Solved trojan / "Object is inaccessible."

I am just wondering if Spybot tea-Timer might not have something to do with this.
It has a very bad habit of re-instating entries that have been removed, be they good or bad.
Only way to find out is to uninstall Spybot and reboot. Then download the latest OTL and Combofix and run them.
May not be the case, but it has got me before .

 

ok wll give it a try as u said spybot dont do that much anyways

 

here we go here is OTL log
OTL logfile created on: 8/8/2010 8:07:59 PM - Run 6
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 17.03 Gb Free Space | 43.59% Space Free | Partition Type: NTFS
Drive D: | 109.99 Gb Total Space | 35.31 Gb Free Space | 32.10% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-8WI9D3OO4Q
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/08 20:06:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
PRC - [2010/07/22 17:18:09 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/07/21 18:59:20 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/17 09:29:21 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/17 09:29:17 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/17 09:29:17 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/17 09:29:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/17 09:28:18 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/17 09:28:17 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/26 17:55:04 | 001,486,848 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe


========== Modules (SafeList) ==========

MOD - [2010/08/08 20:06:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
MOD - [2008/04/14 10:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService)
SRV - [2010/07/21 18:59:20 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/17 09:29:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/01/07 13:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 13:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/11/06 08:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/07/17 09:29:19 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 09:28:18 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 10:05:22 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/26 17:02:31 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/24 02:31:01 | 000,106,432 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/19 13:04:28 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 13:04:27 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/11 17:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/01/07 13:22:02 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2010/01/02 03:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/02/13 14:22:54 | 000,095,576 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/14 04:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/10/06 15:17:34 | 000,280,576 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
DRV - [2005/05/18 19:50:30 | 002,319,680 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/03/04 13:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/04 15:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/10/15 17:52:50 | 000,174,530 | R--- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)
DRV - [2003/07/02 06:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/webhp?hl=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/06/26 14:00:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/06/26 14:00:13 | 000,000,000 | ---D | M]

[2009/11/22 09:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2009/11/22 09:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/08/07 09:49:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {81fdd779-57e9-0539-b8cd-d06cb867e3fd} - No CLSID value found.
O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - C:\WINDOWS\System32\MrvGINA.dll (Marvell(R))
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/10 11:24:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/08 20:06:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2010/08/08 09:38:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/07 09:39:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/05 17:22:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/05 17:22:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/05 17:22:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/05 17:22:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/05 17:21:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/04 21:17:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dave\Recent
[2010/08/03 20:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/08/03 20:32:30 | 000,000,000 | ---D | C] -- C:\rsit
[2010/08/03 20:18:49 | 001,170,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dave\Desktop\TDSSKiller.exe
[2010/08/03 16:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\GooredFix Backups
[2010/08/03 16:44:44 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Dave\Desktop\GooredFix.exe
[2010/07/31 22:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\DoctorWeb
[2010/07/31 21:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/27 20:51:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/26 16:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2010/07/25 10:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/07/23 22:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/23 22:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/23 22:48:04 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/23 22:48:04 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/23 22:48:04 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/23 22:48:04 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/23 21:05:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/22 19:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\Malwarebytes
[2010/07/22 19:16:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/22 19:16:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/22 19:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/22 19:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/21 21:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\uealgoipr
[2010/07/21 21:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/21 21:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/21 20:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\xetblruxy
[2010/07/21 20:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\8926D9C51CB41E81AD43AAED097E3035
[2010/07/21 19:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/17 17:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\videos
[2010/07/17 09:29:17 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/16 15:37:41 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\Pcdlib32.dll
[2010/07/16 15:29:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\_ISTMP2.DIR
[2010/07/16 15:29:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\_ISTMP1.DIR
[2010/07/11 16:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\hl
[2010/07/06 19:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\New Folder
[2010/07/03 16:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\etax2010
[2010/06/26 13:59:32 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/06/26 13:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/06/26 13:58:52 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2010/06/26 13:58:51 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2010/06/26 13:58:49 | 000,022,528 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2010/06/26 13:58:48 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2010/06/26 13:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/06/06 11:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/06/06 11:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/05/20 19:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/05/18 19:53:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/05/18 19:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\My Documents\E52
[2010/05/18 18:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\Nokia
[2010/05/18 18:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\NokiaAccount

