asmoeone

Thanks guys. I don't fancy trying to sort out the partitioning/restore, so I'm tracking down some disks. In the meantime I've discovered an apparent issue with performance on the router's LAN ports. I might well be back...

Hello, It's a beautiful sunny day here. Unfortunately I've spent most of it unsuccessfully trying to fix my father's Dell Dimension 3000 (Win XP), which has gradually become unusably slow for web browsing. I've tried most of the things I can think of to speed it up (see below), without any success. Finally I've tried and failed to restore the machine to factory state using the Dell PC Restore process. I would really appreciate some advice with either - 1. fixing the slow internet issue directly, and/or 2. restoring the machine to factory status -------- Actions/Observations/Clues: All browsers are running slow on this PC. Other apps seem fine. Another PC using the same modem/router and internet connection runs fine. I tried running Firefox with all add-ons disabled. I reinstalled Firefox I checked Windows is up to date I uninstalled extraneous software I installed and ran CCleaner, (removed unused files, cleaned registry, disabled unrequired startup processes) I ran disk defrag I uninstalled McAfee security software (using their own uninstaller, not without issue) and replaced with MS Security Essentials I noted in Device manager that there are still several entries for McAfee Core NDIS Intermediate Filter Miniports with status disabled. I installed MBAM and ran full scan I updated the network adapter driver I upgraded RAM from 512 to 1Gb, since available physical memory showed only around 15-20%. This sped up PC, but not browser. I uninstalled all AOL software (7 programs!) Finally, I tried to access Dell PC Restore via Ctrl+F11 on Dell startup screen. I noted no such Dell startup screen is displayed, but managed to access it anyway. Received message that restore could not be done because of a system change. I found a useful resource here that seems to explain this as being caused by changes having been made to the hard disk partitions (changes apparently made ages ago by some passing acquaintance of my Dad's e.g. setting up extended partition with swap and temp drives etc.). I looked at partitions in Explorer. I noticed there is a "Ghost" partition (seemingly empty), some Norton Ghost 2003 files (seemingly only installation files), and no entry for Ghost in add/remove programs, so it doesn't appear to me that Ghost2003 is active. I looked at partitions in Windows Disk management. The partition in position 4 shows as FAT32, 2.75Gb, 30%free, whilst the same partition shows in PartitionMagic as Local Disk, CP/M, Concurrent DOS, CTOS, 2.8Gb, unused=0 I don't understand what this partition is. I hope it contains the image for the Dell PC Restore, but I don't know how to confirm this and it would be good to know that's what it is before I embark on trying to get the Dell PC Restore working again, if that's even a good idea. Thanks for taking the time, John

Hello, I'm fairly new to networks of any kind, and struggling a bit with my early stages research, so any pointers are welcome. Currently my father has a desktop, in the study, with an ethernet connection to a (wireless-enabled) broadband router. He also has a netbook that he'd like to use wirelessly, in other downstairs rooms, but the walls in his house are too thick. My mother wants to get a computer that she'd also use in the study. And the lodger would like to use the internet connection from the attic. The primary requirement is for shared use of the internet connection, but other network benefits (printer, shared files) could be a secondary benefit. My thinking so far is going like this - To enable the netbook with wireless, downstairs, I was wondering if I could use a powerline network with a wireless adapter (range extender) in each room. It sounds good to me, though Netgear and others seem to be discontinuing them. To enable my mother's new computer, I'm considering using a direct ethernet connection to the broadband router. To enable the lodger in the attic (which is probably on a different power circuit to downstairs) I'm wondering if I could use some kind of phoneline or (TV coax) network, so I don't have to rewire the house (HomePNA sounds promising). All these seem like they might be possible, but I'm not sure I'm on the best track and can't quite figure out what products I'd need to connect it all together, particuarly how the phone extension in the attic would connect to the broadband router (preferably without needing to rely on going via the desktop). I'm already thinking my plan sounds expensive with all these different types of network... Thanks for any advice.

Done. Many, many thanks for your help. The process has been a pleasure for me and I'm frankly amazed to have received such professional and timely assistance, all volunteered for nothing. I shall be visiting the donation page for the site.

Malwarebytes' Anti-Malware 1.46 Malwarebytes Database version: 4274 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 04/07/2010 14:17:19 mbam-log-2010-07-04 (14-17-19).txt Scan type: Full scan (C:\|) Objects scanned: 163170 Time elapsed: 50 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

I'm embarrassed to admit that when I opened my browser I realised my wireless connection was still disabled. Could have had something to do with the update problem... Anyway, MBAM reinstalled. Scan run. "no malicious items were detected".

I'd understood that having an open internet connection without a firewall was very risky, even for a short period? Well I guess I trust you because I tried it. The update gave the same error. I checked the MBAM forums, and they seem to point to an uninstall / "mbam-clean.exe" utility / reinstall. Heard of it?

I can, of course, bear with it. And I'm glad you can too. When trying to update MBAM, I get the error message - "An error has occurred. Please report this error code to our support team. MBAM_ERROR_UPDATING (12007,0,WinHttpSendRequest)". I suppose this could be malware related. I tried disabling MS Security Essentials, but this made no difference. What do you reckon?

Indeed it does. As far as I can see things are completely back to normal. It looks like our work here is finished?

Doh. Let's try this one... ---------------------- All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Chunky ->Temp folder emptied: 48966 bytes ->Temporary Internet Files folder emptied: 552062 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 22037488 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 2286 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2089 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 2258 bytes Total Files Cleaned = 22.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: All Users User: Chunky ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.7.0 log created on 07032010_165308 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

Oh, and fyi, uTorrent client is now uninstalled. I tried this recently to see what torrenting was all about (yes, I'm that far behind the curve). I'd pretty much decided not to use it further, so you helped me nail that coffin shut.

