Solved Problems when booting up [Rootkit]

Caveman · 2011/02/07

It is getting as far 'Press any key to boot from CD' but when I do press a key, it freezes.
The read light on the drive isn't even flashing.

broni · 2011/02/07

Was the drive working before?

Caveman · 2011/02/07

Yes. Right, we've just had a 15 minute power failure and my PC has booted up again. It does not appear to have saved a log file, so I will run it again then post the log files.
Thanks for your help so far - I'm truly grateful.

Caveman · 2011/02/07

Ok, the Combofix has completed and the logfile has saved. There were a few problems when it rebooted the system. It came back on with no internet connection, so I tried to reboot as stated. Once again, it will not start. So, I can't post the log files yet. I will try again in the morning.
The one thing that I did notice was when it did reboot, the date and time were reset to 00:00 on 1 Jan 2006 - the ComboFix log also noted that as date and time.

broni · 2011/02/07

Keep me posted on your progress.
We may have some other issues on a top of an infection.

Caveman · 2011/02/08

It won't start this morning. I will try again this evening after work & keep you posted.

broni · 2011/02/08

OK. Going to bed anyway
When you have a chance, let me know what exactly happens, when you try to start it.

Caveman · 2011/02/08

Ok. I finally got my PC up and running, but there is no internet. My Wireless Manager & Wireless Connection both seem fine, but it will not pick up my network. Might Combofix have something to do with this? Anyway, here are the logs via the laptop....

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xF62B1000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 9891840 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 266.58 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6397952 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 266.58 )
0xF3C20000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4599808 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF735C000 PCI_PNP8050 995328 bytes
0xF735C000 spoy.sys 995328 bytes
0xF735C000 sptd 995328 bytes
0xF71F8000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF37BE000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xF38FC000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF61AB000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF3B48000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB7011000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xF3839000 C:\WINDOWS\system32\DRIVERS\RTL8187B.sys 344064 bytes (Realtek Semiconductor Corporation , Realtek RTL8187B NDIS Driver)
0xF38B5000 C:\WINDOWS\System32\Drivers\aswSP.SYS 290816 bytes (AVAST Software, avast! self protection module)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB69F1000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF7316000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB743E000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF71CB000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF3995000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF396C000 C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 167936 bytes (Trusteer Ltd., RapportPG)
0xF3AD2000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF3B22000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF6231000 C:\WINDOWS\System32\DRIVERS\HDAudBus.sys 151552 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xF3BFC000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6256000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF627A000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF3AB0000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF72AE000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF72E6000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF71B1000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF72CE000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF37A6000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xAF1A3000 C:\DOCUME~1\STUART~1\LOCALS~1\Temp\fxrcypog.sys 98304 bytes
0xF7344000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB7AAB000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF7285000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF621A000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB7401000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF629D000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF3BA1000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF729C000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7305000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6209000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF6C90000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7650000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7680000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7550000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7690000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7780000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF7730000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7660000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB789B000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7720000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7560000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF75D0000 RapportKELL.sys 57344 bytes (Trusteer Ltd., RapportKE)
0xF77A0000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xF75B0000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76A0000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7590000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF6C70000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xF7670000 C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys 49152 bytes (VIA Technologies, Inc. , NDIS 5.0 miniport driver)
0xF76C0000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF77B0000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7640000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7580000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76B0000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7750000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xB7BEA000 C:\WINDOWS\system32\DRIVERS\EAPPkt.sys 40960 bytes (Windows (R) 2000 DDK provider, NDIS User mode I/O Driver)
0xF7570000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7700000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF76E0000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF75A0000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF6C80000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7630000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF76D0000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7770000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA5E58000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7760000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF75C0000 xfilt.sys 36864 bytes (VIA Technologies,Inc, ATA/ATAPI devices hot-plug monitor)
0xF7950000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xF7830000 C:\WINDOWS\system32\drivers\npf.sys 32768 bytes (CACE Technologies, npf)
0xF78D8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF78E8000 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys 32768 bytes (Trusteer Ltd., RapportCerberus)
0xF7930000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7858000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF77E0000 videX32.sys 32768 bytes (VIA Technologies, Inc., VIA Generic PCI IDE Bus Driver)
0xF78C0000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7940000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xB72E3000 C:\DOCUME~1\STUART~1\LOCALS~1\Temp\mbr.sys 28672 bytes
0xF77D0000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF78F8000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7888000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7890000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7850000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF78C8000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7938000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xB730B000 C:\WINDOWS\System32\Drivers\AFGSp50.sys 20480 bytes (Printing Communications Assoc., Inc. (PCAUSA), PCAUSA NDIS 5.0 SPR Protocol Driver)
0xF78E0000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF78D0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF77D8000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7878000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7880000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7870000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7828000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF39C0000 C:\WINDOWS\System32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7169000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB7CAE000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB221B000 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\21923\RapportIaso.sys 16384 bytes (Trusteer Ltd., RapportIaso)
0xF7179000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB7E02000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF7960000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF389D000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF39C8000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF38B1000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7175000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7A3C000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7AB2000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B0C000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7AB0000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A50000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7AB4000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7AB6000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7A9C000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7A56000 C:\WINDOWS\System32\Drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A54000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7A52000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C2E000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7BF3000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7B9E000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B18000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x873D71F8 unknown_irp_handler 3592 bytes
0x8713D1F8 unknown_irp_handler 3592 bytes
0x873681F8 unknown_irp_handler 3592 bytes
0x86C701F8 unknown_irp_handler 3592 bytes
0x86C521F8 unknown_irp_handler 3592 bytes
0x870D7500 unknown_irp_handler 2816 bytes
0x870ED500 unknown_irp_handler 2816 bytes
0x86C3D500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]