========== Files - Modified Within 90 Days ==========

[2010/08/08 20:07:40 | 003,816,974 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\ComboFix.exe
[2010/08/08 20:06:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2010/08/08 20:02:26 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/08 20:02:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/08 20:02:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/08 20:02:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/08 20:01:14 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\Dave\NTUSER.DAT
[2010/08/08 20:01:14 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Dave\ntuser.ini
[2010/08/08 20:01:09 | 004,312,490 | -H-- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\IconCache.db
[2010/08/08 19:34:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/08 19:12:11 | 000,869,051 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\SecurityCheck.exe
[2010/08/08 17:56:23 | 063,049,242 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/08 09:41:57 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\gmer.zip
[2010/08/07 14:34:13 | 000,093,580 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\reciept.jpg
[2010/08/07 09:51:24 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/07 09:49:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/05 16:49:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/04 21:13:25 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/03 20:32:01 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\RSIT.exe
[2010/08/03 16:44:44 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Dave\Desktop\GooredFix.exe
[2010/08/01 16:22:40 | 000,000,161 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\fixme.reg
[2010/07/31 22:19:59 | 048,022,216 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\drweb-cureit.exe
[2010/07/27 20:51:23 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/26 18:15:26 | 000,051,334 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\29856_1412723292538_1666219019_995475_2027858_n.jpg
[2010/07/25 13:55:50 | 000,109,184 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\DAVE 2010.TAX
[2010/07/25 13:50:37 | 000,108,120 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\DAVE 2010.BAK
[2010/07/25 13:03:41 | 000,001,704 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\e-tax 2010.lnk
[2010/07/23 22:17:42 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\SystemLook.exe
[2010/07/23 16:46:42 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\dds.scr
[2010/07/22 21:24:58 | 000,001,165 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/22 21:24:58 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/07/22 16:11:12 | 001,170,256 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dave\Desktop\TDSSKiller.exe
[2010/07/19 21:48:49 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\vso_ts_preview.xml
[2010/07/19 14:58:04 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/07/19 12:39:25 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/17 13:11:18 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/17 09:29:19 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/17 09:29:17 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/17 09:28:18 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/16 16:07:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MSPublisher_Quark Converter.INI
[2010/07/16 15:57:08 | 000,001,901 | ---- | M] () -- C:\WINDOWS\panose.bin
[2010/07/15 16:18:27 | 001,778,547 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\DemolitionCall1.wmv
[2010/07/08 16:27:49 | 004,054,198 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Mitre 10 Advert.wmv
[2010/07/05 13:02:21 | 000,058,257 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_9055.jpg
[2010/07/05 12:59:28 | 000,097,912 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_9-1.jpg
[2010/07/05 12:41:36 | 000,064,813 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_905554_8123457_n.jpg
[2010/07/05 12:08:43 | 000,074,169 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31856_1416476466365_1666219019_1004698_8228200_n.jpg
[2010/07/05 11:48:23 | 000,181,419 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31856_1418535677844_1666219019_1010374_2621558_n.jpg
[2010/07/05 11:48:18 | 000,170,467 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31856_1418535597842_1666219019_1010373_3420771_n.jpg
[2010/07/04 16:18:41 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2010/07/04 13:43:13 | 004,744,640 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\TEXASFLASHLIGHT_.WMV
[2010/07/03 14:59:56 | 006,778,880 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\etax2010_1.msi
[2010/07/02 14:13:11 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/06/26 14:29:51 | 000,506,580 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/26 14:29:51 | 000,425,920 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/26 14:29:51 | 000,071,114 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/26 14:28:26 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010/06/22 04:36:38 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/06/22 04:36:37 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/06/22 04:36:36 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/06/22 04:36:29 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/22 02:24:28 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/12 13:39:49 | 000,173,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/06 11:50:20 | 000,000,040 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/06/03 11:27:34 | 000,032,397 | ---- | M] () -- C:\WINDOWS\SGTBox.INI
[2010/06/03 10:05:22 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/30 09:58:30 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010/05/14 15:38:45 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

========== Files Created - No Company Name ==========

[2010/08/08 20:07:14 | 003,816,974 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\ComboFix.exe
[2010/08/08 19:12:10 | 000,869,051 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\SecurityCheck.exe
[2010/08/08 09:42:12 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\gmer.exe
[2010/08/08 09:41:56 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\gmer.zip
[2010/08/07 14:34:13 | 000,093,580 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\reciept.jpg
[2010/08/05 17:22:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/05 17:22:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/05 17:22:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/05 17:22:21 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/05 17:22:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/03 20:32:01 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\RSIT.exe
[2010/08/01 18:31:15 | 000,000,161 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\fixme.reg
[2010/08/01 17:38:44 | 000,462,445 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Silent Runners.vbs
[2010/07/31 22:14:12 | 048,022,216 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\drweb-cureit.exe
[2010/07/31 10:16:45 | 000,003,254 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\RegSrch.vbs
[2010/07/26 18:15:33 | 000,051,334 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\29856_1412723292538_1666219019_995475_2027858_n.jpg
[2010/07/23 22:17:42 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\SystemLook.exe
[2010/07/23 16:46:42 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\dds.scr
[2010/07/20 21:50:54 | 000,002,235 | ---- | C] () -- C:\Documents and Settings\Dave\avgrep.txt
[2010/07/20 20:45:14 | 000,012,395 | ---- | C] () -- C:\Documents and Settings\Dave\hs_err_pid3200.log
[2010/07/19 20:10:44 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\vso_ts_preview.xml
[2010/07/17 13:11:18 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/16 16:07:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSPublisher_Quark Converter.INI
[2010/07/16 15:45:35 | 000,001,901 | ---- | C] () -- C:\WINDOWS\panose.bin
[2010/07/16 15:37:42 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2010/07/15 16:18:17 | 001,778,547 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\DemolitionCall1.wmv
[2010/07/08 16:27:26 | 004,054,198 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Mitre 10 Advert.wmv
[2010/07/05 13:02:21 | 000,058,257 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_9055.jpg
[2010/07/05 12:59:28 | 000,097,912 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_9-1.jpg
[2010/07/05 12:41:36 | 000,064,813 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_905554_8123457_n.jpg
[2010/07/05 12:08:43 | 000,074,169 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31856_1416476466365_1666219019_1004698_8228200_n.jpg
[2010/07/05 11:48:23 | 000,181,419 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31856_1418535677844_1666219019_1010374_2621558_n.jpg
[2010/07/05 11:48:18 | 000,170,467 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31856_1418535597842_1666219019_1010373_3420771_n.jpg
[2010/07/04 16:18:41 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\crash
[2010/07/04 13:42:35 | 004,744,640 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\TEXASFLASHLIGHT_.WMV
[2010/07/03 16:08:06 | 000,109,184 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\DAVE 2010.TAX
[2010/07/03 16:08:06 | 000,108,120 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\DAVE 2010.BAK
[2010/07/03 16:07:13 | 000,001,704 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\e-tax 2010.lnk
[2010/07/03 14:59:16 | 006,778,880 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\etax2010_1.msi
[2010/06/26 14:28:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010/06/06 11:50:20 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/05/14 15:38:45 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/15 16:54:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/30 14:44:55 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2009/12/01 17:42:12 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6e.DLL
[2009/10/19 20:06:48 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/07/04 14:14:28 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2009/07/04 14:09:29 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2009/05/04 17:00:39 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/04/28 07:39:51 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/04/18 13:59:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/10 15:05:45 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/04/10 13:16:51 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/04/10 13:16:39 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2009/04/10 12:15:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/07 11:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

