mup.sys
0xF7757000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7B93000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF5DCC000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF5DB8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF5D90000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF5D73000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF5C31000 \SystemRoot\system32\DRIVERS\athw.sys
0xF7A4F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5C0D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7A57000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7767000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7A5F000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0xF7A67000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF5BD6000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7BD1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7A6F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B9B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF7CA1000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7BD3000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF7A77000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7777000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B9F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5BBF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7787000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7797000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7A7F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5A9B000 \SystemRoot\system32\DRIVERS\psched.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF795F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF796F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7977000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xF63D2000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7BF7000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF4FAA000 \SystemRoot\system32\DRIVERS\ks.sys
0xF4DAD000 \SystemRoot\system32\DRIVERS\update.sys
0xF7B3F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6382000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7917000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xA6760000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA673C000 \SystemRoot\system32\drivers\portcls.sys
0xF7707000 \SystemRoot\system32\drivers\drmk.sys
0xA43DC000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xA2E3D000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0xF4E4B000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xA3C98000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0xF7BDF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA64C2000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BE1000 \SystemRoot\System32\Drivers\Beep.SYS
0xA3C88000 \SystemRoot\System32\drivers\vga.sys
0xF7BE3000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BE5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA3C80000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA3C78000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA3D57000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA2E0A000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA2DB1000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA2D89000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA2D63000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA2D41000 \SystemRoot\System32\drivers\afd.sys
0xF4E3B000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA2D16000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA2CA6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF4E1B000 \SystemRoot\System32\Drivers\Fips.SYS
0xF4E0B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xA3901000 \SystemRoot\System32\drivers\Dxapi.sys
0xA38AB000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CD4000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA4298000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA2B39000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA2AFC000 \SystemRoot\system32\drivers\wdmaud.sys
0xA3762000 \SystemRoot\system32\drivers\sysaudio.sys
0xA270D000 \SystemRoot\system32\DRIVERS\srv.sys
0xA235C000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 34):
0 System Idle Process
4 System
620 C:\WINDOWS\system32\smss.exe
692 csrss.exe
716 C:\WINDOWS\system32\winlogon.exe
764 C:\WINDOWS\system32\services.exe
776 C:\WINDOWS\system32\lsass.exe
944 C:\WINDOWS\system32\svchost.exe
996 svchost.exe
1056 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1264 svchost.exe
1380 svchost.exe
1596 C:\WINDOWS\explorer.exe
1652 C:\WINDOWS\system32\spoolsv.exe
1772 svchost.exe
1836 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1956 C:\Program Files\AKProg\AKProg.exe
1964 C:\Program Files\Microsoft Security Essentials\msseces.exe
1972 C:\WINDOWS\system32\ctfmon.exe
1992 C:\Program Files\Bonjour\mDNSResponder.exe
156 C:\Documents and Settings\Sampson\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
536 C:\Program Files\Google\Update\GoogleUpdate.exe
556 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
372 C:\Program Files\Java\jre6\bin\jqs.exe
1472 C:\QUALCOMM\QDLService\QDLService.exe
1900 C:\WINDOWS\system32\svchost.exe
2044 C:\WINDOWS\system32\svchost.exe
576 C:\WINDOWS\system32\wuauclt.exe
2564 alg.exe
3364 C:\WINDOWS\system32\svchost.exe
3828 C:\Documents and Settings\Sampson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
400 C:\Documents and Settings\Sampson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
1876 C:\Documents and Settings\Sampson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3328 C:\Documents and Settings\Sampson\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`768ff800 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543216L9A300, Rev: FB2OC40C