Caveman · 2011/02/08

Now the Combofix log...

ComboFix 11-02-06.02 - Stuart Brodie 07/02/2011 21:58:39.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.567 [GMT 0:00]
Running from: c:\documents and settings\Stuart Brodie\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\page
c:\documents and settings\All Users\Application Data\page\page.ico
c:\documents and settings\All Users\Application Data\page\page.URL
c:\documents and settings\Stuart Brodie\Application Data\PriceGong
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Stuart Brodie\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Stuart Brodie\Error.log
c:\documents and settings\Stuart Brodie\Favorites\Games.url
c:\program files\Common Files\Temp
c:\program files\Common Files\Temp\Magic Academy II SETUP.exe
c:\program files\Common Files\Temp\unins000.dat
c:\program files\Common Files\Temp\unins000.exe
c:\program files\INSTALL.LOG
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\ndl.dl
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2005-12-01 to 2006-01-01 )))))))))))))))))))))))))))))))
.

2011-01-18 15:32 . 2011-01-18 15:32 -------- d-----w- C:\NVIDIA
2010-10-12 16:40 . 2010-10-23 12:54 -------- d-----w- C:\full version games
2010-10-12 16:28 . 2010-10-17 12:41 -------- d-----w- C:\Westwood
2010-08-01 16:31 . 2010-08-01 16:31 -------- d-----w- C:\Nexon
2010-06-09 13:01 . 2010-06-09 13:02 -------- d-----w- C:\74cb28dc27f73871256603b9ca
2010-06-09 11:31 . 2010-06-09 12:03 -------- d-----w- C:\4b9b9d8060099f6795dc8bc8
2010-06-09 11:31 . 2010-06-09 12:01 -------- d-----w- C:\cd350e8c21c6926501311f24c119
2010-06-09 08:30 . 2010-06-09 12:03 -------- d-----w- C:\d3c5d6b4226ad375572120ed
2010-04-27 18:52 . 2010-12-06 07:40 -------- d-----w- C:\ProgramData
2010-03-01 18:04 . 2010-03-01 18:08 17408 ----a-w- C:\psapi.dll
2010-02-21 10:20 . 2003-03-18 21:20 1060864 ----a-w- C:\mfc71.dll
2010-02-14 08:48 . 2010-02-14 08:48 -------- d-----w- C:\Sierra
2010-02-13 20:00 . 2010-02-13 20:00 -------- d-----w- C:\VJVod_Cache
2010-02-06 16:29 . 2010-02-06 16:30 -------- d-----w- C:\d6fe78b246c18f981d6ff010264dbe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-09 14:52 . 2003-03-31 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2003-03-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2003-03-31 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2003-03-31 12:00 40960 ------w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2003-03-31 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2003-03-31 12:00 1853312 ------w- c:\windows\system32\win32k.sys
2010-09-18 11:23 . 2003-03-31 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2003-03-31 12:00 974848 ------w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2003-03-31 12:00 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2003-03-31 12:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-08-27 08:02 . 2003-03-31 12:00 119808 ------w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2003-03-31 12:00 99840 ------w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2003-03-31 12:00 357248 ------w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2003-03-31 12:00 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2003-03-31 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-16 12:05 . 2003-03-31 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2010-06-30 12:31 . 2003-03-31 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-18 17:45 . 2003-03-31 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2010-06-17 14:03 . 2003-03-31 12:00 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-15 16:17 . 2003-03-31 12:00 143422 ------w- c:\windows\system32\l3codecx.ax
2010-06-14 14:31 . 2010-02-04 21:46 744448 ----a-w- c:\windows\pchealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2003-03-31 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-04-27 13:59 . 2003-03-31 12:00 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-04-27 13:05 . 2002-08-29 01:04 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-04-16 15:36 . 2003-03-31 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2010-03-29 23:52 . 2003-03-31 12:00 262416 ------w- c:\windows\system32\mpg4ds32.ax