========== LOP Check ==========

[2009/11/07 11:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/06 18:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/05/18 19:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/06/26 13:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2009/07/04 12:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/06/06 11:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/07/26 16:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2010/07/26 17:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/25 10:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/07/21 20:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\8926D9C51CB41E81AD43AAED097E3035
[2009/09/23 16:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/04/19 16:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DVDFab
[2009/12/13 20:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\IrfanView
[2010/08/08 15:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\LimeWire
[2009/08/03 18:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\MoveFab
[2010/05/18 18:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Nokia
[2010/06/06 10:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Nokia Multimedia Player
[2010/04/01 18:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Opera
[2010/05/18 18:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\PC Suite
[2010/07/21 18:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Vso

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21
< End of report >

 

and here is combofix log had to go to safe mode to run then came up as rootkill need to reboot then ran in normal mode :
ComboFix 10-08-07.02 - Dave 08/08/2010 21:29:59.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1568 [GMT 10:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))))
.

2010-08-07 23:37 . 2010-08-07 23:37 27386648 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_au.exe
2010-08-03 10:32 . 2010-08-03 11:21 -------- d-----w- c:\program files\trend micro
2010-08-03 10:32 . 2010-08-03 10:32 -------- d-----w- C:\rsit
2010-07-31 12:21 . 2010-08-01 01:06 -------- d-----w- c:\documents and settings\Dave\DoctorWeb
2010-07-31 11:06 . 2010-07-31 11:06 -------- d-----w- c:\program files\ESET
2010-07-26 06:59 . 2010-07-26 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Socusoft
2010-07-25 00:36 . 2010-07-25 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2010-07-23 12:48 . 2010-07-23 12:48 -------- d-----w- c:\program files\Common Files\Java
2010-07-23 12:48 . 2010-07-23 12:48 503808 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b0cd43b-n\msvcp71.dll
2010-07-23 12:48 . 2010-07-23 12:48 499712 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b0cd43b-n\jmc.dll
2010-07-23 12:48 . 2010-07-23 12:48 348160 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b0cd43b-n\msvcr71.dll
2010-07-23 12:48 . 2010-07-23 12:48 61440 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7346e290-n\decora-sse.dll
2010-07-23 12:48 . 2010-07-23 12:48 12800 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7346e290-n\decora-d3d.dll
2010-07-23 12:48 . 2010-06-21 18:36 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-23 11:05 . 2010-07-23 11:05 -------- d-----w- C:\_OTL
2010-07-22 09:16 . 2010-07-22 09:16 -------- d-----w- c:\documents and settings\Dave\Application Data\Malwarebytes
2010-07-22 09:16 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-22 09:16 . 2010-07-22 09:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-22 09:16 . 2010-07-22 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-22 09:16 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-21 11:45 . 2010-07-22 09:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\uealgoipr
2010-07-21 10:32 . 2010-07-21 10:32 -------- d-----w- c:\documents and settings\Dave\Local Settings\Application Data\xetblruxy
2010-07-21 10:32 . 2010-07-21 10:32 -------- d-----w- c:\documents and settings\Dave\Application Data\8926D9C51CB41E81AD43AAED097E3035
2010-07-21 09:00 . 2010-07-21 09:00 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-21 09:00 . 2010-07-21 09:00 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-21 09:00 . 2010-07-21 09:00 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe
2010-07-21 09:00 . 2010-07-21 09:00 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-20 11:03 . 2010-07-20 11:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-16 23:29 . 2010-07-16 23:29 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-16 23:29 . 2010-07-16 23:29 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-16 23:29 . 2010-07-16 23:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 23:27 . 2010-07-16 23:27 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-16 23:27 . 2010-07-16 23:27 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-16 23:27 . 2010-07-16 23:27 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-16 23:27 . 2010-07-16 23:27 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-16 05:45 . 2010-07-16 05:57 1901 ----a-w- c:\windows\panose.bin
2010-07-16 05:37 . 2001-04-11 03:03 6144 ----a-w- c:\windows\system32\W95fiber.dll
2010-07-16 05:37 . 2001-04-11 03:03 401484 ----a-w- c:\windows\system32\Msvcrtd.dll
2010-07-16 05:37 . 2001-04-11 03:03 210944 ----a-w- c:\windows\system32\Msvcrt10.dll
2010-07-16 05:37 . 2001-04-11 03:03 94285 ----a-w- c:\windows\system32\Msvcirtd.dll
2010-07-16 05:37 . 2001-04-11 03:03 133392 ----a-w- c:\windows\system32\Mfco30.dll
2010-07-16 05:37 . 2001-04-11 03:02 322832 ----a-w- c:\windows\system32\Mfc30.dll
2010-07-16 05:37 . 2001-04-11 03:02 212480 ----a-w- c:\windows\Pcdlib32.dll
2010-07-16 05:33 . 1998-10-02 09:00 327168 ----a-w- c:\windows\IsUninst.exe
2010-07-16 05:29 . 2010-07-16 05:29 -------- d-----w- c:\windows\_ISTMP2.DIR
2010-07-16 05:29 . 2010-07-16 05:29 -------- d-----w- c:\windows\_ISTMP1.DIR
2010-07-14 07:00 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 10:01 . 2009-04-10 06:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-08 10:00 . 2009-04-10 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-08 05:30 . 2009-11-21 23:03 -------- d-----w- c:\documents and settings\Dave\Application Data\LimeWire
2010-08-07 23:28 . 2009-04-30 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-08-03 09:04 . 2009-04-15 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-07-31 05:56 . 2009-04-10 02:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-31 05:53 . 2010-05-04 10:08 63488 ----a-w- c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-31 05:53 . 2009-04-10 02:24 117760 ----a-w- c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-26 10:53 . 2009-04-22 23:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-26 07:00 . 2010-04-25 02:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-25 03:03 . 2010-07-03 06:07 -------- d-----w- c:\program files\etax2010
2010-07-23 12:48 . 2009-04-21 05:23 -------- d-----w- c:\program files\Java
2010-07-21 08:11 . 2009-05-26 07:31 -------- d-----w- c:\documents and settings\Dave\Application Data\Vso
2010-07-16 23:29 . 2009-04-12 10:19 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 23:28 . 2009-04-12 10:19 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-02 04:13 . 2009-04-10 11:05 -------- d-----w- c:\program files\Opera
2010-06-26 04:28 . 2010-06-26 04:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-06-26 04:01 . 2009-12-06 08:56 -------- d-----w- c:\program files\Common Files\Nokia
2010-06-26 03:59 . 2010-06-26 03:59 -------- d-----w- c:\program files\PC Connectivity Solution
2010-06-26 03:58 . 2010-06-26 03:58 77824 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-06-26 03:58 . 2010-06-26 03:58 50000 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-06-26 03:56 . 2010-06-26 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache
2010-06-22 19:52 . 2010-06-26 03:58 69214784 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-06-22 19:52 . 2010-06-22 19:52 69214784 ----a-w- c:\documents and settings\Dave\Application Data\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2010-06-14 14:31 . 2009-04-10 01:23 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-03 00:05 . 2009-04-12 10:19 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-22 2403568]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-30 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-1-26 1486848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 22:07 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 23:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@= "Service "
path=
backup=