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

broni · 2010/09/25

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

wealthymike · 2010/09/25

2010/09/25 22:54:05.0251 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/25 22:54:05.0251 ================================================================================
2010/09/25 22:54:05.0251 SystemInfo:
2010/09/25 22:54:05.0251
2010/09/25 22:54:05.0251 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/25 22:54:05.0251 Product type: Workstation
2010/09/25 22:54:05.0251 ComputerName: ACER-E817FAE0D8
2010/09/25 22:54:05.0251 UserName: Sampson
2010/09/25 22:54:05.0251 Windows directory: C:\WINDOWS
2010/09/25 22:54:05.0251 System windows directory: C:\WINDOWS
2010/09/25 22:54:05.0251 Processor architecture: Intel x86
2010/09/25 22:54:05.0251 Number of processors: 2
2010/09/25 22:54:05.0251 Page size: 0x1000
2010/09/25 22:54:05.0251 Boot type: Normal boot
2010/09/25 22:54:05.0251 ================================================================================
2010/09/25 22:54:05.0688 Initialize success
2010/09/25 22:54:08.0564 ================================================================================
2010/09/25 22:54:08.0564 Scan started
2010/09/25 22:54:08.0564 Mode: Manual;
2010/09/25 22:54:08.0564 ================================================================================
2010/09/25 22:54:10.0127 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/25 22:54:10.0330 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/09/25 22:54:11.0033 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/25 22:54:11.0283 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/25 22:54:12.0674 AR5416 (241843b24fec6b71507508eac35689e5) C:\WINDOWS\system32\DRIVERS\athw.sys
2010/09/25 22:54:13.0502 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/25 22:54:13.0721 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/25 22:54:14.0127 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/25 22:54:14.0346 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/25 22:54:14.0565 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/25 22:54:14.0971 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/25 22:54:15.0190 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/25 22:54:15.0549 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/25 22:54:15.0768 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/25 22:54:15.0971 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\drivers\Cdrom.sys
2010/09/25 22:54:16.0440 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/09/25 22:54:16.0862 Compbatt (020dd8cbdfa389b98dcb7600981cc930) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/25 22:54:16.0862 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\compbatt.sys. Real md5: 020dd8cbdfa389b98dcb7600981cc930, Fake md5: 72d810e908c31db97557f580973c8a51
2010/09/25 22:54:16.0877 Compbatt - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/09/25 22:54:17.0768 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/25 22:54:17.0987 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
2010/09/25 22:54:18.0221 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/25 22:54:18.0456 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/25 22:54:18.0706 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/25 22:54:18.0909 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/25 22:54:19.0315 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/25 22:54:19.0581 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/25 22:54:19.0831 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/09/25 22:54:20.0034 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/25 22:54:20.0206 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/09/25 22:54:20.0425 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/09/25 22:54:20.0737 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/25 22:54:20.0972 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/25 22:54:21.0191 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/25 22:54:21.0409 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/25 22:54:21.0644 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/25 22:54:21.0894 hitmanpro35 (9a035acdb3202e3894252c4c4e0874c8) C:\WINDOWS\system32\drivers\hitmanpro35.sys
2010/09/25 22:54:22.0316 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/25 22:54:22.0925 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/25 22:54:23.0331 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/09/25 22:54:23.0800 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
2010/09/25 22:54:24.0082 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys
2010/09/25 22:54:24.0472 IntcAzAudAddService (81b7003bf13ff3ac95d7b2d4c2e8f787) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/09/25 22:54:25.0066 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/25 22:54:25.0269 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/09/25 22:54:25.0472 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/25 22:54:25.0691 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/25 22:54:25.0910 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/25 22:54:26.0160 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/25 22:54:26.0348 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/25 22:54:26.0566 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/25 22:54:26.0832 JMCR (da971cfc625d13636e04c405948e9d62) C:\WINDOWS\system32\DRIVERS\jmcr.sys
2010/09/25 22:54:27.0066 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/25 22:54:27.0254 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/25 22:54:27.0488 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/25 22:54:27.0957 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/25 22:54:28.0176 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/25 22:54:28.0410 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/25 22:54:28.0582 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/25 22:54:28.0817 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/09/25 22:54:29.0192 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/25 22:54:29.0442 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/25 22:54:29.0661 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/25 22:54:29.0895 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/25 22:54:30.0129 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/25 22:54:30.0332 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/25 22:54:30.0567 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/25 22:54:30.0754 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/25 22:54:30.0926 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/25 22:54:31.0129 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/25 22:54:31.0364 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/25 22:54:31.0692 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/25 22:54:31.0848 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/25 22:54:32.0051 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/25 22:54:32.0255 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/25 22:54:32.0489 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/25 22:54:32.0708 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/25 22:54:32.0927 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/25 22:54:33.0239 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/25 22:54:33.0442 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/25 22:54:33.0614 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/25 22:54:33.0770 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/25 22:54:33.0989 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/25 22:54:34.0224 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/09/25 22:54:34.0411 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/25 22:54:34.0599 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/25 22:54:34.0817 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/25 22:54:35.0224 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/25 22:54:35.0443 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/25 22:54:36.0880 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/25 22:54:37.0068 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/25 22:54:37.0255 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/25 22:54:37.0458 QCFilterGAD (70ac19d9d1900835e27eab20f294ddea) C:\WINDOWS\system32\DRIVERS\qcfilterGAD.sys
2010/09/25 22:54:37.0677 qcusbnetGAD (e325a56ae0de875eb7bf0acbbcce5369) C:\WINDOWS\system32\DRIVERS\qcusbnetGAD.sys
2010/09/25 22:54:37.0927 qcusbserGAD (a00556c0648446abaa5e364f0489c403) C:\WINDOWS\system32\DRIVERS\qcusbserGAD.sys
2010/09/25 22:54:39.0068 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/25 22:54:39.0287 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/25 22:54:39.0537 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/25 22:54:39.0724 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/25 22:54:39.0959 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/25 22:54:40.0178 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/25 22:54:40.0412 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/25 22:54:40.0693 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/09/25 22:54:40.0943 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/09/25 22:54:41.0146 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/09/25 22:54:41.0381 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/09/25 22:54:41.0631 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/25 22:54:41.0881 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/09/25 22:54:42.0475 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/25 22:54:43.0256 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/25 22:54:43.0522 SNP2UVC (0302bc619d4a723317e7f8eb0c362bd3) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2010/09/25 22:54:43.0944 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/25 22:54:44.0194 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/25 22:54:44.0428 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/25 22:54:44.0709 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/25 22:54:44.0881 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/25 22:54:45.0085 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/25 22:54:46.0085 SynTP (409f7eeb079d6154ccb26a02e6e27844) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/09/25 22:54:46.0319 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/25 22:54:46.0585 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/25 22:54:46.0788 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/25 22:54:47.0022 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/25 22:54:47.0241 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/25 22:54:47.0726 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/25 22:54:48.0179 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/25 22:54:49.0116 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/09/25 22:54:49.0679 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/25 22:54:50.0679 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/25 22:54:51.0351 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/25 22:54:52.0164 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/25 22:54:52.0804 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/25 22:54:53.0273 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/25 22:54:53.0492 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/25 22:54:54.0148 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/25 22:54:54.0633 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/25 22:54:54.0914 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/25 22:54:55.0586 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/25 22:54:56.0258 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/09/25 22:54:56.0696 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/25 22:54:57.0055 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/25 22:54:57.0305 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/25 22:54:57.0539 ================================================================================
2010/09/25 22:54:57.0539 Scan finished
2010/09/25 22:54:57.0539 ================================================================================
2010/09/25 22:54:57.0586 Detected object count: 1
2010/09/25 22:55:28.0044 Compbatt (020dd8cbdfa389b98dcb7600981cc930) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/25 22:55:28.0044 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\compbatt.sys. Real md5: 020dd8cbdfa389b98dcb7600981cc930, Fake md5: 72d810e908c31db97557f580973c8a51
2010/09/25 22:55:42.0921 Backup copy found, using it..
2010/09/25 22:55:42.0999 C:\WINDOWS\system32\DRIVERS\compbatt.sys - will be cured after reboot
2010/09/25 22:55:42.0999 Rootkit.Win32.TDSS.tdl3(Compbatt) - User select action: Cure
2010/09/25 22:55:47.0234 Deinitialize success

broni · 2010/09/25

Good

How is redirection?

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

wealthymike · 2010/09/25

ComboFix 10-09-25.06 - Sampson 09/25/2010 23:15:19.10.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.620 [GMT -4:00]
Running from: c:\documents and settings\Sampson\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2010-08-26 to 2010-09-26 )))))))))))))))))))))))))))))))
.