Things are looking much better... EST scan found nothing, zilch, hence no log. OTL fix report below... ----------------------------------- OTL logfile created on: 03/07/2010 15:06:16 - Run 2 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Chunky\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1,023.00 Mb Total Physical Memory | 615.00 Mb Available Physical Memory | 60.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 20.93 Gb Free Space | 56.18% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: 9FDD52CB Current User Name: Chunky Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Chunky\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\Documents and Settings\Chunky\Application Data\Dropbox\bin\Dropbox.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Chunky\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) ========== Driver Services (SafeList) ========== DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.) DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (OZSCR) -- C:\WINDOWS\system32\drivers\ozscr.sys (O2Micro) DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo! SearchBar Home Page IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search" FF - prefs.js..browser.startup.homepage: "http://mail.yahoo.com/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 41 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/01 12:07:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/28 21:19:46 | 000,000,000 | ---D | M] [2008/08/16 16:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chunky\Application Data\Mozilla\Extensions [2010/06/28 14:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chunky\Application Data\Mozilla\Firefox\Profiles\i6qwppnv.default\extensions [2010/06/06 23:26:10 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Chunky\Application Data\Mozilla\Firefox\Profiles\i6qwppnv.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2010/05/01 09:59:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Chunky\Application Data\Mozilla\Firefox\Profiles\i6qwppnv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/08/28 22:10:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Chunky\Application Data\Mozilla\Firefox\Profiles\i6qwppnv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010/06/28 14:08:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/04/20 11:48:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\components\np32asw.dll [2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32asw.dll [2008/12/10 10:32:56 | 000,091,520 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\Mozilla Firefox\plugins\npBTEmailConfig.dll [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/06/07 18:09:44 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010/04/20 11:27:52 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/04/20 11:27:52 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/04/20 11:27:52 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/04/20 11:27:52 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2010/07/03 13:27:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Chunky\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Chunky\Application Data\Dropbox\bin\Dropbox.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O15 - HKCU\..Trusted Domains: internet ([]about in Internet) O15 - HKCU\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218572172906 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/08/11 23:45:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/07/03 13:39:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/07/03 13:37:27 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chunky\Desktop\OTL.exe [2010/07/03 13:37:21 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chunky\Desktop\TFC.exe [2010/07/03 08:57:53 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/07/03 08:45:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/07/03 08:45:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/07/03 08:45:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/07/03 08:45:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/07/03 08:45:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/07/03 08:43:50 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/07/02 20:43:27 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Chunky\Desktop\TDSSKiller.exe [2010/07/01 12:24:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/07/01 12:24:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/07/01 12:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/07/01 11:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2010/07/01 08:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/07/01 08:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/06/25 08:24:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010/06/25 08:20:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chunky\Local Settings\Application Data\PCHealth [2010/06/25 08:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth [2010/06/20 17:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chunky\Local Settings\Application Data\Spotify [2010/06/20 17:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chunky\Application Data\Spotify [2010/06/20 17:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spotify [2010/06/17 11:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chunky\Local Settings\Application Data\Bit Computing [2010/06/09 10:14:23 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010/06/07 18:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chunky\My Documents\Downloads [2010/06/07 18:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software ========== Files - Modified Within 30 Days ========== [2010/07/03 14:56:06 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/07/03 13:46:29 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/07/03 13:41:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/07/03 13:40:52 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010/07/03 13:40:45 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/07/03 13:40:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/07/03 13:40:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/07/03 13:39:34 | 003,993,600 | ---- | M] () -- C:\Documents and Settings\Chunky\ntuser.dat [2010/07/03 13:39:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Chunky\ntuser.ini [2010/07/03 13:35:18 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chunky\Desktop\OTL.exe [2010/07/03 13:32:58 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chunky\Desktop\TFC.exe [2010/07/03 13:27:59 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/07/03 13:27:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/07/03 08:58:40 | 000,315,076 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/07/03 08:58:40 | 000,041,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/07/03 08:58:38 | 000,360,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/07/03 08:58:10 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010/07/02 20:43:30 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Chunky\Desktop\TDSSKiller.exe [2010/07/02 20:40:06 | 003,725,496 | R--- | M] () -- C:\Documents and Settings\Chunky\Desktop\Combo-Fix.exe [2010/07/02 20:39:30 | 000,981,780 | ---- | M] () -- C:\Documents and Settings\Chunky\Desktop\tdsskiller.zip [2010/07/01 11:38:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/06/30 18:12:04 | 000,033,148 | ---- | M] () -- C:\Documents and Settings\Chunky\Desktop\Inventory.docx [2010/06/20 17:10:29 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Chunky\Desktop\Spotify.lnk [2010/06/09 12:38:33 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/06/09 11:25:19 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK ========== Files Created - No Company Name ========== [2010/07/03 08:58:09 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010/07/03 08:57:58 | 000,260,272 | ---- | C] () -- C:\cmldr [2010/07/03 08:45:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/07/03 08:45:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/07/03 08:45:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/07/03 08:45:52 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/07/03 08:45:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/07/02 20:49:13 | 003,725,496 | R--- | C] () -- C:\Documents and Settings\Chunky\Desktop\Combo-Fix.exe [2010/07/02 20:42:26 | 000,981,780 | ---- | C] () -- C:\Documents and Settings\Chunky\Desktop\tdsskiller.zip [2010/06/29 11:22:18 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/06/27 16:12:49 | 000,033,148 | ---- | C] () -- C:\Documents and Settings\Chunky\Desktop\Inventory.docx [2010/06/24 22:35:03 | 003,993,600 | ---- | C] () -- C:\Documents and Settings\Chunky\ntuser.dat [2010/06/20 17:10:29 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Chunky\Desktop\Spotify.lnk [2010/06/13 14:31:07 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job [2009/04/20 10:57:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll [2009/02/01 21:24:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2008/08/12 19:56:57 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2008/08/12 19:56:57 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll ========== Custom Scans ========== < :Otl > < IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found > < > < :commands > < [emptytemp] > < [purity] > < [RESETHOSTS] > < [EMPTYFLASH] > < End of report >