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Family & Friends Reminders.LNK]
backup=c:\windows\pss\Corel Family & Friends Reminders.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-19 07:27 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 08:25 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 02:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-10 07:37 417792 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2005-04-26 03:22 589824 ----a-r- c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\raid_tool]
2005-04-26 03:22 589824 ----a-r- c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-11 17:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 13:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 01:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-30 01:24 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 03:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService "=2 (0x2)
"AntiVirSchedulerService "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Opera\\opera.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe "=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe "=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/12/2009 8:19 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/12/2009 8:19 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3/23/2009 2:07 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 67656]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/17/2010 9:28 AM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/17/2010 9:29 AM 308136]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; [x]
S2 gupdate1c9c932a0f8aaae;Google Update Service (gupdate1c9c932a0f8aaae);c:\program files\Google\Update\GoogleUpdate.exe [4/30/2009 11:26 AM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 12872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-30 01:24]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 01:25]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 01:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/webhp?hl=en
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{81fdd779-57e9-0539-b8cd-d06cb867e3fd} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-08 21:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A474B4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0fcf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f11852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=" "
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=" "
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=" "
"Installed "= "1 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(504)
c:\windows\system32\WININET.dll
c:\windows\system32\MrvGINA.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(564)
c:\windows\system32\WININET.dll
.
Completion time: 2010-08-08 21:42:59
ComboFix-quarantined-files.txt 2010-08-08 11:42

Pre-Run: 18,493,939,712 bytes free
Post-Run: 18,589,687,808 bytes free

- - End Of File - - D1F1396D0C1D611E7B5ADDC1C284CE96

 

Hi crunchie after posting logs did a bit of web seaching on google and still getting redirected

 

The following is done with the expectancy that the listed programs have been uninstalled.
Spybot and Limewire being the two.

==

Run OTL

• Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
  
  
  Code:

  :Files
  c:\documents and settings\NetworkService\Local Settings\Application Data\uealgoipr
  c:\documents and settings\Dave\Local Settings\Application Data\xetblruxy
  c:\program files\Spybot - Search & Destroy
  c:\documents and settings\Dave\Application Data\LimeWire
  :OTL
  
  :Commands
  [emptyflash]
  [emptytemp]
  [resethosts]
  [Reboot]

• Then click the [color= "#FF0000"]Run Fix[/color] button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post log from this run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

 

Can you also try this;

Please download HelpAsst mebroot fix.exe by noahdfear and save to your desktop
Close out all other open programs and windows.
Double-click on it to run the tool and follow any prompts.
If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
Upon restarting, please wait about 5 minutes, go to > Run..., and in the Open dialog box, type: helpasst -mbrt
Make sure you leave a space between helpasst -mbrt.
Click OK or press Enter.
HelpAsst fix will create and open a log when done.
Copy and paste the contents of that log into your next reply.
In the event the tool does not detect an mbr infection and completes, do this:
Go to > Run> in the Open dialog box type: mbr -f
Click OK or press Enter.
Now, please do the Start > Run > mbr -f command a second time.
Shut down the computer (do not restart, but shut it down). Wait about five minutes, then start it back up.
After restart go to > Run > in the Open dialog box, type: helpasst -mbrt
Make sure you leave a space between helpasst and -mbrt.
Click OK or press Enter.
HelpAsst fix will create and open a log when done.
Copy and paste the contents of that log into your next reply.