2010-09-17 17:26 . 2010-09-17 17:26 -------- d-sh--w- c:\program files\AKProg
2010-09-16 07:23 . 2010-09-17 03:36 -------- d-----w- c:\windows\system32\MpEngineStore
2010-09-06 03:22 . 2010-09-06 03:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-08-31 16:11 . 2010-08-31 16:11 3401880 ----a-w- c:\documents and settings\Sampson\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 15:55 . 2010-08-31 15:55 275096 ----a-w- c:\documents and settings\Sampson\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-08-31 15:39 . 2010-08-31 15:39 3734536 ----a-w- c:\documents and settings\Sampson\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 02:56 . 2008-04-14 00:06 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-09-25 16:38 . 2010-01-09 19:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-20 21:46 . 2009-08-02 07:15 -------- d-----w- c:\documents and settings\Sampson\Application Data\uTorrent
2010-09-16 07:06 . 2009-01-20 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-14 22:28 . 2010-05-29 06:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-05 07:53 . 2010-04-08 17:30 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-22 15:21 . 2010-08-22 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-08-17 13:17 . 2008-04-14 20:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-28 03:42 . 2010-07-28 03:40 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-22 15:49 . 2008-04-14 20:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-07-25 16:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-07 08:46 . 2010-07-07 08:46 68256 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.1.400\English\setup.exe
2010-06-30 12:31 . 2008-04-14 20:00 149504 ----a-w- c:\windows\system32\schannel.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-08-23_17.12.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-26 02:56 . 2010-09-26 02:56 16384 c:\windows\temp\Perflib_Perfdata_79c.dat
- 2010-07-16 02:48 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
+ 2010-07-16 02:48 . 2009-05-26 09:01 17272 c:\windows\system32\spmsg.dll
- 2009-01-20 20:20 . 2010-08-23 17:03 72134 c:\windows\system32\perfc009.dat
+ 2009-01-20 20:20 . 2010-09-01 12:49 72134 c:\windows\system32\perfc009.dat
+ 2010-04-08 12:17 . 2010-04-29 19:39 38224 c:\windows\system32\drivers\mbamswissarmy.sys
- 2010-04-08 12:17 . 2010-03-30 04:46 38224 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-04-08 12:16 . 2010-04-29 19:39 20952 c:\windows\system32\drivers\mbam.sys
+ 2008-04-14 20:00 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2009-01-20 19:19 . 2010-09-16 07:06 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-01-20 19:19 . 2010-08-12 07:02 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-01-20 19:19 . 2010-09-16 07:06 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-20 19:19 . 2010-08-12 07:02 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-01-20 19:19 . 2010-09-16 07:06 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-01-20 19:19 . 2010-08-12 07:02 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-06-04 07:02 . 2010-09-13 07:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-04 07:02 . 2010-06-04 07:02 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2008-04-14 20:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
- 2008-04-14 20:00 . 2008-04-14 20:00 293376 c:\windows\system32\winsrv.dll
+ 2008-04-14 20:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
- 2008-04-14 20:00 . 2008-04-14 20:00 406016 c:\windows\system32\usp10.dll
+ 2009-01-20 20:20 . 2010-09-01 12:49 443034 c:\windows\system32\perfh009.dat
- 2009-01-20 20:20 . 2010-08-23 17:03 443034 c:\windows\system32\perfh009.dat
+ 2006-10-19 01:47 . 2010-03-30 16:24 317440 c:\windows\system32\mp4sdecd.dll
- 2006-10-19 01:47 . 2006-10-19 01:47 317440 c:\windows\system32\MP4SDECD.dll
+ 2008-04-11 19:04 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
- 2008-04-14 20:00 . 2008-04-14 20:00 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2008-04-14 20:00 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
- 2008-04-14 20:00 . 2008-04-14 20:00 406016 c:\windows\system32\dllcache\usp10.dll
+ 2008-04-14 20:00 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
+ 2008-04-14 20:00 . 2010-07-22 15:49 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2010-03-30 16:24 . 2010-03-30 16:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
+ 2008-04-11 19:04 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-09-13 01:52 . 2009-08-04 09:55 143232 c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
+ 2010-08-04 19:13 . 2010-08-04 19:13 686080 c:\windows\Installer\29ce378.msp
+ 2010-09-13 12:37 . 2010-09-13 12:37 331264 c:\windows\Installer\1b3777e.msi
- 2009-01-20 19:19 . 2010-08-12 07:02 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-01-20 19:19 . 2010-09-16 07:06 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-01-20 19:19 . 2010-09-16 07:06 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-20 19:19 . 2010-08-12 07:02 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-20 19:19 . 2010-08-12 07:02 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-01-20 19:19 . 2010-09-16 07:06 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-01-20 19:19 . 2010-09-16 07:06 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2009-01-20 19:19 . 2010-08-12 07:02 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2009-01-20 19:19 . 2010-08-12 07:02 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-01-20 19:19 . 2010-09-16 07:06 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-07-28 07:35 . 2010-09-16 07:01 35552200 c:\windows\system32\MRT.exe
+ 2010-09-13 07:00 . 2010-09-13 07:00 20303872 c:\windows\Installer\7f19e0.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"application "= "c:\program files\AKProg\AKProg.exe" [2005-07-09 522752]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 23:20 57344 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2010-03-11 02:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2008-10-03 19:18 294544 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 20:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2008-09-04 05:46 425984 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-20 19:22 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-16 16:05 133104 ----atw- c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
2010-09-03 07:56 6300480 ----a-w- c:\program files\Hitman Pro 3.5\HitmanPro35.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-28 22:00 166424 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-28 22:00 141848 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 20:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 06:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 20:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-28 22:00 137752 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 20:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 20:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-12-30 21:58 18082304 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-09 20:50 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-24 08:14 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-25 16:32 1044480 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications "= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Documents and Settings\\Sampson\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll "=
"c:\\Documents and Settings\\Sampson\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Documents and Settings\\Sampson\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP "= 5910:TCP:vnc5910

R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [11/10/2008 2:43 AM 345336]
S2 CrossLoopService;CrossLoop Service;c:\documents and settings\Sampson\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [2/22/2010 10:11 AM 560792]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2010 4:55 AM 135664]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/20/2009 3:22 PM 30192]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [4/8/2010 1:30 PM 16968]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [7/8/2008 1:16 PM 96856]
S3 QCFilterGAD;Gobi AD USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterGAD.sys [7/24/2009 4:08 AM 5248]
S3 qcusbnetGAD;Gobi AD USB-NDIS miniport;c:\windows\system32\drivers\qcusbnetGAD.sys [7/24/2009 4:08 AM 115200]
S3 qcusbserGAD;Gobi AD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserGAD.sys [2/17/2009 12:42 AM 103680]
S3 uvnc_service;uvnc_service;c:\documents and settings\Sampson\Local Settings\Application Data\CrossLoop\winvnc.exe [2/22/2010 10:11 AM 1590216]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMDB
*Deregistered* - klmdb
.
Contents of the 'Scheduled Tasks' folder

2010-09-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-24 15:43]

2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 08:55]

2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 08:55]

2010-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006Core.job
- c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-16 16:05]

2010-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006UA.job
- c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-16 16:05]

2010-09-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\Sampson\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Sampson\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\documents and settings\Sampson\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Sampson\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1908.5032\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3340)
c:\windows\system32\WININET.dll
c:\program files\AKProg\hprog.dll
c:\program files\AKProg\hkdll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-25 23:23:19
ComboFix-quarantined-files.txt 2010-09-26 03:23
ComboFix2.txt 2010-08-24 04:30
ComboFix3.txt 2010-08-23 17:17
ComboFix4.txt 2010-08-07 14:28

Pre-Run: 123,855,822,848 bytes free
Post-Run: 124,307,845,120 bytes free

- - End Of File - - F6D71A877ACAF3309855DDBD586A9759

broni · 2010/09/25

You didn't say how is redirection....

broni · 2010/09/25

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\ALCMTR.EXE

DDS::
uInternet Settings,ProxyOverride = <local>

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
 "AntiVirusOverride "=-
 "FirewallOverride "=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
 "DisableNotifications "=-
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

wealthymike · 2010/09/25

Google Redirection seems to be good now thank you!

broni · 2010/09/25

Good

wealthymike · 2010/09/25

ComboFix 10-09-25.06 - Sampson 09/25/2010 23:46:20.11.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.513 [GMT -4:00]
Running from: c:\documents and settings\Sampson\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sampson\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\windows\ALCMTR.EXE "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ALCMTR.EXE

.
((((((((((((((((((((((((( Files Created from 2010-08-26 to 2010-09-26 )))))))))))))))))))))))))))))))
.