OTL Extras ------------------ OTL Extras logfile created on: 03/07/2010 13:54:51 - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Chunky\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1,023.00 Mb Total Physical Memory | 658.00 Mb Available Physical Memory | 64.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 20.92 Gb Free Space | 56.16% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: 9FDD52CB Current User Name: Chunky Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Documents and Settings\Chunky\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Chunky\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- () "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 20 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2 "{AFD9E698-03C2-4E88-80A6-1496562D4304}" = Google SketchUp 7.1 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}" = O2Micro Smartcard Driver "{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Email Configuration Tool "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware "{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card "BTHomeHub" = BTHomeHub "CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem "ENTERPRISE" = Microsoft Office Enterprise 2007 "Foxit Reader" = Foxit Reader "Google Updater" = Google Updater "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}" = O2Micro Smartcard Driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft Security Essentials" = Microsoft Security Essentials "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "OpenAL" = OpenAL "Spotify" = Spotify "Stellarium_is1" = Stellarium 0.10.2 "uTorrent" = µTorrent "VLC media player" = VLC media player 1.0.0 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 01/07/2010 12:56:05 | Computer Name = 9FDD52CB | Source = Google Update | ID = 20 Description = Error - 01/07/2010 15:56:05 | Computer Name = 9FDD52CB | Source = Google Update | ID = 20 Description = Error - 01/07/2010 16:56:05 | Computer Name = 9FDD52CB | Source = Google Update | ID = 20 Description = Error - 02/07/2010 10:31:04 | Computer Name = 9FDD52CB | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0, P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P8 NIL, P9 NIL, P10 NIL. Error - 02/07/2010 10:31:05 | Computer Name = 9FDD52CB | Source = MSSecurityEssentials | ID = 5000 Description = Error - 02/07/2010 13:15:45 | Computer Name = 9FDD52CB | Source = Google Update | ID = 20 Description = Error - 02/07/2010 15:04:58 | Computer Name = 9FDD52CB | Source = Google Update | ID = 20 Description = Error - 02/07/2010 15:56:08 | Computer Name = 9FDD52CB | Source = Google Update | ID = 20 Description = Error - 02/07/2010 16:56:05 | Computer Name = 9FDD52CB | Source = Google Update | ID = 20 Description = Error - 03/07/2010 08:56:05 | Computer Name = 9FDD52CB | Source = Google Update | ID = 20 Description = [ System Events ] Error - 02/07/2010 10:19:58 | Computer Name = 9FDD52CB | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 02/07/2010 10:20:00 | Computer Name = 9FDD52CB | Source = Service Control Manager | ID = 7023 Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: %%2 Error - 02/07/2010 10:31:02 | Computer Name = 9FDD52CB | Source = Microsoft Antimalware | ID = 2001 Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.85.1058.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5902.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 02/07/2010 15:54:42 | Computer Name = 9FDD52CB | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. Error - 02/07/2010 15:54:45 | Computer Name = 9FDD52CB | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: PCIIde Error - 03/07/2010 03:59:52 | Computer Name = 9FDD52CB | Source = Service Control Manager | ID = 7034 Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s). Error - 03/07/2010 08:22:51 | Computer Name = 9FDD52CB | Source = Service Control Manager | ID = 7034 Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s). Error - 03/07/2010 08:38:46 | Computer Name = 9FDD52CB | Source = Service Control Manager | ID = 7034 Description = The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s). Error - 03/07/2010 08:38:46 | Computer Name = 9FDD52CB | Source = Service Control Manager | ID = 7031 Description = The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service. Error - 03/07/2010 08:38:47 | Computer Name = 9FDD52CB | Source = Service Control Manager | ID = 7034 Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). < End of report >