 

hi here is fix log

All processes killed
========== FILES ==========
c:\documents and settings\NetworkService\Local Settings\Application Data\uealgoipr folder moved successfully.
c:\documents and settings\Dave\Local Settings\Application Data\xetblruxy folder moved successfully.
c:\program files\Spybot - Search & Destroy\Plugins folder moved successfully.
c:\program files\Spybot - Search & Destroy folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\xml\data folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\xml folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\uploads.dat folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\promotion folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\mozilla-profile\updates\0 folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\mozilla-profile\updates folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\mozilla-profile\extensions folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\mozilla-profile\Cache folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\mozilla-profile folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\certificate folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\browser\xulrunner\res\html folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\browser\xulrunner\res\fonts folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\browser\xulrunner\res\entityTables folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\browser\xulrunner\res\dtd folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\browser\xulrunner\res folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\browser\xulrunner\plugins folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\browser\xulrunner\modules folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\browser\xulrunner\greprefs folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\browser\xulrunner\dictionaries folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\browser\xulrunner\defaults\profile\US folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\browser\xulrunner\defaults\profile folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\browser\xulrunner\defaults\pref folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\browser\xulrunner\defaults folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\browser\xulrunner\components folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\browser\xulrunner\chrome folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\browser\xulrunner folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\browser folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire\.AppSpecialShare folder moved successfully.
c:\documents and settings\Dave\Application Data\LimeWire folder moved successfully.
========== OTL ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Dave
->Flash cache emptied: 1096 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Dave
->Temp folder emptied: 503606 bytes
->Temporary Internet Files folder emptied: 164848 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 73754 bytes

Total Files Cleaned = 1.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.1 log created on 08092010_203347

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

here is otl scam log

OTL logfile created on: 8/9/2010 8:38:28 PM - Run 7
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 17.37 Gb Free Space | 44.46% Space Free | Partition Type: NTFS
Drive D: | 109.99 Gb Total Space | 35.31 Gb Free Space | 32.10% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-8WI9D3OO4Q
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/08 20:06:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
PRC - [2010/07/22 17:18:09 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/07/21 18:59:20 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/17 09:29:21 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/17 09:29:17 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/17 09:29:17 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/17 09:29:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/17 09:28:18 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/17 09:28:17 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/30 14:52:22 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/26 17:55:04 | 001,486,848 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe


========== Modules (SafeList) ==========

MOD - [2010/08/08 20:06:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
MOD - [2008/04/14 10:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService)
SRV - [2010/07/21 18:59:20 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/17 09:29:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/01/07 13:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 13:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/11/06 08:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Dave\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/17 09:29:19 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 09:28:18 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 10:05:22 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/26 17:02:31 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/24 02:31:01 | 000,106,432 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/19 13:04:28 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 13:04:27 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/11 17:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/01/07 13:22:02 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2010/01/02 03:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/02/13 14:22:54 | 000,095,576 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/14 04:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/10/06 15:17:34 | 000,280,576 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
DRV - [2005/05/18 19:50:30 | 002,319,680 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/03/04 13:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/04 15:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/10/15 17:52:50 | 000,174,530 | R--- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)
DRV - [2003/07/02 06:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/webhp?hl=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/06/26 14:00:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/06/26 14:00:13 | 000,000,000 | ---D | M]

[2009/11/22 09:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2009/11/22 09:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/08/09 20:33:57 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - C:\WINDOWS\System32\MrvGINA.dll (Marvell(R))
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/10 11:24:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/09 19:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\My Documents\house pics
[2010/08/08 22:15:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dave\Recent
[2010/08/08 22:15:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/08 21:13:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/08 21:13:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/08 21:13:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/08 21:13:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/08 21:12:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/08 20:06:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2010/08/07 09:39:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/03 20:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/08/03 20:32:30 | 000,000,000 | ---D | C] -- C:\rsit
[2010/08/03 20:18:49 | 001,170,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dave\Desktop\TDSSKiller.exe
[2010/08/03 16:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\GooredFix Backups
[2010/08/03 16:44:44 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Dave\Desktop\GooredFix.exe
[2010/07/31 22:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\DoctorWeb
[2010/07/31 21:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/27 20:51:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/26 16:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2010/07/25 10:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/07/23 22:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/23 22:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/23 22:48:04 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/23 22:48:04 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/23 22:48:04 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/23 22:48:04 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/23 21:05:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/22 19:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\Malwarebytes
[2010/07/22 19:16:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/22 19:16:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/22 19:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/22 19:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/21 21:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/21 21:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/21 20:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\8926D9C51CB41E81AD43AAED097E3035
[2010/07/21 19:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/17 17:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\videos
[2010/07/17 09:29:17 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/16 15:37:41 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\Pcdlib32.dll
[2010/07/16 15:29:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\_ISTMP2.DIR
[2010/07/16 15:29:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\_ISTMP1.DIR
[2010/07/11 16:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\hl
[2010/07/06 19:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\New Folder
[2010/07/03 16:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\etax2010
[2010/06/26 13:59:32 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/06/26 13:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/06/26 13:58:52 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2010/06/26 13:58:51 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2010/06/26 13:58:49 | 000,022,528 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2010/06/26 13:58:48 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2010/06/26 13:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/06/06 11:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/06/06 11:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/05/20 19:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/05/18 19:53:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/05/18 19:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\My Documents\E52
[2010/05/18 18:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\Nokia
[2010/05/18 18:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\NokiaAccount