2010-09-17 17:26 . 2010-09-17 17:26 -------- d-sh--w- c:\program files\AKProg
2010-09-16 07:23 . 2010-09-17 03:36 -------- d-----w- c:\windows\system32\MpEngineStore
2010-09-06 03:22 . 2010-09-06 03:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-08-31 16:11 . 2010-08-31 16:11 3401880 ----a-w- c:\documents and settings\Sampson\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 15:55 . 2010-08-31 15:55 275096 ----a-w- c:\documents and settings\Sampson\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-08-31 15:39 . 2010-08-31 15:39 3734536 ----a-w- c:\documents and settings\Sampson\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 02:56 . 2008-04-14 00:06 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-09-25 16:38 . 2010-01-09 19:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-20 21:46 . 2009-08-02 07:15 -------- d-----w- c:\documents and settings\Sampson\Application Data\uTorrent
2010-09-16 07:06 . 2009-01-20 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-14 22:28 . 2010-05-29 06:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-05 07:53 . 2010-04-08 17:30 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-22 15:21 . 2010-08-22 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-08-17 13:17 . 2008-04-14 20:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2008-04-14 20:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-07-25 16:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-07 08:46 . 2010-07-07 08:46 68256 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.1.400\English\setup.exe
2010-06-30 12:31 . 2008-04-14 20:00 149504 ----a-w- c:\windows\system32\schannel.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-08-23_17.12.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-26 02:56 . 2010-09-26 02:56 16384 c:\windows\temp\Perflib_Perfdata_79c.dat
- 2010-07-16 02:48 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
+ 2010-07-16 02:48 . 2009-05-26 09:01 17272 c:\windows\system32\spmsg.dll
- 2009-01-20 20:20 . 2010-08-23 17:03 72134 c:\windows\system32\perfc009.dat
+ 2009-01-20 20:20 . 2010-09-01 12:49 72134 c:\windows\system32\perfc009.dat
+ 2010-04-08 12:17 . 2010-04-29 19:39 38224 c:\windows\system32\drivers\mbamswissarmy.sys
- 2010-04-08 12:17 . 2010-03-30 04:46 38224 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-04-08 12:16 . 2010-04-29 19:39 20952 c:\windows\system32\drivers\mbam.sys
+ 2008-04-14 20:00 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2009-01-20 19:19 . 2010-09-16 07:06 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-01-20 19:19 . 2010-08-12 07:02 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-01-20 19:19 . 2010-09-16 07:06 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-20 19:19 . 2010-08-12 07:02 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-01-20 19:19 . 2010-09-16 07:06 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-01-20 19:19 . 2010-08-12 07:02 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-06-04 07:02 . 2010-09-13 07:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-04 07:02 . 2010-06-04 07:02 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2008-04-14 20:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
- 2008-04-14 20:00 . 2008-04-14 20:00 293376 c:\windows\system32\winsrv.dll
+ 2008-04-14 20:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
- 2008-04-14 20:00 . 2008-04-14 20:00 406016 c:\windows\system32\usp10.dll
+ 2009-01-20 20:20 . 2010-09-01 12:49 443034 c:\windows\system32\perfh009.dat
- 2009-01-20 20:20 . 2010-08-23 17:03 443034 c:\windows\system32\perfh009.dat
+ 2006-10-19 01:47 . 2010-03-30 16:24 317440 c:\windows\system32\mp4sdecd.dll
- 2006-10-19 01:47 . 2006-10-19 01:47 317440 c:\windows\system32\MP4SDECD.dll
+ 2008-04-11 19:04 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
- 2008-04-14 20:00 . 2008-04-14 20:00 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2008-04-14 20:00 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
- 2008-04-14 20:00 . 2008-04-14 20:00 406016 c:\windows\system32\dllcache\usp10.dll
+ 2008-04-14 20:00 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
+ 2008-04-14 20:00 . 2010-07-22 15:49 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2010-03-30 16:24 . 2010-03-30 16:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
+ 2008-04-11 19:04 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-09-13 01:52 . 2009-08-04 09:55 143232 c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
+ 2010-08-04 19:13 . 2010-08-04 19:13 686080 c:\windows\Installer\29ce378.msp
+ 2010-09-13 12:37 . 2010-09-13 12:37 331264 c:\windows\Installer\1b3777e.msi
- 2009-01-20 19:19 . 2010-08-12 07:02 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-01-20 19:19 . 2010-09-16 07:06 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-01-20 19:19 . 2010-09-16 07:06 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-20 19:19 . 2010-08-12 07:02 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-20 19:19 . 2010-08-12 07:02 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-01-20 19:19 . 2010-09-16 07:06 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-01-20 19:19 . 2010-09-16 07:06 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2009-01-20 19:19 . 2010-08-12 07:02 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2009-01-20 19:19 . 2010-08-12 07:02 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-01-20 19:19 . 2010-09-16 07:06 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-07-28 07:35 . 2010-09-16 07:01 35552200 c:\windows\system32\MRT.exe
+ 2010-09-13 07:00 . 2010-09-13 07:00 20303872 c:\windows\Installer\7f19e0.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"application "= "c:\program files\AKProg\AKProg.exe" [2005-07-09 522752]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2010-03-11 02:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2008-10-03 19:18 294544 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 20:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2008-09-04 05:46 425984 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-20 19:22 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-16 16:05 133104 ----atw- c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
2010-09-03 07:56 6300480 ----a-w- c:\program files\Hitman Pro 3.5\HitmanPro35.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-28 22:00 166424 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-28 22:00 141848 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 20:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 06:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 20:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-28 22:00 137752 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 20:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 20:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-12-30 21:58 18082304 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-09 20:50 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-24 08:14 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-25 16:32 1044480 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Documents and Settings\\Sampson\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll "=
"c:\\Documents and Settings\\Sampson\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Documents and Settings\\Sampson\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP "= 5910:TCP:vnc5910

R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [11/10/2008 2:43 AM 345336]
S2 CrossLoopService;CrossLoop Service;c:\documents and settings\Sampson\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [2/22/2010 10:11 AM 560792]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2010 4:55 AM 135664]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/20/2009 3:22 PM 30192]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [4/8/2010 1:30 PM 16968]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [7/8/2008 1:16 PM 96856]
S3 QCFilterGAD;Gobi AD USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterGAD.sys [7/24/2009 4:08 AM 5248]
S3 qcusbnetGAD;Gobi AD USB-NDIS miniport;c:\windows\system32\drivers\qcusbnetGAD.sys [7/24/2009 4:08 AM 115200]
S3 qcusbserGAD;Gobi AD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserGAD.sys [2/17/2009 12:42 AM 103680]
S3 uvnc_service;uvnc_service;c:\documents and settings\Sampson\Local Settings\Application Data\CrossLoop\winvnc.exe [2/22/2010 10:11 AM 1590216]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMDB
*Deregistered* - klmdb
.
Contents of the 'Scheduled Tasks' folder

2010-09-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-24 15:43]

2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 08:55]

2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 08:55]

2010-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006Core.job
- c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-16 16:05]

2010-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006UA.job
- c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-16 16:05]

2010-09-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\Sampson\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Sampson\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\documents and settings\Sampson\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Sampson\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1908.5032\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-25 23:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-09-25 23:53:39
ComboFix-quarantined-files.txt 2010-09-26 03:53
ComboFix2.txt 2010-09-26 03:23
ComboFix3.txt 2010-08-24 04:30
ComboFix4.txt 2010-08-23 17:17
ComboFix5.txt 2010-09-26 03:45

Pre-Run: 124,317,528,064 bytes free
Post-Run: 124,308,733,952 bytes free

- - End Of File - - 117765D413BE44E1D8B2FFCB93278DB1

broni · 2010/09/25

Looks good

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

wealthymike · 2010/09/25

OTL logfile created on: 9/26/2010 12:38:06 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Sampson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 480.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.20 Gb Total Space | 115.77 Gb Free Space | 80.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-E817FAE0D8
Current User Name: Sampson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/26 00:34:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sampson\Desktop\OTL.exe
PRC - [2010/09/21 01:40:50 | 000,977,976 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Sampson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/25 21:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2008/11/10 02:43:44 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) -- C:\QUALCOMM\QDLService\QDLService.exe
PRC - [2008/04/14 16:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2005/07/08 21:55:20 | 000,522,752 | ---- | M] (Actual Spy Software) -- C:\Program Files\AKProg\AKProg.exe