2010-03-10 06:15 . 2003-03-31 12:00 420352 ------w- c:\windows\system32\vbscript.dll
2010-03-05 14:37 . 2003-03-31 12:00 65536 ------w- c:\windows\system32\asycfilt.dll
2010-02-24 13:11 . 2003-03-31 12:00 455680 ------w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-12 04:33 . 2003-03-31 12:00 100864 ------w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2003-03-31 12:00 226880 ------w- c:\windows\system32\drivers\tcpip6.sys
2010-01-29 14:43 . 2003-03-31 12:00 307260 ------w- c:\windows\system32\l3codeca.acm
2010-01-13 14:01 . 2003-03-31 12:00 86016 ------w- c:\windows\system32\cabview.dll
2009-12-24 06:59 . 2003-03-31 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2009-12-14 07:08 . 2003-03-31 12:00 33280 ------w- c:\windows\system32\csrsrv.dll
2009-11-27 16:07 . 2003-03-31 12:00 28672 ------w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ------w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2003-03-31 12:00 84992 ------w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2003-03-31 12:00 11264 ------w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2001-08-17 22:36 48128 ------w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2003-03-31 12:00 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2009-10-21 05:38 . 2004-08-04 07:56 75776 ------w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ------w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-15 16:28 . 2003-03-31 12:00 81920 ------w- c:\windows\system32\fontsub.dll
2009-10-13 10:30 . 2003-03-31 12:00 270336 ------w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2003-03-31 12:00 149504 ------w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2003-03-31 12:00 79872 ------w- c:\windows\system32\raschap.dll
2009-10-08 14:57 . 2003-03-31 12:00 220160 ------w- c:\windows\system32\oleacc.dll
2009-10-08 14:56 . 2003-03-31 12:00 20480 ------w- c:\windows\system32\oleaccrc.dll
2009-09-11 14:18 . 2003-03-31 12:00 136192 ------w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2003-03-31 12:00 58880 ------w- c:\windows\system32\msasn1.dll
2009-09-01 14:46 . 2003-03-31 12:00 282654 ------w- c:\windows\system32\msaud32.acm
2009-08-26 08:00 . 2003-03-31 12:00 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-06 19:24 . 2003-03-31 12:00 96480 ------w- c:\windows\system32\cdm.dll
2009-07-17 19:01 . 2003-03-31 12:00 58880 ------w- c:\windows\system32\atl.dll
2009-07-17 16:22 . 2003-03-31 12:00 1435648 ------w- c:\windows\system32\query.dll
2009-07-13 23:43 . 2004-08-04 07:56 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-06-25 08:25 . 2003-03-31 12:00 730112 ------w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2003-03-31 12:00 56832 ------w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2003-03-31 12:00 54272 ------w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2003-03-31 12:00 301568 ------w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2003-03-31 12:00 92928 ------w- c:\windows\system32\drivers\ksecdd.sys
2009-06-12 12:31 . 2003-03-31 12:00 76288 ------w- c:\windows\system32\telnet.exe
2009-06-10 06:14 . 2003-03-31 12:00 132096 ------w- c:\windows\system32\wkssvc.dll
2009-05-07 15:32 . 2003-03-31 12:00 345600 ------w- c:\windows\system32\localspl.dll
2009-04-01 23:02 . 2004-08-04 07:56 604160 ------w- c:\windows\system32\wmspdmod.dll
2009-03-08 04:33 . 2003-03-31 12:00 18944 ------w- c:\windows\system32\corpol.dll
2009-03-08 04:32 . 2003-03-31 12:00 72704 ------w- c:\windows\system32\admparse.dll
2009-03-08 04:32 . 2003-03-31 12:00 71680 ------w- c:\windows\system32\iesetup.dll
2009-03-08 04:31 . 2003-03-31 12:00 34816 ------w- c:\windows\system32\imgutil.dll
2009-03-08 04:31 . 2003-03-31 12:00 48128 ------w- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 . 2003-03-31 12:00 45568 ------w- c:\windows\system32\mshta.exe
2009-03-08 04:31 . 2003-03-31 12:00 1638912 ------w- c:\windows\system32\mshtml.tlb
2009-03-08 04:30 . 2003-03-31 12:00 66560 ------w- c:\windows\system32\tdc.ocx
2009-03-08 04:22 . 2003-03-31 12:00 156160 ------w- c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2003-03-31 12:00 284160 ------w- c:\windows\system32\pdh.dll