========== Files - Modified Within 90 Days ==========

[2010/08/09 20:35:23 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/09 20:35:22 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/09 20:35:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/09 20:34:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/09 20:34:07 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\Dave\NTUSER.DAT
[2010/08/09 20:34:07 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Dave\ntuser.ini
[2010/08/09 20:34:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/09 20:33:57 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/08/09 18:43:28 | 006,208,623 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Nieuwespitskk.wmv
[2010/08/09 17:37:04 | 063,098,205 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/08 22:16:05 | 004,841,772 | -H-- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\IconCache.db
[2010/08/08 21:39:47 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/08 21:11:44 | 003,816,974 | R--- | M] () -- C:\Documents and Settings\Dave\Desktop\ComboFix.exe
[2010/08/08 20:06:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2010/08/08 19:12:11 | 000,869,051 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\SecurityCheck.exe
[2010/08/08 09:41:57 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\gmer.zip
[2010/08/07 14:34:13 | 000,093,580 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\reciept.jpg
[2010/08/05 16:49:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/04 21:13:25 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/03 20:32:01 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\RSIT.exe
[2010/08/03 16:44:44 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Dave\Desktop\GooredFix.exe
[2010/08/01 16:22:40 | 000,000,161 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\fixme.reg
[2010/07/31 22:19:59 | 048,022,216 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\drweb-cureit.exe
[2010/07/27 20:51:23 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/26 18:15:26 | 000,051,334 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\29856_1412723292538_1666219019_995475_2027858_n.jpg
[2010/07/25 13:55:50 | 000,109,184 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\DAVE 2010.TAX
[2010/07/25 13:50:37 | 000,108,120 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\DAVE 2010.BAK
[2010/07/25 13:03:41 | 000,001,704 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\e-tax 2010.lnk
[2010/07/23 22:17:42 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\SystemLook.exe
[2010/07/23 16:46:42 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\dds.scr
[2010/07/22 21:24:58 | 000,001,165 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/22 21:24:58 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/07/22 16:11:12 | 001,170,256 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dave\Desktop\TDSSKiller.exe
[2010/07/19 21:48:49 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\vso_ts_preview.xml
[2010/07/19 14:58:04 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/07/19 12:39:25 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/17 13:11:18 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/17 09:29:19 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/17 09:29:17 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/17 09:28:18 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/16 16:07:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MSPublisher_Quark Converter.INI
[2010/07/16 15:57:08 | 000,001,901 | ---- | M] () -- C:\WINDOWS\panose.bin
[2010/07/15 16:18:27 | 001,778,547 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\DemolitionCall1.wmv
[2010/07/08 16:27:49 | 004,054,198 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Mitre 10 Advert.wmv
[2010/07/05 13:02:21 | 000,058,257 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_9055.jpg
[2010/07/05 12:59:28 | 000,097,912 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_9-1.jpg
[2010/07/05 12:41:36 | 000,064,813 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_905554_8123457_n.jpg
[2010/07/05 12:08:43 | 000,074,169 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31856_1416476466365_1666219019_1004698_8228200_n.jpg
[2010/07/05 11:48:23 | 000,181,419 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31856_1418535677844_1666219019_1010374_2621558_n.jpg
[2010/07/05 11:48:18 | 000,170,467 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31856_1418535597842_1666219019_1010373_3420771_n.jpg
[2010/07/04 16:18:41 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2010/07/04 13:43:13 | 004,744,640 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\TEXASFLASHLIGHT_.WMV
[2010/07/03 14:59:56 | 006,778,880 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\etax2010_1.msi
[2010/07/02 14:13:11 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/06/26 14:29:51 | 000,506,580 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/26 14:29:51 | 000,425,920 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/26 14:29:51 | 000,071,114 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/26 14:28:26 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010/06/22 04:36:38 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/06/22 04:36:37 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/06/22 04:36:36 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/06/22 04:36:29 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/22 02:24:28 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/12 13:39:49 | 000,173,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/06 11:50:20 | 000,000,040 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/06/03 11:27:34 | 000,032,397 | ---- | M] () -- C:\WINDOWS\SGTBox.INI
[2010/06/03 10:05:22 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/30 09:58:30 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010/05/14 15:38:45 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