========== Modules (SafeList) ==========

MOD - [2010/09/26 00:34:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sampson\Desktop\OTL.exe
MOD - [2008/04/14 16:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/07/07 22:22:20 | 000,018,944 | ---- | M] () -- C:\Program Files\AKProg\hkdll.dll
MOD - [2005/06/17 12:48:56 | 000,020,480 | ---- | M] () -- C:\Program Files\AKProg\hprog.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/02/15 20:07:02 | 000,560,792 | ---- | M] (CrossLoop Inc) [Auto | Stopped] -- C:\Documents and Settings\Sampson\Local Settings\Application Data\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2009/12/06 22:12:48 | 001,590,216 | ---- | M] (UltraVNC) [On_Demand | Stopped] -- C:\Documents and Settings\Sampson\Local Settings\Application Data\CrossLoop\winvnc.exe -- (uvnc_service)
SRV - [2009/01/20 15:22:52 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-092308-165331)
SRV - [2008/11/10 02:43:44 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\QUALCOMM\QDLService\QDLService.exe -- (QDLService)
SRV - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Sampson\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/05 03:53:00 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/01/06 22:00:08 | 004,968,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/11/10 02:37:34 | 000,115,200 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcusbnetGAD.sys -- (qcusbnetGAD)
DRV - [2008/11/10 02:37:34 | 000,103,680 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcusbserGAD.sys -- (qcusbserGAD)
DRV - [2008/11/10 02:37:34 | 000,005,248 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcfilterGAD.sys -- (QCFilterGAD)
DRV - [2008/10/31 00:14:20 | 000,117,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/20 23:47:46 | 001,318,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/07/08 13:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/04/25 12:17:10 | 000,225,024 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/04/14 16:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/15 16:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/10/01 17:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2005/01/13 17:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/12/08 02:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.gmail.com "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: justintvpublisher@justin.tv:3.1.5.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/25 00:04:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/25 00:04:38 | 000,000,000 | ---D | M]

[2009/08/01 20:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Mozilla\Extensions
[2010/09/03 19:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\extensions
[2009/09/03 09:57:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/07 22:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\extensions\justintvpublisher@justin.tv
[2010/09/03 19:02:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/09/25 23:51:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: application = C:\Program Files\AKProg\AKProg.exe hs (Actual Spy Software)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sampson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sampson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/20 14:11:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/09/26 00:34:00 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sampson\Desktop\OTL.exe
[2010/09/25 22:53:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sampson\Desktop\tdsskiller
[2010/09/25 12:36:10 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sampson\Desktop\mbam-setup-1.46.exe
[2010/09/23 10:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sampson\Desktop\report
[2010/09/17 13:26:16 | 000,000,000 | -HSD | C] -- C:\Program Files\AKProg
[2010/09/16 03:23:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/09/05 23:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/09/05 23:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/08/23 12:44:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/23 12:44:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/23 12:44:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/23 12:44:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/23 11:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/08/22 11:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/08/07 09:58:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/04 14:54:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Google
[2010/08/03 03:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/03 03:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/27 23:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/07/25 17:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\WebCam
[2010/07/16 00:59:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sampson\My Documents\My Videos
[2010/07/16 00:59:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/07/15 22:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/07/15 22:45:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/07/11 00:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sampson\Desktop\PICS
[2007/04/02 15:40:54 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2005/11/23 10:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Documents and Settings\Sampson\Desktop\*.tmp files -> C:\Documents and Settings\Sampson\Desktop\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/26 00:37:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006UA.job
[2010/09/26 00:34:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sampson\Desktop\OTL.exe
[2010/09/26 00:13:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/25 23:53:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/25 23:51:51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/25 23:51:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/25 23:12:15 | 003,854,099 | R--- | M] () -- C:\Documents and Settings\Sampson\Desktop\ComboFix.exe
[2010/09/25 23:02:12 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/25 22:56:51 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/09/25 22:56:48 | 000,000,718 | ---- | M] () -- C:\WINDOWS\System\akstart.lnk
[2010/09/25 22:56:40 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/25 22:56:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/25 22:56:34 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/25 22:56:00 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Sampson\NTUSER.DAT
[2010/09/25 22:56:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Sampson\ntuser.ini
[2010/09/25 22:55:53 | 005,365,750 | -H-- | M] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\IconCache.db
[2010/09/25 22:53:18 | 001,193,882 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\tdsskiller.zip
[2010/09/25 22:46:53 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\MBRCheck.exe
[2010/09/25 12:52:21 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\x0he7ik5.exe
[2010/09/25 12:36:28 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sampson\Desktop\mbam-setup-1.46.exe
[2010/09/25 11:51:42 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\dds.scr
[2010/09/25 08:37:53 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006Core.job
[2010/09/23 10:39:06 | 000,002,304 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\Google Chrome.lnk
[2010/09/23 10:39:06 | 000,002,282 | ---- | M] () -- C:\Documents and Settings\Sampson\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/23 10:09:43 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/19 23:04:16 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/17 13:25:13 | 000,000,788 | -HS- | M] () -- C:\WINDOWS\System\actualspystart.lnk
[2010/09/16 03:06:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/16 03:05:07 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/10 02:26:52 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/10 02:26:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/09/05 03:53:00 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/03 13:46:01 | 000,366,787 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\JeffSuit.png
[2010/09/01 08:49:22 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/01 08:49:22 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/01 08:49:21 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/25 12:57:36 | 000,020,706 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\moustache3.jpg
[2010/08/25 12:57:05 | 000,090,135 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\moustache2.jpg
[2010/08/25 12:55:34 | 000,092,758 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\moustaches-in-movies.jpg
[2010/08/23 12:40:31 | 000,025,144 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\combofix.htm
[2010/08/22 14:28:27 | 000,045,502 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\slaterarrested.jpg
[2010/08/19 05:32:44 | 000,021,376 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\Mike Wills Jr Resume Motor Vehicle.docx
[2010/08/15 19:33:10 | 000,061,622 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\jetbluetournament.jpg
[2010/08/12 03:30:07 | 000,249,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/10 23:50:32 | 000,033,824 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\jefftimdavis.JPG
[2010/07/30 16:45:34 | 000,050,688 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\Michael Wills Jr Resume.doc
[2010/07/25 17:53:49 | 000,000,501 | ---- | M] () -- C:\Documents and Settings\Sampson\Application Data\Microsoft\Internet Explorer\Quick Launch\WebCam.lnk
[2010/07/25 17:51:48 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\.lnk
[2010/07/25 17:51:48 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Sampson\Application Data\Microsoft\Internet Explorer\Quick Launch\.lnk
[2010/07/19 03:17:52 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/19 03:17:52 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/16 00:59:12 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Sampson\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/16 00:59:12 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\Windows Media Player.lnk
[2010/07/15 22:46:25 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/15 22:45:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/07/14 19:58:41 | 000,009,842 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\FERGUSON.jpg
[2010/07/05 14:28:37 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/29 07:18:34 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Documents and Settings\Sampson\Desktop\*.tmp files -> C:\Documents and Settings\Sampson\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/25 23:11:45 | 003,854,099 | R--- | C] () -- C:\Documents and Settings\Sampson\Desktop\ComboFix.exe
[2010/09/25 22:53:17 | 001,193,882 | ---- | C] () -- C:\Documents and Settings\Sampson\Desktop\tdsskiller.zip
[2010/09/25 22:46:53 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Sampson\Desktop\MBRCheck.exe
[2010/09/25 12:52:20 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Sampson\Desktop\x0he7ik5.exe
[2010/09/17 13:25:04 | 000,000,788 | -HS- | C] () -- C:\WINDOWS\System\actualspystart.lnk
[2010/09/16 03:05:07 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/03 13:46:01 | 000,366,787 | ---- | C] () -- C:\Documents and Settings\Sampson\Desktop\JeffSuit.png
[2010/08/25 12:57:36 | 000,020,706 | ---- | C] () -- C:\Documents and Settings\Sampson\Desktop\moustache3.jpg
[2010/08/25 12:57:05 | 000,090,135 | ---- | C] () -- C:\Documents and Settings\Sampson\Desktop\moustache2.jpg
[2010/08/25 12:55:33 | 000,092,758 | ---- | C] () -- C:\Documents and Settings\Sampson\Desktop\moustaches-in-movies.jpg
[2010/08/23 12:44:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/23 12:44:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/23 12:44:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/23 12:44:11 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/23 12:44:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/23 12:40:30 | 000,025,144 | ---- | C] () -- C:\Documents and Settings\Sampson\Desktop\combofix.htm
[2010/08/22 14:28:27 | 000,045,502 | ---- | C] () -- C:\Documents and Settings\Sampson\Desktop\slaterarrested.jpg
[2010/08/22 10:37:05 | 1061,105,664 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/19 05:32:44 | 000,021,376 | ---- | C] () -- C:\Documents and Settings\Sampson\Desktop\Mike Wills Jr Resume Motor Vehicle.docx
[2010/08/15 19:33:09 | 000,061,622 | ---- | C] () -- C:\Documents and Settings\Sampson\Desktop\jetbluetournament.jpg
[2010/08/10 23:50:32 | 000,033,824 | ---- | C] () -- C:\Documents and Settings\Sampson\Desktop\jefftimdavis.JPG
[2010/08/07 09:31:56 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Sampson\Desktop\dds.scr
[2010/07/25 17:53:49 | 000,000,501 | ---- | C] () -- C:\Documents and Settings\Sampson\Application Data\Microsoft\Internet Explorer\Quick Launch\WebCam.lnk
[2010/07/25 17:51:33 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Sampson\Application Data\Microsoft\Internet Explorer\Quick Launch\.lnk
[2010/07/25 17:51:32 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Sampson\Desktop\.lnk
[2010/07/15 22:45:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/07/14 19:58:41 | 000,009,842 | ---- | C] () -- C:\Documents and Settings\Sampson\Desktop\FERGUSON.jpg
[2010/07/05 14:28:37 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/29 07:25:07 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/24 16:00:56 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/16 21:42:01 | 000,005,396 | -HS- | C] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\1508699692
[2010/04/16 21:42:01 | 000,005,396 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1508699692
[2010/04/16 18:11:28 | 000,005,328 | -HS- | C] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\hpx1xUoQ03
[2010/04/16 18:11:28 | 000,005,328 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hpx1xUoQ03
[2010/04/14 06:19:30 | 000,001,164 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Fm8hV5
[2010/04/14 06:19:30 | 000,001,164 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Fm8hV5
[2010/04/10 12:48:46 | 000,016,488 | -HS- | C] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\Sn5p4E4Q
[2010/04/10 07:47:04 | 000,016,508 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sn5p4E4Q
[2010/04/10 07:47:04 | 000,016,488 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Sn5p4E4Q
[2010/04/09 12:16:53 | 000,000,050 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/04/09 11:44:19 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\mouclass.sys4E5EA5B4
[2010/04/08 13:30:36 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2009/02/17 00:42:48 | 000,001,233 | ---- | C] () -- C:\WINDOWS\SASETS.INI
[2009/01/20 19:12:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/30 22:37:26 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/05/16 19:12:30 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2008/04/14 16:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/02/15 16:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2007/10/01 17:59:46 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2007/05/09 18:16:40 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2005/03/28 18:45:26 | 000,000,141 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2002/11/22 06:57:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2002/11/22 06:57:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2002/11/22 06:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2002/11/22 06:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2002/11/22 06:57:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2002/11/22 06:57:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