OTL.txt ------------ OTL logfile created on: 03/07/2010 13:54:51 - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Chunky\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1,023.00 Mb Total Physical Memory | 658.00 Mb Available Physical Memory | 64.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 20.92 Gb Free Space | 56.16% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: 9FDD52CB Current User Name: Chunky Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Chunky\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\Documents and Settings\Chunky\Application Data\Dropbox\bin\Dropbox.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Chunky\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) ========== Driver Services (SafeList) ========== DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.) DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (OZSCR) -- C:\WINDOWS\system32\drivers\ozscr.sys (O2Micro) DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo! SearchBar Home Page IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search" FF - prefs.js..browser.startup.homepage: "http://mail.yahoo.com/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 41 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/01 12:07:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/28 21:19:46 | 000,000,000 | ---D | M] [2008/08/16 16:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chunky\Application Data\Mozilla\Extensions [2010/06/28 14:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chunky\Application Data\Mozilla\Firefox\Profiles\i6qwppnv.default\extensions [2010/06/06 23:26:10 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Chunky\Application Data\Mozilla\Firefox\Profiles\i6qwppnv.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2010/05/01 09:59:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Chunky\Application Data\Mozilla\Firefox\Profiles\i6qwppnv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/08/28 22:10:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Chunky\Application Data\Mozilla\Firefox\Profiles\i6qwppnv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010/06/28 14:08:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/04/20 11:48:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\components\np32asw.dll [2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32asw.dll [2008/12/10 10:32:56 | 000,091,520 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\Mozilla Firefox\plugins\npBTEmailConfig.dll [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/06/07 18:09:44 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010/04/20 11:27:52 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/04/20 11:27:52 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/04/20 11:27:52 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/04/20 11:27:52 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2010/07/03 13:27:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Chunky\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Chunky\Application Data\Dropbox\bin\Dropbox.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O15 - HKCU\..Trusted Domains: internet ([]about in Internet) O15 - HKCU\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218572172906 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/08/11 23:45:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/08/11 23:44:50 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902109354000384) ========== Files/Folders - Created Within 30 Days ========== [2010/07/03 13:39:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/07/03 13:37:27 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chunky\Desktop\OTL.exe [2010/07/03 13:37:21 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chunky\Desktop\TFC.exe [2010/07/03 08:57:53 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/07/03 08:45:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/07/03 08:45:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/07/03 08:45:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/07/03 08:45:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/07/03 08:45:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/07/03 08:43:50 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/07/02 20:43:27 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Chunky\Desktop\TDSSKiller.exe [2010/07/01 12:24:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/07/01 12:24:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/07/01 12:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/07/01 11:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2010/07/01 08:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/07/01 08:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/06/25 08:24:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010/06/25 08:20:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chunky\Local Settings\Application Data\PCHealth [2010/06/25 08:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth [2010/06/20 17:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chunky\Local Settings\Application Data\Spotify [2010/06/20 17:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chunky\Application Data\Spotify [2010/06/20 17:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spotify [2010/06/17 11:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chunky\Local Settings\Application Data\Bit Computing [2010/06/09 10:14:23 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010/06/07 18:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chunky\My Documents\Downloads [2010/06/07 18:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software ========== Files - Modified Within 30 Days ========== [2010/07/03 13:56:05 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/07/03 13:46:29 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/07/03 13:41:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/07/03 13:40:52 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010/07/03 13:40:45 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/07/03 13:40:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/07/03 13:40:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/07/03 13:39:34 | 003,993,600 | ---- | M] () -- C:\Documents and Settings\Chunky\ntuser.dat [2010/07/03 13:39:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Chunky\ntuser.ini [2010/07/03 13:35:18 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chunky\Desktop\OTL.exe [2010/07/03 13:32:58 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chunky\Desktop\TFC.exe [2010/07/03 13:27:59 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/07/03 13:27:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/07/03 08:58:40 | 000,315,076 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/07/03 08:58:40 | 000,041,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/07/03 08:58:38 | 000,360,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/07/03 08:58:10 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010/07/02 20:43:30 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Chunky\Desktop\TDSSKiller.exe [2010/07/02 20:40:06 | 003,725,496 | R--- | M] () -- C:\Documents and Settings\Chunky\Desktop\Combo-Fix.exe [2010/07/02 20:39:30 | 000,981,780 | ---- | M] () -- C:\Documents and Settings\Chunky\Desktop\tdsskiller.zip [2010/07/01 11:38:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/06/30 18:12:04 | 000,033,148 | ---- | M] () -- C:\Documents and Settings\Chunky\Desktop\Inventory.docx [2010/06/20 17:10:29 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Chunky\Desktop\Spotify.lnk [2010/06/09 12:38:33 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/06/09 11:25:19 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK ========== Files Created - No Company Name ========== [2010/07/03 08:58:09 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010/07/03 08:57:58 | 000,260,272 | ---- | C] () -- C:\cmldr [2010/07/03 08:45:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/07/03 08:45:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/07/03 08:45:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/07/03 08:45:52 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/07/03 08:45:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/07/02 20:49:13 | 003,725,496 | R--- | C] () -- C:\Documents and Settings\Chunky\Desktop\Combo-Fix.exe [2010/07/02 20:42:26 | 000,981,780 | ---- | C] () -- C:\Documents and Settings\Chunky\Desktop\tdsskiller.zip [2010/06/29 11:22:18 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/06/27 16:12:49 | 000,033,148 | ---- | C] () -- C:\Documents and Settings\Chunky\Desktop\Inventory.docx [2010/06/24 22:35:03 | 003,993,600 | ---- | C] () -- C:\Documents and Settings\Chunky\ntuser.dat [2010/06/20 17:10:29 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Chunky\Desktop\Spotify.lnk [2010/06/13 14:31:07 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job [2009/04/20 10:57:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll [2009/02/01 21:24:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2008/08/12 19:56:57 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2008/08/12 19:56:57 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll ========== LOP Check ========== [2010/04/12 12:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2009/01/24 00:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier [2009/10/20 15:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chunky\Application Data\.GrapplingHookDemo [2009/11/27 01:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chunky\Application Data\AVG9 [2010/07/03 13:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chunky\Application Data\Dropbox [2008/08/24 12:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chunky\Application Data\SecondLife [2010/06/24 23:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chunky\Application Data\Spotify [2009/12/04 03:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chunky\Application Data\Stellarium [2010/06/10 16:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chunky\Application Data\uTorrent [2010/07/03 13:46:29 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008/08/12 21:42:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008/08/12 21:42:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\AGP440.SYS < MD5 for: ATAPI.SYS > [2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/08/12 21:42:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/08/12 21:42:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: IASTOR.SYS > [2005/04/25 16:28:14 | 000,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\dell\iastor\iastor.sys < MD5 for: NETLOGON.DLL > [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: NVATABUS.SYS > [2005/05/17 23:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys [2005/05/17 23:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\drivers\NvAtaBus.sys < MD5 for: SCECLI.DLL > [2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < End of report >