========== Files Created - No Company Name ==========

[2010/08/09 18:43:28 | 006,208,623 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Nieuwespitskk.wmv
[2010/08/08 21:13:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/08 21:13:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/08 21:13:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/08 21:13:09 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/08 21:13:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/08 21:11:24 | 003,816,974 | R--- | C] () -- C:\Documents and Settings\Dave\Desktop\ComboFix.exe
[2010/08/08 19:12:10 | 000,869,051 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\SecurityCheck.exe
[2010/08/08 09:42:12 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\gmer.exe
[2010/08/08 09:41:56 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\gmer.zip
[2010/08/07 14:34:13 | 000,093,580 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\reciept.jpg
[2010/08/03 20:32:01 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\RSIT.exe
[2010/08/01 18:31:15 | 000,000,161 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\fixme.reg
[2010/08/01 17:38:44 | 000,462,445 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Silent Runners.vbs
[2010/07/31 22:14:12 | 048,022,216 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\drweb-cureit.exe
[2010/07/31 10:16:45 | 000,003,254 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\RegSrch.vbs
[2010/07/26 18:15:33 | 000,051,334 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\29856_1412723292538_1666219019_995475_2027858_n.jpg
[2010/07/23 22:17:42 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\SystemLook.exe
[2010/07/23 16:46:42 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\dds.scr
[2010/07/20 21:50:54 | 000,002,235 | ---- | C] () -- C:\Documents and Settings\Dave\avgrep.txt
[2010/07/20 20:45:14 | 000,012,395 | ---- | C] () -- C:\Documents and Settings\Dave\hs_err_pid3200.log
[2010/07/19 20:10:44 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\vso_ts_preview.xml
[2010/07/17 13:11:18 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/16 16:07:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSPublisher_Quark Converter.INI
[2010/07/16 15:45:35 | 000,001,901 | ---- | C] () -- C:\WINDOWS\panose.bin
[2010/07/16 15:37:42 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2010/07/15 16:18:17 | 001,778,547 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\DemolitionCall1.wmv
[2010/07/08 16:27:26 | 004,054,198 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Mitre 10 Advert.wmv
[2010/07/05 13:02:21 | 000,058,257 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_9055.jpg
[2010/07/05 12:59:28 | 000,097,912 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_9-1.jpg
[2010/07/05 12:41:36 | 000,064,813 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_905554_8123457_n.jpg
[2010/07/05 12:08:43 | 000,074,169 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31856_1416476466365_1666219019_1004698_8228200_n.jpg
[2010/07/05 11:48:23 | 000,181,419 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31856_1418535677844_1666219019_1010374_2621558_n.jpg
[2010/07/05 11:48:18 | 000,170,467 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31856_1418535597842_1666219019_1010373_3420771_n.jpg
[2010/07/04 16:18:41 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\crash
[2010/07/04 13:42:35 | 004,744,640 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\TEXASFLASHLIGHT_.WMV
[2010/07/03 16:08:06 | 000,109,184 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\DAVE 2010.TAX
[2010/07/03 16:08:06 | 000,108,120 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\DAVE 2010.BAK
[2010/07/03 16:07:13 | 000,001,704 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\e-tax 2010.lnk
[2010/07/03 14:59:16 | 006,778,880 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\etax2010_1.msi
[2010/06/26 14:28:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010/06/06 11:50:20 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/05/14 15:38:45 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/15 16:54:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/30 14:44:55 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2009/12/01 17:42:12 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6e.DLL
[2009/10/19 20:06:48 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/07/04 14:14:28 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2009/07/04 14:09:29 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2009/05/04 17:00:39 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/04/28 07:39:51 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/04/18 13:59:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/10 15:05:45 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/04/10 13:16:51 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/04/10 13:16:39 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2009/04/10 12:15:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/07 11:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

========== LOP Check ==========

[2009/11/07 11:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/06 18:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/05/18 19:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/06/26 13:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2009/07/04 12:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/06/06 11:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/07/26 16:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2010/07/26 17:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/25 10:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/07/21 20:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\8926D9C51CB41E81AD43AAED097E3035
[2009/09/23 16:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/04/19 16:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DVDFab
[2009/12/13 20:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\IrfanView
[2009/08/03 18:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\MoveFab
[2010/05/18 18:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Nokia
[2010/06/06 10:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Nokia Multimedia Player
[2010/04/01 18:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Opera
[2010/05/18 18:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\PC Suite
[2010/07/21 18:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Vso

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21
< End of report >

 

Hi crunchie the link for HelpAsst mebroot fix.exe wont open for me ??

 

Try this one;

http://redirectingat.com/?id=951X49...f=http://www.techspot.com/vb/topic148612.html

 

here is helpasst log

C:\Documents and Settings\Dave\Desktop\HelpAsst_mebroot_fix.exe
Mon 08/09/2010 at 21:13:45.93

HelpAssistant account Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

~~ Checking firewall ports ~~


HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking mbr ~~

user & kernel MBR OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Mon 08/09/2010 at 21:25:54.64

Account active No
Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A471B4C]<<
kernel: MBR read successfully
user & kernel MBR OK

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~

 

Ok. I'm sort of stuck with where to go with this now .

If you like I can ask Broni to poke his head in, but this thread is quite a bit for him to go through now.

 

no worries um what ever you think is best way to go, the redirects are annoying but do u think they will get worse or infect pc in any other way ?? If broni wants too i have no qualms whatsoever i am open to all help at this time.

If we keep going though i will probably have to put you on my Christmas list

 

Yeah, but think of our post count

 

well i let u think it over and ill check back tomorrow and go from there thanks again for all your time and effort

 