2009-02-27 04:56 . 2003-03-31 12:00 177152 ------w- c:\windows\system32\msctfime.ime
2009-02-09 12:10 . 2003-03-31 12:00 714752 ------w- c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2003-03-31 12:00 617472 ------w- c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2003-03-31 12:00 401408 ------w- c:\windows\system32\rpcss.dll
2009-02-06 11:11 . 2003-03-31 12:00 110592 ------w- c:\windows\system32\services.exe
2009-02-06 10:39 . 2003-03-31 12:00 35328 ------w- c:\windows\system32\sc.exe
2008-10-23 12:36 . 2003-03-31 12:00 286720 ------w- c:\windows\system32\gdi32.dll
2008-09-17 20:17 . 2000-05-22 16:58 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2008-08-14 10:04 . 2003-03-31 12:00 138496 ------w- c:\windows\system32\drivers\afd.sys
2008-07-07 20:26 . 2003-03-31 12:00 253952 ------w- c:\windows\system32\es.dll
2008-06-24 16:43 . 2003-03-31 12:00 74240 ------w- c:\windows\system32\mscms.dll
2008-06-20 17:46 . 2003-03-31 12:00 245248 ------w- c:\windows\system32\mswsock.dll
2008-06-20 11:51 . 2003-03-31 12:00 361600 ------w- c:\windows\system32\drivers\tcpip.sys
2008-06-18 05:03 . 2003-03-31 12:00 938496 ------w- c:\windows\system32\WMNetmgr.dll
2008-06-18 01:09 . 2003-03-31 12:00 100864 ------w- c:\windows\system32\logagent.exe
2008-06-13 11:05 . 2004-08-04 06:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2008-06-12 14:23 . 2003-03-31 12:00 66560 ------w- c:\windows\system32\mtxclu.dll
2008-05-09 23:23 . 2003-03-31 12:00 135168 ------w- c:\windows\system32\wshom.ocx
2008-05-09 10:53 . 2003-03-31 12:00 90112 ------w- c:\windows\system32\wshext.dll
2008-05-09 10:53 . 2003-03-31 12:00 172032 ------w- c:\windows\system32\scrrun.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"igndlm.exe "= "c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL "= "RTHDCPL.EXE" [2007-07-05 16380416]
"Wireless Manager "= "c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"Name of App "= "c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2010-08-04 692317]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"PWRISOVM.EXE "= "c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2008-02-29 76304]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"TkBellExe "= "c:\program files\real\realplayer\update\realsched.exe" [2010-12-22 274608]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz "= "c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"ctfmon.exe "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-6-2 805392]
Micronet SP907GK Wireless Network Utility.lnk - c:\program files\Micronet SP907GK Wireless Network Utility\RtWLan.exe [2010-2-6 794624]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameShadow]
2010-08-04 23:18 667928 ----a-w- c:\program files\GameShadow\GameShadow.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe "=
"c:\\Program Files\\Ubisoft\\Gearbox Software\\BrothersInArms\\System\\bia.exe "=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe "=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe "=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2 (2).exe "=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe "=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\conviction_game.exe "=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\gu.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\GameShadow\\GameShadow.exe "=
"c:\\Program Files\\GameShadow\\GSDownload.exe "=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd "=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD "=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe "=
"c:\nexon\Combat Arms EU\CombatArms.exe "= c:\nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms EU\\NMService.exe "=
"c:\\Program Files\\SopCast\\SopCast.exe "=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe "=
"c:\\Program Files\\USArmy\\America's Army 3\\Binaries\\AA3Game.exe "=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\nexon\Combat Arms EU\Engine.exe "= c:\nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP "= 5985:TCP:*isabled:Windows Remote Management