New ComboFix.txt ---------------------------- ComboFix 10-07-01.02 - Chunky 03/07/2010 13:23:12.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.636 [GMT 1:00] Running from: c:\documents and settings\Chunky\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Chunky\Desktop\CFScript.txt AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Chunky\Application Data\Onotzy c:\documents and settings\Chunky\Application Data\Urydi c:\documents and settings\Chunky\Application Data\Urydi\ryyte.tmp . ((((((((((((((((((((((((( Files Created from 2010-06-03 to 2010-07-03 ))))))))))))))))))))))))))))))) . 2010-07-01 11:24 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-01 11:24 . 2010-07-01 11:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-01 11:24 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-29 07:08 . 2010-06-29 07:08 69232 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-25 07:27 . 2010-06-25 07:27 -------- d-----w- c:\windows\system32\wbem\Repository 2010-06-25 07:20 . 2010-06-25 07:20 -------- d-----w- c:\documents and settings\Chunky\Local Settings\Application Data\PCHealth 2010-06-25 07:20 . 2010-06-25 07:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2010-06-20 16:10 . 2010-06-24 22:59 -------- d-----w- c:\documents and settings\Chunky\Local Settings\Application Data\Spotify 2010-06-20 16:10 . 2010-06-24 22:59 -------- d-----w- c:\documents and settings\Chunky\Application Data\Spotify 2010-06-20 16:10 . 2010-06-20 16:10 655360 ----a-w- c:\documents and settings\Chunky\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll 2010-06-20 16:10 . 2010-06-20 16:10 282624 ----a-w- c:\documents and settings\Chunky\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll 2010-06-20 16:10 . 2010-06-20 16:10 208896 ----a-w- c:\documents and settings\Chunky\Application Data\Spotify\Gracenote\gnsdk_dsp.dll 2010-06-20 16:10 . 2010-06-20 16:10 -------- d-----w- c:\program files\Spotify 2010-06-17 10:22 . 2010-06-17 10:22 -------- d-----w- c:\documents and settings\Chunky\Local Settings\Application Data\Bit Computing 2010-06-09 09:14 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-07 17:10 . 2010-06-07 17:10 -------- d-----w- c:\program files\Foxit Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-03 12:16 . 2010-01-02 14:46 -------- d-----w- c:\documents and settings\Chunky\Application Data\Dropbox 2010-07-02 19:54 . 2004-08-04 12:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-07-02 17:21 . 2009-01-04 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-07-01 10:38 . 2010-04-21 07:43 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-29 07:08 . 2010-04-12 12:08 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-06-23 00:13 . 2009-07-21 20:57 -------- d-----w- c:\documents and settings\Chunky\Application Data\vlc 2010-06-10 15:53 . 2010-04-26 19:09 -------- d-----w- c:\documents and settings\Chunky\Application Data\uTorrent 2010-06-09 10:25 . 2008-08-12 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-06-05 00:56 . 2009-02-09 21:28 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-01 19:34 . 2010-06-01 19:34 503808 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-54817dde-n\msvcp71.dll 2010-06-01 19:34 . 2010-06-01 19:34 499712 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-54817dde-n\jmc.dll 2010-06-01 19:34 . 2010-06-01 19:34 348160 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-54817dde-n\msvcr71.dll 2010-06-01 19:34 . 2010-06-01 19:34 61440 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-24eb3439-n\decora-sse.dll 2010-06-01 19:34 . 2010-06-01 19:34 12800 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-24eb3439-n\decora-d3d.dll 2010-06-01 17:37 . 2010-04-12 12:10 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-18 23:24 . 2010-04-26 19:10 -------- d-----w- c:\program files\uTorrent 2010-05-09 22:53 . 2009-01-04 15:36 -------- d-----w- c:\program files\Google 2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 10:48 . 2010-04-20 10:48 503808 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2b516f6b-n\msvcp71.dll 2010-04-20 10:48 . 2010-04-20 10:48 499712 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2b516f6b-n\jmc.dll 2010-04-20 10:48 . 2010-04-20 10:48 348160 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2b516f6b-n\msvcr71.dll 2010-04-20 10:48 . 2010-04-20 10:48 61440 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5ec28388-n\decora-sse.dll 2010-04-20 10:48 . 2010-04-20 10:48 12800 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5ec28388-n\decora-d3d.dll 2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-13 18:10 . 2010-04-13 18:10 152576 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2010-04-13 18:10 . 2010-04-12 12:08 79488 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-04-12 16:29 . 2010-04-20 10:48 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-12 16:29 . 2008-08-12 20:12 69232 ----a-w- c:\documents and settings\Chunky\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-11 16:36 . 2010-04-11 16:36 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-04-11 16:36 . 2010-04-11 16:36 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys 2010-04-11 16:36 . 2010-04-11 16:36 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys 2010-04-11 16:32 . 2010-01-02 14:46 91696 ----a-w- c:\documents and settings\Chunky\Application Data\Dropbox\bin\Uninstall.exe 2010-04-11 16:31 . 2010-04-11 16:31 13264416 ----a-w- c:\documents and settings\Chunky\Application Data\Dropbox\cache\Dropbox-update-0.7.110.exe 2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((( SnapShot@2010-07-03_08.03.42 ))))))))))))))))))))))))))))))))))))))))) . + 2010-07-03 12:16 . 2010-07-03 12:16 16384 c:\windows\Temp\Perflib_Perfdata_7e8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Chunky\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Chunky\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Chunky\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 344064] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] c:\documents and settings\Chunky\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Chunky\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Documents and Settings\\Chunky\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [12/08/2008 21:05 92550] S2 gupdate1c985eb53826ce0;Google Update Service (gupdate1c985eb53826ce0);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2009 11:36 133104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-07-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-04 17:49] 2010-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 10:36] 2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 10:36] 2010-07-03 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: motive.com\pbttbc.bt FF - ProfilePath - c:\documents and settings\Chunky\Application Data\Mozilla\Firefox\Profiles\i6qwppnv.default\ FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/ ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-07-03 13:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(668) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll . Completion time: 2010-07-03 13:29:28 ComboFix-quarantined-files.txt 2010-07-03 12:29 ComboFix2.txt 2010-07-03 08:05 Pre-Run: 22,370,041,856 bytes free Post-Run: 22,359,855,104 bytes free - - End Of File - - 0871E0342639E1CD57A1FB2A0F3413C3