Hi broni thanks for having a look here is mbr log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0x8A028000 \WINDOWS\system32\KDCOM.DLL
0xBA4BC000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5A8000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xBA5AA000 viaide.sys
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 viamraid.sys
0xB9EF3000 \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
0xBA0E8000 disk.sys
0xBA0F8000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB9ED3000 fltmgr.sys
0xB9EC1000 sr.sys
0xBA108000 PxHelp20.sys
0xB9EAA000 KSecDD.sys
0xB9E93000 WudfPf.sys
0xB9E06000 Ntfs.sys
0xB9DD9000 NDIS.sys
0xBA338000 viaagp1.sys
0xB9DBF000 Mup.sys
0xB9432000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB8FFC000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB8FE8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9422000 \SystemRoot\System32\Drivers\Imapi.SYS
0xB8FCF000 \SystemRoot\System32\Drivers\AnyDVD.sys
0xB9412000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xB9402000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB8FAC000 \SystemRoot\System32\DRIVERS\ks.sys
0xBA3C0000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB8F88000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xBA3C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8D51000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB8D2D000 \SystemRoot\system32\drivers\portcls.sys
0xB93F2000 \SystemRoot\system32\drivers\drmk.sys
0xB8D1A000 \SystemRoot\System32\DRIVERS\Rtlnicxp.sys
0xBA3D0000 \SystemRoot\System32\DRIVERS\fdc.sys
0xB93E2000 \SystemRoot\System32\DRIVERS\serial.sys
0xBA5A0000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB8D06000 \SystemRoot\System32\DRIVERS\parport.sys
0xB93D2000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xBA3D8000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xBA70E000 \SystemRoot\System32\DRIVERS\audstub.sys
0xB93C2000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA5A4000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB8CEF000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xB93B2000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xBA138000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xBA3E0000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB8CDE000 \SystemRoot\System32\DRIVERS\psched.sys
0xBA148000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xBA3F0000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xBA3F8000 \SystemRoot\System32\DRIVERS\raspti.sys
0xBA158000 \SystemRoot\System32\Drivers\pcouffin.sys
0xB8CAE000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xBA168000 \SystemRoot\System32\DRIVERS\termdd.sys
0xBA400000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBA5CA000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB8C50000 \SystemRoot\System32\DRIVERS\update.sys
0xB9D83000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xBA178000 \SystemRoot\system32\DRIVERS\zumbus.sys
0xBA188000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB8BDF000 \SystemRoot\System32\Drivers\wdf01000.sys
0xB8857000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8827000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xBA600000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xBA3A0000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xBA606000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7F7000 \SystemRoot\System32\Drivers\Null.SYS
0xBA608000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3B0000 \SystemRoot\System32\drivers\vga.sys
0xBA60A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA60C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3B8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3E8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA58C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA6A0D000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xA69B4000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xA697C000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xA6942000 \SystemRoot\System32\Drivers\avgtdix.sys
0xA3395000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xA6A62000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xA3385000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xA651B000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0x9EABF000 \SystemRoot\System32\DRIVERS\mouhid.sys
0x9CF77000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9CF55000 \SystemRoot\System32\drivers\afd.sys
0x9DA89000 \SystemRoot\System32\DRIVERS\netbios.sys
0x9CF33000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xA652B000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9CF08000 \SystemRoot\System32\DRIVERS\rdbss.sys
0x9CE98000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0x9DA69000 \SystemRoot\System32\Drivers\Fips.SYS
0xA6523000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x9CE7C000 \SystemRoot\System32\DRIVERS\avipbb.sys
0x9E444000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x9CE48000 \SystemRoot\System32\Drivers\avgldx86.sys
0xA2224000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9CE30000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9D2E7000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA68DB000 \SystemRoot\System32\drivers\Dxapi.sys
0xB7A1E000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0x9D976000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF065000 \SystemRoot\System32\ati2cqag.dll
0xBF0FE000 \SystemRoot\System32\atikvmag.dll
0xBF182000 \SystemRoot\System32\atiok3x2.dll
0xBF1CD000 \SystemRoot\System32\ati3duag.dll
0xBF572000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA3670000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0x9AA3B000 \SystemRoot\system32\drivers\wdmaud.sys
0xA6B0C000 \SystemRoot\system32\drivers\sysaudio.sys
0x9A8A6000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xBA612000 \SystemRoot\System32\Drivers\ParVdm.SYS
0x9A787000 \SystemRoot\System32\DRIVERS\srv.sys
0x9A37B000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x9A1FA000 \SystemRoot\System32\Drivers\HTTP.sys
0x99ED6000 \SystemRoot\System32\Drivers\Udfs.SYS
0x99EAB000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 35):
0 System Idle Process
4 System
480 C:\WINDOWS\system32\smss.exe
528 csrss.exe
560 C:\WINDOWS\system32\winlogon.exe
608 C:\WINDOWS\system32\services.exe
620 C:\WINDOWS\system32\lsass.exe
804 C:\WINDOWS\system32\ati2evxx.exe
832 C:\WINDOWS\system32\svchost.exe
892 svchost.exe
992 C:\WINDOWS\system32\svchost.exe
1052 C:\WINDOWS\system32\svchost.exe
1124 C:\WINDOWS\system32\ati2evxx.exe
1132 C:\Program Files\AVG\AVG9\avgchsvx.exe
1160 C:\Program Files\AVG\AVG9\avgrsx.exe
1196 svchost.exe
1300 svchost.exe
1356 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1496 C:\WINDOWS\system32\spoolsv.exe
204 C:\WINDOWS\explorer.exe
276 svchost.exe
524 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1176 C:\Program Files\Java\jre6\bin\jqs.exe
1812 C:\WINDOWS\system32\svchost.exe
1892 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2012 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
2052 C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
2340 C:\WINDOWS\system32\ZuneBusEnum.exe
2416 C:\WINDOWS\system32\dmadmin.exe
2740 C:\Program Files\AVG\AVG9\avgemc.exe
2792 C:\Program Files\AVG\AVG9\avgnsx.exe
2916 C:\Program Files\AVG\AVG9\avgcsrvx.exe
3464 alg.exe
3388 C:\Program Files\Opera\opera.exe
2440 C:\Documents and Settings\Dave\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`c4014000 (NTFS)

PhysicalDrive0 Model Number: ST3160212A, Rev: 3.AAJ

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 3DD27C7EE9B2D8B2CB511843C79460E5DB3CA995


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

 

here is RootRepeal.txt

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/08/10 19:42
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0x9CE30000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0x9D2E7000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9A18A000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0x9d9b9b96

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x9d9b9b8c

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0x9d9b9b9b

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0x9d9b9ba5

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0x9d9b9baa

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x9d9b9b78

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x9d9b9b7d

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0x9d9b9bb4

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0x9d9b9baf

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0x9d9b9ba0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0x9cf3d620

==EOF==