========== LOP Check ==========

[2009/02/17 00:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010/04/08 13:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/07/24 04:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QUALCOMM
[2010/03/26 21:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/01/10 08:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/04/09 11:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/25 22:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/05 16:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Blackberry Desktop
[2009/07/30 07:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\eSobi
[2009/07/27 13:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\InterVideo
[2009/08/04 05:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Panda Security
[2010/03/05 16:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Research In Motion
[2010/09/20 17:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\uTorrent
[2010/09/25 23:02:12 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/01/20 14:11:40 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/03 21:19:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/09/10 02:26:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/09/25 23:53:40 | 000,019,966 | ---- | M] () -- C:\ComboFix.txt
[2009/01/20 14:11:40 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/09/25 22:56:34 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/20 14:11:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/01/20 14:11:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 16:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 16:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/25 22:56:33 | 1585,446,912 | -HS- | M] () -- C:\pagefile.sys
[2009/01/20 18:14:20 | 000,000,079 | RHS- | M] () -- C:\Preload.aaa
[2009/01/20 14:39:06 | 000,001,623 | ---- | M] () -- C:\RHDSetup.log
[2010/09/25 22:55:47 | 000,037,116 | ---- | M] () -- C:\TDSSKiller.2.4.2.1_25.09.2010_22.54.05_log.txt
[1999/11/11 03:17:54 | 000,000,049 | ---- | M] () -- C:\XPH.TAG