Here it is...ComboFix.txt ------------------------------------- ComboFix 10-07-01.02 - Chunky 03/07/2010 9:00.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.624 [GMT 1:00] Running from: c:\documents and settings\Chunky\Desktop\Combo-Fix.exe AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ((((((((((((((((((((((((( Files Created from 2010-06-03 to 2010-07-03 ))))))))))))))))))))))))))))))) . 2010-07-01 11:24 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-01 11:24 . 2010-07-01 11:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-01 11:24 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-29 07:08 . 2010-06-29 07:08 69232 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-25 07:27 . 2010-06-25 07:27 -------- d-----w- c:\windows\system32\wbem\Repository 2010-06-25 07:20 . 2010-06-25 07:20 -------- d-----w- c:\documents and settings\Chunky\Local Settings\Application Data\PCHealth 2010-06-25 07:20 . 2010-06-25 07:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2010-06-20 16:10 . 2010-06-24 22:59 -------- d-----w- c:\documents and settings\Chunky\Local Settings\Application Data\Spotify 2010-06-20 16:10 . 2010-06-24 22:59 -------- d-----w- c:\documents and settings\Chunky\Application Data\Spotify 2010-06-20 16:10 . 2010-06-20 16:10 655360 ----a-w- c:\documents and settings\Chunky\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll 2010-06-20 16:10 . 2010-06-20 16:10 282624 ----a-w- c:\documents and settings\Chunky\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll 2010-06-20 16:10 . 2010-06-20 16:10 208896 ----a-w- c:\documents and settings\Chunky\Application Data\Spotify\Gracenote\gnsdk_dsp.dll 2010-06-20 16:10 . 2010-06-20 16:10 -------- d-----w- c:\program files\Spotify 2010-06-17 10:22 . 2010-06-17 10:22 -------- d-----w- c:\documents and settings\Chunky\Local Settings\Application Data\Bit Computing 2010-06-09 09:14 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-07 17:10 . 2010-06-07 17:10 -------- d-----w- c:\program files\Foxit Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-03 07:57 . 2010-01-02 14:46 -------- d-----w- c:\documents and settings\Chunky\Application Data\Dropbox 2010-07-02 19:54 . 2004-08-04 12:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-07-02 17:21 . 2009-01-04 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-07-01 12:33 . 2010-03-05 01:48 -------- d-----w- c:\documents and settings\Chunky\Application Data\Urydi 2010-07-01 12:32 . 2009-04-11 23:54 -------- d-----w- c:\documents and settings\Chunky\Application Data\Onotzy 2010-07-01 10:38 . 2010-04-21 07:43 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-29 07:08 . 2010-04-12 12:08 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-06-23 00:13 . 2009-07-21 20:57 -------- d-----w- c:\documents and settings\Chunky\Application Data\vlc 2010-06-10 15:53 . 2010-04-26 19:09 -------- d-----w- c:\documents and settings\Chunky\Application Data\uTorrent 2010-06-09 10:25 . 2008-08-12 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-06-05 00:56 . 2009-02-09 21:28 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-01 19:34 . 2010-06-01 19:34 503808 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-54817dde-n\msvcp71.dll 2010-06-01 19:34 . 2010-06-01 19:34 499712 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-54817dde-n\jmc.dll 2010-06-01 19:34 . 2010-06-01 19:34 348160 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-54817dde-n\msvcr71.dll 2010-06-01 19:34 . 2010-06-01 19:34 61440 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-24eb3439-n\decora-sse.dll 2010-06-01 19:34 . 2010-06-01 19:34 12800 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-24eb3439-n\decora-d3d.dll 2010-06-01 17:37 . 2010-04-12 12:10 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-18 23:24 . 2010-04-26 19:10 -------- d-----w- c:\program files\uTorrent 2010-05-09 22:53 . 2009-01-04 15:36 -------- d-----w- c:\program files\Google 2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 10:48 . 2010-04-20 10:48 503808 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2b516f6b-n\msvcp71.dll 2010-04-20 10:48 . 2010-04-20 10:48 499712 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2b516f6b-n\jmc.dll 2010-04-20 10:48 . 2010-04-20 10:48 348160 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2b516f6b-n\msvcr71.dll 2010-04-20 10:48 . 2010-04-20 10:48 61440 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5ec28388-n\decora-sse.dll 2010-04-20 10:48 . 2010-04-20 10:48 12800 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5ec28388-n\decora-d3d.dll 2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-13 18:10 . 2010-04-13 18:10 152576 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2010-04-13 18:10 . 2010-04-12 12:08 79488 ----a-w- c:\documents and settings\Chunky\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-04-12 16:29 . 2010-04-20 10:48 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-12 16:29 . 2008-08-12 20:12 69232 ----a-w- c:\documents and settings\Chunky\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-11 16:36 . 2010-04-11 16:36 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-04-11 16:36 . 2010-04-11 16:36 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys 2010-04-11 16:36 . 2010-04-11 16:36 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys 2010-04-11 16:32 . 2010-01-02 14:46 91696 ----a-w- c:\documents and settings\Chunky\Application Data\Dropbox\bin\Uninstall.exe 2010-04-11 16:31 . 2010-04-11 16:31 13264416 ----a-w- c:\documents and settings\Chunky\Application Data\Dropbox\cache\Dropbox-update-0.7.110.exe 2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Chunky\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Chunky\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Chunky\Application Data\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 344064] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] c:\documents and settings\Chunky\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Chunky\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Documents and Settings\\Chunky\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [12/08/2008 21:05 92550] S2 gupdate1c985eb53826ce0;Google Update Service (gupdate1c985eb53826ce0);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2009 11:36 133104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-07-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-04 17:49] 2010-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 10:36] 2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 10:36] 2010-07-03 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: motive.com\pbttbc.bt FF - ProfilePath - c:\documents and settings\Chunky\Application Data\Mozilla\Firefox\Profiles\i6qwppnv.default\ FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/ FF - plugin: c:\documents and settings\Chunky\Application Data\Mozilla\Firefox\Profiles\i6qwppnv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npBTEmailConfig.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . . ------- File Associations ------- . .txt= . - - - - ORPHANS REMOVED - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKCU-Run-AdobeBridge - (no file) HKCU-Run-TimeTrack Task - c:\documents and settings\Chunky\My Documents\Temp\timetrack.exe HKLM-Run-COMODO Firewall Pro - c:\program files\COMODO\Firewall\cfp.exe SafeBoot-klmdb.sys ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-07-03 09:03 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(668) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(2280) c:\windows\system32\WININET.dll c:\documents and settings\Chunky\Application Data\Dropbox\bin\DropboxExt.13.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-07-03 09:05:36 ComboFix-quarantined-files.txt 2010-07-03 08:05 Pre-Run: 21,592,268,800 bytes free Post-Run: 22,382,325,760 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - F19AD829040B753FB9785B43A8C2DA67