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [03/10/2010 22:43 59240]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/03/2010 20:27 691696]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [03/10/2010 22:54 34792]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 22:43 169320]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [23/06/2009 17:40 127352]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [06/02/2010 15:02 38144]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [29/08/2010 09:23 583640]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/10/2010 22:43 767208]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [06/02/2010 16:49 342784]
S0 SahdIa32;HDD Filter Driver;c:\windows\system32\Drivers\SahdIa32.sys --> c:\windows\system32\Drivers\SahdIa32.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [09/04/2010 16:25 136176]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [06/02/2010 12:17 26752]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\21923\RapportIaso.sys [27/12/2010 14:47 12928]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [31/03/2003 12:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
WINRM REG_MULTI_SZ WINRM

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 13:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2011-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2006-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-09 16:25]

2011-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-09 16:25]

2006-01-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-117609710-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]

2011-02-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-117609710-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - hxxp://downloads.virginmedia.com/CST/ver1/xp_mail.cab
FF - ProfilePath - c:\documents and settings\Stuart Brodie\Application Data\Mozilla\Firefox\Profiles\zigbgyy8.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: PlaySushi TextLinks : textlinks@playsushi.com - %profile%\extensions\textlinks@playsushi.com
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
.
------- File Associations -------
.
.txt=NFOPad
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Ancient Rome1.0 - c:\program files\Games\uninstall.exe
AddRemove-Build A Lot1.0 - c:\program files\Games\uninstall.exe
AddRemove-Every Day Genius Square Logic1.0 - c:\program files\Games\uninstall.exe
AddRemove-I Spy Mystery1.0 - c:\program files\Games\uninstall.exe
AddRemove-Magic Academy II_is1 - c:\program files\Common Files\Temp\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2006-01-01 00:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1935655697-117609710-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"?? "=hex:6c,a3,cf,f9,f8,64,2d,bb,f3,5b,08,32,63,76,eb,61,62,cf,bd,e2,d8,51,f1,
97,51,1a,01,a8,31,73,d4,fa,76,cb,ca,83,19,03,3c,9b,9e,23,46,a8,c0,8d,41,9d,\
"?? "=hex:c9,f4,9d,d7,7c,bf,d2,b6,a0,55,4e,c9,16,1e,a9,d0

[HKEY_USERS\S-1-5-21-1935655697-117609710-725345543-1004\Software\SecuROM\License information*]
"datasecu "=hex:62,d3,11,89,c9,0f,7a,35,86,10,0a,69,af,fc,02,db,11,8f,8f,6b,5b,
2b,7d,48,6b,28,8f,c5,07,f2,b1,1c,1e,82,03,30,7b,6d,0b,39,be,18,36,e9,c3,e0,\
"rkeysecu "=hex:e4,45,6a,54,fc,80,6b,74,6d,f6,ee,7e,db,4a,57,51

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(952)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2528)
c:\windows\system32\WININET.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\dfshim.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvsvc32.exe
c:\program files\Virgin Broadband Wireless\AffinegyService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Virgin Broadband Wireless\ndis_events.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2006-01-01 00:12:37 - machine was rebooted
ComboFix-quarantined-files.txt 2006-01-01 00:12

Pre-Run: 61,847,408,640 bytes free
Post-Run: 64,718,295,040 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 63832A3D420A9A669D06CB5DA32A416A

broni · 2011/02/08

Combofix log looks clean now.

Let's check your connection issue...

Did you try to hardwire your computer to the router?

1. Go Start>Run ( "Start search" in Vista and Win 7), type in:
cmd
Click OK (hit Enter in Vista and Win 7).

2. At Command Prompt type in (or copy and paste):

cmd /c ping google.com>%temp%\$.$&notepad %temp%\$.$

and press Enter.

3. Notepad will open.

4. Copy all text in Notepad ([Ctrl-A], then [Ctrl-C]), and then post it (paste = [Ctrl-V]) in your next reply.

=========================================================================

1. Go Start>Run ( "Start search" in Vista and Win 7), type in:
cmd
Click OK (hold CTRL nad SHIFT keys and press Enter in Vista and Win 7).

2. At Command Prompt, paste this:
ipconfig /all>c:\ipconfig_all.txt&notepad c:\ipconfig_all.txt&exit
Hit Enter.

3. Copy and paste what you see in Notepad into a Reply here.

Caveman · 2011/02/09

I'm not able to hardwire the computer - the dog chewed the cable and the pc is in a different room.
I've copied the 2......Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Stuart Brodie>
C:\Documents and Settings\Stuart Brodie>

The process cannot access the file because it is being used by another process.