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/01/20 14:11:08 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 23:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008/12/05 02:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/01/20 06:03:20 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/01/20 06:03:20 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/01/20 06:03:20 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/01/20 14:11:46 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/07/24 04:08:08 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Sampson\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/01/20 14:19:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Sampson\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/09/25 23:12:15 | 003,854,099 | R--- | M] () -- C:\Documents and Settings\Sampson\Desktop\ComboFix.exe
[2010/04/16 23:21:14 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Sampson\Desktop\HijackThis.exe
[2010/09/25 12:36:28 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sampson\Desktop\mbam-setup-1.46.exe
[2010/09/25 22:46:53 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\MBRCheck.exe
[2010/09/26 00:34:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sampson\Desktop\OTL.exe
[2010/09/25 12:52:21 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\x0he7ik5.exe
[1 C:\Documents and Settings\Sampson\Desktop\*.tmp files -> C:\Documents and Settings\Sampson\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2008/04/14 16:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/07/24 04:08:08 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Sampson\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/25 23:53:43 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Sampson\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 16:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2007/04/03 03:37:24 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/03 03:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/14 03:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 09:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/03 03:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/03 03:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/03 03:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/03 03:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/03 03:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

wealthymike · 2010/09/25

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
< End of report >
[2010/09/26 00:47:22 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Sampson\ntuser.dat.LOG
[2010/09/26 00:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Desktop
[2010/09/26 00:37:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006UA.job
[2010/09/26 00:34:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sampson\Desktop\OTL.exe
[2010/09/26 00:13:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/25 23:53:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sampson\Local Settings
[2010/09/25 23:53:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/25 23:51:51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/25 23:51:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/25 23:49:51 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/09/25 23:46:02 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Sampson\Application Data
[2010/09/25 23:44:25 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Sampson\Recent
[2010/09/25 23:12:15 | 003,854,099 | R--- | M] () -- C:\Documents and Settings\Sampson\Desktop\ComboFix.exe
[2010/09/25 23:02:12 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/25 22:56:51 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/09/25 22:56:48 | 000,000,718 | ---- | M] () -- C:\WINDOWS\System\akstart.lnk
[2010/09/25 22:56:40 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/25 22:56:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/25 22:56:00 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Sampson\NTUSER.DAT
[2010/09/25 22:56:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Sampson\ntuser.ini
[2010/09/25 22:55:53 | 005,365,750 | -H-- | M] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\IconCache.db
[2010/09/25 22:53:18 | 001,193,882 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\tdsskiller.zip
[2010/09/25 22:46:53 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\MBRCheck.exe
[2010/09/25 12:52:21 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\x0he7ik5.exe
[2010/09/25 12:38:47 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/25 12:36:28 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sampson\Desktop\mbam-setup-1.46.exe
[2010/09/25 11:51:42 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\dds.scr
[2010/09/25 08:37:53 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006Core.job
[2010/09/24 12:14:06 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Sampson\My Documents
[2010/09/24 11:52:14 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Sampson\Cookies
[2010/09/23 10:39:06 | 000,002,304 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\Google Chrome.lnk
[2010/09/23 10:39:06 | 000,002,282 | ---- | M] () -- C:\Documents and Settings\Sampson\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/23 10:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Local Settings\Application Data\Temp
[2010/09/23 10:09:43 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/20 17:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\uTorrent
[2010/09/19 23:04:16 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/17 13:26:37 | 000,000,000 | -HSD | M] -- C:\Program Files\AKProg
[2010/09/17 13:25:13 | 000,000,788 | -HS- | M] () -- C:\WINDOWS\System\actualspystart.lnk
[2010/09/16 03:06:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/16 03:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/09/16 03:05:07 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/14 18:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/09/13 08:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Mozilla
[2010/09/10 02:26:52 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/05 23:22:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/09/05 23:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/09/05 23:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/09/05 03:53:00 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/03 13:46:01 | 000,366,787 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\JeffSuit.png
[2010/09/01 08:49:22 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/01 08:49:22 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/01 08:49:21 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/25 00:04:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/08/23 11:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/08/22 11:21:43 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2010/08/22 11:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/08/12 03:13:32 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/08/12 03:02:38 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/08/04 14:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/08/04 14:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2010/08/03 03:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/08/03 03:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/03 03:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/30 14:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Local Settings\Application Data\Google
[2010/07/27 23:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/07/26 01:13:05 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Sampson\Start Menu
[2010/07/26 01:11:43 | 000,000,000 | ---D | M] -- C:\Program Files\WebCam
[2010/07/19 03:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Local Settings\Application Data\Microsoft
[2010/07/16 00:59:19 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Documents
[2010/07/16 00:59:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/07/15 22:47:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/07/15 22:47:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/07/15 22:46:35 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\DRM
[2010/07/13 00:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/07/05 14:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop
[2010/07/05 14:28:35 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Adobe
[2010/07/05 14:28:02 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/06/29 07:20:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Essentials
[2010/04/19 06:22:01 | 000,060,592 | ---- | M] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/16 21:42:13 | 000,005,328 | -HS- | M] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\hpx1xUoQ03
[2010/04/16 21:42:13 | 000,005,328 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hpx1xUoQ03
[2010/04/16 21:42:02 | 000,005,396 | -HS- | M] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\1508699692
[2010/04/16 21:42:02 | 000,005,396 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1508699692
[2010/04/14 06:19:30 | 000,001,164 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Fm8hV5
[2010/04/14 06:19:30 | 000,001,164 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\Fm8hV5
[2010/04/10 13:25:16 | 000,016,488 | -HS- | M] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\Sn5p4E4Q
[2010/04/10 13:25:16 | 000,016,488 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\Sn5p4E4Q
[2010/04/10 11:47:23 | 000,016,508 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sn5p4E4Q
[2009/01/20 06:04:10 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Sampson\Application Data\desktop.ini
[2009/01/20 06:04:10 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Documents and Settings\Sampson\Desktop\*.tmp files -> C:\Documents and Settings\Sampson\Desktop\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/26 00:37:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006UA.job
[2010/09/26 00:34:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sampson\Desktop\OTL.exe
[2010/09/26 00:13:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/25 23:53:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/25 23:51:51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/25 23:51:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/25 23:12:15 | 003,854,099 | R--- | M] () -- C:\Documents and Settings\Sampson\Desktop\ComboFix.exe
[2010/09/25 23:02:12 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/25 22:56:51 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/09/25 22:56:48 | 000,000,718 | ---- | M] () -- C:\WINDOWS\System\akstart.lnk
[2010/09/25 22:56:40 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/25 22:56:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/25 22:56:34 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/25 22:56:00 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Sampson\NTUSER.DAT
[2010/09/25 22:56:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Sampson\ntuser.ini
[2010/09/25 22:55:53 | 005,365,750 | -H-- | M] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\IconCache.db
[2010/09/25 22:53:18 | 001,193,882 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\tdsskiller.zip
[2010/09/25 22:46:53 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\MBRCheck.exe
[2010/09/25 12:52:21 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\x0he7ik5.exe
[2010/09/25 12:36:28 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sampson\Desktop\mbam-setup-1.46.exe
[2010/09/25 11:51:42 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\dds.scr
[2010/09/25 08:37:53 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006Core.job
[2010/09/23 10:39:06 | 000,002,304 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\Google Chrome.lnk
[2010/09/23 10:39:06 | 000,002,282 | ---- | M] () -- C:\Documents and Settings\Sampson\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/23 10:09:43 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Sampson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/19 23:04:16 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/17 13:25:13 | 000,000,788 | -HS- | M] () -- C:\WINDOWS\System\actualspystart.lnk
[2010/09/16 03:06:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/16 03:05:07 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/10 02:26:52 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/10 02:26:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/09/05 03:53:00 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/03 13:46:01 | 000,366,787 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\JeffSuit.png
[2010/09/01 08:49:22 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/01 08:49:22 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/01 08:49:21 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Documents and Settings\Sampson\Desktop\*.tmp files -> C:\Documents and Settings\Sampson\Desktop\*.tmp -> ]

========== LOP Check ==========

[2009/02/17 00:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010/04/08 13:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/07/24 04:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QUALCOMM
[2010/03/26 21:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/01/10 08:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/04/09 11:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/25 22:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/05 16:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Blackberry Desktop
[2009/07/30 07:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\eSobi
[2009/07/27 13:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\InterVideo
[2009/08/04 05:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Panda Security
[2010/03/05 16:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\Research In Motion
[2010/09/20 17:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sampson\Application Data\uTorrent
[2010/09/25 23:02:12 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/01/20 14:11:40 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/03 21:19:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/09/10 02:26:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/09/25 23:53:40 | 000,019,966 | ---- | M] () -- C:\ComboFix.txt
[2009/01/20 14:11:40 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/09/25 22:56:34 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/20 14:11:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/01/20 14:11:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 16:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 16:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/25 22:56:33 | 1585,446,912 | -HS- | M] () -- C:\pagefile.sys
[2009/01/20 18:14:20 | 000,000,079 | RHS- | M] () -- C:\Preload.aaa
[2009/01/20 14:39:06 | 000,001,623 | ---- | M] () -- C:\RHDSetup.log
[2010/09/25 22:55:47 | 000,037,116 | ---- | M] () -- C:\TDSSKiller.2.4.2.1_25.09.2010_22.54.05_log.txt
[1999/11/11 03:17:54 | 000,000,049 | ---- | M] () -- C:\XPH.TAG

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/01/20 14:11:08 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 23:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008/12/05 02:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/01/20 06:03:20 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/01/20 06:03:20 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/01/20 06:03:20 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/01/20 14:11:46 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/07/24 04:08:08 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Sampson\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/01/20 14:19:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Sampson\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/09/25 23:12:15 | 003,854,099 | R--- | M] () -- C:\Documents and Settings\Sampson\Desktop\ComboFix.exe
[2010/04/16 23:21:14 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Sampson\Desktop\HijackThis.exe
[2010/09/25 12:36:28 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sampson\Desktop\mbam-setup-1.46.exe
[2010/09/25 22:46:53 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\MBRCheck.exe
[2010/09/26 00:34:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sampson\Desktop\OTL.exe
[2010/09/25 12:52:21 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Sampson\Desktop\x0he7ik5.exe
[1 C:\Documents and Settings\Sampson\Desktop\*.tmp files -> C:\Documents and Settings\Sampson\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2008/04/14 16:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/07/24 04:08:08 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Sampson\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/25 23:53:43 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Sampson\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 16:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2007/04/03 03:37:24 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/03 03:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/14 03:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 09:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/03 03:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/03 03:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/03 03:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/03 03:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/03 03:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

< End of report >

wealthymike · 2010/09/25

OTL Extras logfile created on: 9/26/2010 12:38:06 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Sampson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 480.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.20 Gb Total Space | 115.77 Gb Free Space | 80.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-E817FAE0D8
Current User Name: Sampson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5910:TCP" = 5910:TCP:*:Enabled:vnc5910

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Sampson\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Sampson\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Sampson\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Sampson\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Sampson\Local Settings\Application Data\CrossLoop\vncviewer.exe" = C:\Documents and Settings\Sampson\Local Settings\Application Data\CrossLoop\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{34A350D1-64FB-36D8-9D0C-1CD8E392DBA5}" = Google Talk Plugin
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B38A008F-21AA-4478-AE9C-D53976959F6E}" = Qualcomm Gobi Driver Package
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F943FB25-4CC8-4EDD-A498-D6688466AFA7}" = Qualcomm Gobi Images
"{FDCBB7C3-57ED-4A6C-849F-E66026CE918A}" = Acer 3G Connection Manager
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Actual Keylogger_is1" = Actual Keylogger 2.3
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CrossLoop_is1" = CrossLoop 2.71
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/25/2010 7:56:46 PM | Computer Name = ACER-E817FAE0D8 | Source = ESENT | ID = 489
Description = wuauclt (2792) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log "
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 9/25/2010 7:56:46 PM | Computer Name = ACER-E817FAE0D8 | Source = ESENT | ID = 455
Description = wuaueng.dll (2792) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 9/25/2010 7:57:36 PM | Computer Name = ACER-E817FAE0D8 | Source = ESENT | ID = 489
Description = wuauclt (1380) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log "
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 9/25/2010 7:57:36 PM | Computer Name = ACER-E817FAE0D8 | Source = ESENT | ID = 455
Description = wuaueng.dll (1380) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 9/25/2010 7:57:46 PM | Computer Name = ACER-E817FAE0D8 | Source = ESENT | ID = 489
Description = wuauclt (1380) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log "
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 9/25/2010 7:57:46 PM | Computer Name = ACER-E817FAE0D8 | Source = ESENT | ID = 455
Description = wuaueng.dll (1380) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 9/25/2010 7:58:21 PM | Computer Name = ACER-E817FAE0D8 | Source = ESENT | ID = 489
Description = wuauclt (3004) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log "
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 9/25/2010 7:58:21 PM | Computer Name = ACER-E817FAE0D8 | Source = ESENT | ID = 455
Description = wuaueng.dll (3004) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 9/25/2010 7:58:31 PM | Computer Name = ACER-E817FAE0D8 | Source = ESENT | ID = 489
Description = wuauclt (3004) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log "
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 9/25/2010 7:58:31 PM | Computer Name = ACER-E817FAE0D8 | Source = ESENT | ID = 455
Description = wuaueng.dll (3004) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

[ System Events ]
Error - 9/25/2010 8:55:40 PM | Computer Name = ACER-E817FAE0D8 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 9/25/2010 8:55:40 PM | Computer Name = ACER-E817FAE0D8 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 9/25/2010 10:44:37 PM | Computer Name = ACER-E817FAE0D8 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 9/25/2010 10:44:37 PM | Computer Name = ACER-E817FAE0D8 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 9/25/2010 10:45:54 PM | Computer Name = ACER-E817FAE0D8 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Background Intelligent Transfer
Service service, but this action failed with the following error: %%1056

Error - 9/25/2010 10:45:54 PM | Computer Name = ACER-E817FAE0D8 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 9/25/2010 10:55:49 PM | Computer Name = ACER-E817FAE0D8 | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.91.399.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6201.0 Error
code: 0x80070643 Error description: Fatal error during installation.

Error - 9/25/2010 10:55:59 PM | Computer Name = ACER-E817FAE0D8 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Microsoft Security Essentials - KB972696
(Definition 1.91.612.0).

Error - 9/25/2010 10:56:53 PM | Computer Name = ACER-E817FAE0D8 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 9/25/2010 11:12:48 PM | Computer Name = ACER-E817FAE0D8 | Source = Service Control Manager | ID = 7034
Description = The CrossLoop Service service terminated unexpectedly. It has done
this 1 time(s).

< End of report >

Log in or Sign up

Inactive Google Redirect and Audio/Internet Connection randomly Stopping

wealthymike Inactive Thread Starter

wealthymike Inactive Thread Starter

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

wealthymike Inactive Thread Starter

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

wealthymike Inactive Thread Starter

wealthymike Inactive Thread Starter

Share This Page

Log in or Sign up

Inactive Google Redirect and Audio/Internet Connection randomly Stopping

wealthymike Inactive Thread Starter

wealthymike Inactive Thread Starter

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

wealthymike Inactive Thread Starter

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

wealthymike Inactive Thread Starter

wealthymike Inactive Thread Starter

Share This Page

Useful Searches