Well, I think I'd like to follow both options :) Since this is a second-hand laptop, missing it's installation CDs, I think I'll need to contact MS to get hold of replacement media for the reinstall. In the meantime, I'd like to follow the cleanup process you suggest, as much out of interest as anything (and subject to your caveat of course). Thanks to the linux machine I can assign non-risk activity to the laptop until it gets wiped. The issue of identity and financial information has been addressed. Question - You suggest disabling antivirus/antispyware tools before using ComboFix. I have not figured out how to disable MS Security Essentials. Is it sufficient to turn off the real-time protection? Here is the TDSSKIller.txt ---------------------------------------- 20:52:14:567 1772 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49 20:52:14:567 1772 ================================================================================ 20:52:14:567 1772 SystemInfo: 20:52:14:567 1772 OS Version: 5.1.2600 ServicePack: 3.0 20:52:14:567 1772 Product type: Workstation 20:52:14:567 1772 ComputerName: 9FDD52CB 20:52:14:567 1772 UserName: Chunky 20:52:14:567 1772 Windows directory: C:\WINDOWS 20:52:14:567 1772 System windows directory: C:\WINDOWS 20:52:14:567 1772 Processor architecture: Intel x86 20:52:14:567 1772 Number of processors: 1 20:52:14:567 1772 Page size: 0x1000 20:52:14:567 1772 Boot type: Normal boot 20:52:14:567 1772 ================================================================================ 20:52:14:927 1772 Initialize success 20:52:14:927 1772 20:52:14:927 1772 Scanning Services ... 20:52:15:428 1772 Raw services enum returned 320 services 20:52:15:438 1772 20:52:15:438 1772 Scanning Drivers ... 20:52:16:199 1772 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 20:52:16:259 1772 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 20:52:16:319 1772 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 20:52:16:409 1772 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 20:52:16:459 1772 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 20:52:16:590 1772 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 20:52:16:770 1772 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 20:52:16:830 1772 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 20:52:16:950 1772 ati2mtag (246248aada156450be611eceaa5fe033) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 20:52:17:150 1772 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 20:52:17:211 1772 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 20:52:17:321 1772 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 20:52:17:441 1772 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 20:52:17:521 1772 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 20:52:17:581 1772 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys 20:52:17:691 1772 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys 20:52:17:771 1772 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys 20:52:17:821 1772 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys 20:52:17:892 1772 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 20:52:17:992 1772 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 20:52:18:072 1772 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 20:52:18:122 1772 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 20:52:18:172 1772 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys 20:52:18:232 1772 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 20:52:18:282 1772 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 20:52:18:382 1772 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 20:52:18:442 1772 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 20:52:18:563 1772 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 20:52:18:663 1772 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 20:52:18:743 1772 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 20:52:18:803 1772 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 20:52:18:843 1772 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 20:52:18:913 1772 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 20:52:18:953 1772 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 20:52:18:993 1772 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 20:52:19:093 1772 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 20:52:19:193 1772 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 20:52:19:243 1772 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 20:52:19:304 1772 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 20:52:19:364 1772 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 20:52:19:504 1772 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 20:52:19:594 1772 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS 20:52:19:824 1772 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 20:52:20:615 1772 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 20:52:20:716 1772 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 20:52:20:766 1772 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 20:52:20:826 1772 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 20:52:20:876 1772 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 20:52:20:966 1772 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 20:52:21:016 1772 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 20:52:21:106 1772 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 20:52:21:176 1772 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 20:52:21:256 1772 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 20:52:21:306 1772 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 20:52:21:357 1772 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 20:52:21:407 1772 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 20:52:21:477 1772 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys 20:52:21:527 1772 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 20:52:21:577 1772 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 20:52:21:717 1772 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 20:52:21:807 1772 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 20:52:21:857 1772 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 20:52:21:937 1772 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 20:52:21:987 1772 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 20:52:22:038 1772 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 20:52:22:118 1772 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 20:52:22:268 1772 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 20:52:22:358 1772 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 20:52:22:428 1772 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 20:52:22:498 1772 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 20:52:22:558 1772 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 20:52:22:618 1772 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 20:52:22:678 1772 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 20:52:22:739 1772 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 20:52:22:809 1772 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 20:52:22:859 1772 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 20:52:22:899 1772 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 20:52:22:979 1772 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 20:52:23:019 1772 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 20:52:23:059 1772 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 20:52:23:099 1772 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 20:52:23:169 1772 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 20:52:23:249 1772 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 20:52:23:299 1772 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 20:52:23:369 1772 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 20:52:23:419 1772 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 20:52:23:470 1772 OZSCR (ab2b07ac4afd38f574d903eaf9e98a60) C:\WINDOWS\system32\DRIVERS\ozscr.sys 20:52:23:520 1772 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 20:52:23:580 1772 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 20:52:23:620 1772 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 20:52:23:700 1772 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 20:52:23:800 1772 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys 20:52:23:840 1772 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 20:52:23:950 1772 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 20:52:23:990 1772 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 20:52:24:070 1772 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 20:52:24:141 1772 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 20:52:24:261 1772 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 20:52:24:321 1772 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 20:52:24:371 1772 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 20:52:24:421 1772 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 20:52:24:471 1772 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 20:52:24:521 1772 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 20:52:24:601 1772 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 20:52:24:691 1772 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 20:52:24:761 1772 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys 20:52:24:832 1772 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 20:52:24:882 1772 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 20:52:24:912 1772 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 20:52:24:982 1772 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 20:52:25:042 1772 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 20:52:25:102 1772 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 20:52:25:192 1772 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 20:52:25:282 1772 STAC97 (5813d453ef8ce49d607c255cf128aceb) C:\WINDOWS\system32\drivers\stac97.sys 20:52:25:342 1772 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 20:52:25:402 1772 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 20:52:25:502 1772 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 20:52:25:583 1772 Tcpip (80c9acb727f808129c31537c4f4e687a) C:\WINDOWS\system32\DRIVERS\tcpip.sys 20:52:25:583 1772 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\tcpip.sys. Real md5: 80c9acb727f808129c31537c4f4e687a, Fake md5: 9aefa14bd6b182d61e3119fa5f436d3d 20:52:25:583 1772 File "C:\WINDOWS\system32\DRIVERS\tcpip.sys" infected by TDSS rootkit ... 20:52:25:723 1772 Backup copy found, using it.. 20:52:25:793 1772 will be cured on next reboot 20:52:25:913 1772 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 20:52:25:973 1772 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 20:52:26:033 1772 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 20:52:26:083 1772 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 20:52:26:264 1772 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 20:52:26:304 1772 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 20:52:26:364 1772 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 20:52:26:444 1772 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 20:52:26:524 1772 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 20:52:26:554 1772 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20:52:26:584 1772 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 20:52:26:734 1772 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 20:52:26:794 1772 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:52:26:874 1772 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 20:52:26:975 1772 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 20:52:27:075 1772 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 20:52:27:155 1772 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 20:52:27:165 1772 Reboot required for cure complete.. 20:52:27:736 1772 Cure on reboot scheduled successfully 20:52:27:736 1772 20:52:27:736 1772 Completed 20:52:27:736 1772 20:52:27:736 1772 Results: 20:52:27:736 1772 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 20:52:27:736 1772 File objects infected / cured / cured on reboot: 1 / 0 / 1 20:52:27:736 1772 20:52:27:736 1772 KLMD(ARK) unloaded successfully

yes, thanks

Thanks, I will read through the info you've supplied. One quick question: I am currently accessing the web through an old recycled linux desktop (kept for this very purpose). The 2 computers are not intentionally networked together, but do both connect to the internet through the same router, a BT Homehub. Do you think there is any risk that data sent from this linux machine could be compromised?

Hello Starbuck. Here's the MalwareBytes log: -------------------------------------------------- Malwarebytes' Anti-Malware 1.46 Malwarebytes Database version: 4263 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 01/07/2010 13:32:51 mbam-log-2010-07-01 (13-32-51).txt Scan type: Full scan (C:\|) Objects scanned: 171319 Time elapsed: 1 hour(s), 1 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 10 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportMgmtService.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportService.exe (Security.Hijack) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{0fe0428e-3d59-ca67-dc5a-7cbd68e94e0c} (Trojan.Zbot) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Chunky\Application Data\Onotzy\xioll.exe (Trojan.Zbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Chunky\Local Settings\Temp\8.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Chunky\Local Settings\Temp\tmp1c9235e5.exe (Trojan.Zbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Chunky\Local Settings\Temp\tmp3d1a5b73.exe (Trojan.Zbot) -> Quarantined and deleted successfully. C:\Documents and Settings\Chunky\Local Settings\Temp\24.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Chunky\Local Settings\Temp\tmp249f90da\rappino.exe (Backdoor.Poison) -> Quarantined and deleted successfully. C:\Documents and Settings\Chunky\Local Settings\Temp\tmpe23ff1f2\rappino.exe (Backdoor.Poison) -> Quarantined and deleted successfully. C:\Documents and Settings\Chunky\Local Settings\Temp\tmp919b92f8\rappino.exe (Trojan.Zbot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\26.tmp (Rootkit.TDSS.Gen) -> Delete on reboot. C:\WINDOWS\Temp\A.tmp (Rootkit.TDSS.Gen) -> Delete on reboot.

Hello, My system: Dell laptop running XP professional sp3 with Windows Firewall and MS Security Essentials. Immediate issue: Windows Firewall no longer starts automatically. When I try to start manually I get the message "could not start firewall / internet connection service (ICS). Error 2: The system cannot find the file specified." Context: Last week MSSE started finding malware. I cleaned it. It kept finding new malware. Today I got a browser hijack. A scan with MalwareBytes found 13 items (trojans, rootkits, backdoors, infected registry keys and values) - ouch! MalwareBytes requested a reboot in order to quarantine all items. Shutdown caused a hang and required power off. On reboot, I experienced the issue with the firewall. I appreciate any help. John