__________________________________________________________________________

Windows IP Configuration

Host Name . . . . . . . . . . . . : irongiant

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : VIA Rhine II Fast Ethernet Adapter

Physical Address. . . . . . . . . : 00-19-DB-29-81-97

Ethernet adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter

Physical Address. . . . . . . . . : 00-11-3B-17-C5-D7

I'm very reluctant at the moment to try to reboot again, but if you think that might help, I'll give it a try.

broni · 2011/02/09

The process cannot access the file because it is being used by another process.
Click to expand...

Where is the above message from?

Do you have any errors in Device Manager regarding network adapters?

Caveman · 2011/02/09

Sorry - I copied that from the black box after I entered the line you stated.
Device manager shows all adapters working properly.

broni · 2011/02/09

Let's try some basic steps....

Make sure, your computer is set to obtain IP address automatically.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol (TCP/IP), make sure it is checked, and then click Properties
6. Click Obtain an IP Address Automatically, and then click OK.

If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

If that doesn't work, bypass router, and connect computer straight to the modem.

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client "
net start "dns client "

Restart computer.

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.

If that doesn't work...
Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista and 7)
Restart computer, and check again.

If that doesn't work...
Download Dial-A-Fix (DAF) (doesn't work in Vista and 7):
http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles

Have XP CD available in case DAF needs a file. Likely not!

Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here, one at a time, do the below:

Reinstall BITS
Reinstall Windows Firewall
Repair Permissions
Reset networking

Watch for any File not found or other errors and make note as this may lead to the fix!

Restart computer.

Caveman · 2011/02/09

I've got as far as the second step, but still nothing. I rebooted and more trouble getting it to start - I had to keep resetting the the power for about 5 minutes.
My Wireless Manager box is telling me that it cannot find my network, yet the laptop right next to it is working fine.
I will continue with the other steps, but I know I'm going to have problems on the various rebooting steps.
Might reinstalling Windows instead cure this problem?

broni · 2011/02/09

As I mentioned earlier, you may have some other issues. Hardware?
At this point, your computer should be pretty much malware free.

Caveman · 2011/02/09

I've done step 3, rebooted and....it won't boot up. I'm beginning to think that there is a hardware problem as well (motherboard?)
Once (if) I get it back up, I'll try the next step, but I am thinking that it may have to go to a shop.

broni · 2011/02/09

Keep me posted...

Caveman · 2011/02/12

I have completed all the steps you listed, but still no connection.
The Dial-a-Fix brought up a number of errors, but according to their forums the error 127 codes I got are due to the program not recognizing IE8.

The last thing I can think of is maybe to try and re-install my ISP's wireless manager program.

broni · 2011/02/12

Please, re-run both commands from my reply #30.

You may also try to uninstall/reinstall wireless adapter driver.

I'd be also helpful, if you could get some ethernet cable and see, if wired connection works.

Log in or Sign up

Solved Problems when booting up [Rootkit]

Caveman Inactive Thread Starter

broni Moderator Malware Analyst

Caveman Inactive Thread Starter

Caveman Inactive Thread Starter

broni Moderator Malware Analyst

Caveman Inactive Thread Starter

broni Moderator Malware Analyst

Caveman Inactive Thread Starter

Caveman Inactive Thread Starter

broni Moderator Malware Analyst

Caveman Inactive Thread Starter

broni Moderator Malware Analyst

Caveman Inactive Thread Starter

broni Moderator Malware Analyst

Caveman Inactive Thread Starter

broni Moderator Malware Analyst

Caveman Inactive Thread Starter

broni Moderator Malware Analyst

Caveman Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Problems when booting up [Rootkit]

Caveman Inactive Thread Starter

broni Moderator Malware Analyst

Caveman Inactive Thread Starter

Caveman Inactive Thread Starter

broni Moderator Malware Analyst

Caveman Inactive Thread Starter

broni Moderator Malware Analyst

Caveman Inactive Thread Starter

Caveman Inactive Thread Starter

broni Moderator Malware Analyst

Caveman Inactive Thread Starter

broni Moderator Malware Analyst

Caveman Inactive Thread Starter

broni Moderator Malware Analyst

Caveman Inactive Thread Starter

broni Moderator Malware Analyst

Caveman Inactive Thread Starter

broni Moderator Malware Analyst

Caveman Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches