I was infected with Anti-Malware Doctor about two weeks ago. Pop-ups and ads for anti-malware software were coming up all over my screen. A quick Google search on the problem led me to a link that had a list of instructions that helped me fix the immediate problem. I downloaded Malwarebytes' Anti-Malware, ran the scan, then removed the infected files. This helped in getting rid of all of the pop-ups. But since then, my computer has been running slower. Every now and then, the desktop will randomly change its look (I'm running Windows XP) but I can still run everything, Internet, Word, etc. And I also get an error message that says something like: Generic Host Process 32, or something like that. I think my computer is still infected.

Also, I tried to put the DDS log in but whenever I pasted it, I keep getting an error message saying, "The Connection was Reset."

Hi,


Please Download Rootkit Unhooker (http://www.rootkit.com/vault/DiabloNova/RKUnhookerLE.EXE) Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF78DD000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1175552 bytes (Agere Systems, SoftModem Device Driver)
0xF8420000 kxgvqxlj.sys 794624 bytes
0xF7A20000 C:\WINDOWS\system32\drivers\smwdm.sys 598016 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF8325000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF06F000 C:\WINDOWS\System32\ialmdd5.DLL 483328 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xBA2FA000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7310000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xBA405000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB3B97000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xB3796000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF84F3000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xBF041000 C:\WINDOWS\System32\ialmdev5.DLL 188416 bytes (Intel Corporation, Component GHAL Driver)
0xB3CDE000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF82F8000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB3E03000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xBA36A000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBA3B7000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xBA3DF000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF7AE9000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 147456 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
0xF79FC000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF7B0D000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7AB2000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xBA395000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF01F000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF83C9000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF8401000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xED1CB000 C:\WINDOWS\system32\drivers\ialmsbw.sys 114688 bytes (Intel Corporation, Intel Graphics Platform (SoftBIOS) Driver for Windows 2000(R) & Windows XP(TM))
0xF82DE000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF83E9000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7B45000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 94208 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF83B2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF78C6000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB3E51000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xED1E7000 C:\WINDOWS\system32\drivers\ialmkchw.sys 81920 bytes (Intel Corporation, Intel Graphics Chipset (KCH) Driver for Windows 2000(R) & Windows XP(TM))
0xF7AD5000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7B31000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xBA45E000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF84E2000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF788D000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB5742000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF8722000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF85E2000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF8552000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xEBD57000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF8742000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8732000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xEBDB7000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF68CE000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8562000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF85A2000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF8702000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 53248 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF8752000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8582000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8772000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB9EA3000 C:\WINDOWS\System32\DRIVERS\srenum.sys 49152 bytes
0xEBD47000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF8712000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8572000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8762000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8542000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF75C2000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF87A2000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF8592000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF86F2000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF8782000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF8792000 C:\WINDOWS\system32\DRIVERS\ndisrd.sys 36864 bytes (NT Kernel Resources, NDISRD helper driver)
0xEBD67000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB3A47000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF85B2000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xEBD77000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8922000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF641A000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF88FA000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF8912000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF87C2000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF891A000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF8902000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF890A000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF88F2000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF642A000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF643A000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF6422000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF87CA000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8932000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF893A000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF892A000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB553D000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8A0A000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF8A22000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8952000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB55C0000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF89EE000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xECE75000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8ACE000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF8A88000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8A86000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8A46000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8A42000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8A8A000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8AAE000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8A8C000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8AD0000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8A50000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8A44000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8C82000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8B16000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xEB8A4000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8B0A000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x82283930 unknown_irp_handler 1744 bytes
!!!!!!!!!!!Hidden driver: 0x822E8AEA ?_empty_? 1302 bytes
!!!!!!!!!!!Hidden driver: 0x82388DE0 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF83E9000 WARNING: suspicious driver modification [atapi.sys::0x822E8AEA]
0xF8542000 WARNING: Virus alike driver modification [isapnp.sys], 40960 bytes
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\kxgvqxlj.sys]
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\setup\config.ini::$DATA
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BZ7X2YRZ\ad.afy11[1].net%2fad%3fc%3dUMYdasPHrkOXdJMeaaIhfOCk81r24eOMFKfu3fA1deE2lbTkwmYvx6N%2btqVCNanf3TttSRXB9Ey63Ztz9C4vCUNJLKAxgtT2toLzcyJKnz0%3d!;ord=26787418189
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BZ7X2YRZ\ad.afy11[1].net%2fad%3fc%3durcavE9qYESrvCwUYzO1o6U2pmx1iOLTVkl1s9odI3TuV9Rn5jkocBbUQDpg3LtzLHCs8Wq95WmdXl%2bTtI8qZ1YMYkk90JVrzX6iqJ4Aa2A%3d!;ord=18179504989
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JEDD4RIF\dref=http%253A%252F%252Forigin.candystand.com%252Fbanners%252Frotate[1].do%253Furi%253D%25252Fplay-random-game%25252Fmovie-star%2526region%253Dsquare_zone11
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\389J2XYA\kvseg%3D99999%3A53013%3A53020%3A53052%3A53058%3A53410%3A50280%3Bkr581%3D3829%3Bkvag%3Dam2%3Aua29%3Bkvug%3D1%3Bkp%3D12323%3Bnodecode%3Dyes%3Blink%3D;ord=279570909[1]2
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\PXUZIGWO\itime%3D533361155%3Bkvmn%3D93305241%3Bkvtid%3D15h17pv0o4ksfl%3Bkr581%3D3829%3Bkvag%3Dam2%3Aua30%3Bkvug%3D1%3Bkp%3D12323%3Bnodecode%3Dyes%3Blink%3D;ord=533361155[1]ndd
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\PXUZIGWO\kvseg%3D99999%3A53013%3A53020%3A53052%3A53058%3A53410%3A50280%3Bkr581%3D3829%3Bkvag%3Dam2%3Aua30%3Bkvug%3D1%3Bkp%3D12323%3Bnodecode%3Dyes%3Blink%3D;ord=788820991[1]dd
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\PXUZIGWO\ref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC_v2[1].adp%253Fmagic%253D93305241%2526width%253D234%2526height%253D60%2526sn%253DMBTheSecondd
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\PXUZIGWO\ref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC_v2[2].adp%253Fmagic%253D93305241%2526width%253D234%2526height%253D60%2526sn%253DMBTheSecondd
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\PXUZIGWO\ref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC_v2[3].adp%253Fmagic%253D93305241%2526width%253D234%2526height%253D60%2526sn%253DMBTheSecondd
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\PXUZIGWO\ref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC_v2[4].adp%253Fmagic%253D93305241%2526width%253D234%2526height%253D60%2526sn%253DMBTheSecondd
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\PXUZIGWO\ref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC_v2[5].adp%253Fmagic%253D93305241%2526width%253D234%2526height%253D60%2526sn%253DMBTheSecondd
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\PXUZIGWO\ref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC_v2[6].adp%253Fmagic%253D93305241%2526width%253D234%2526height%253D60%2526sn%253DMBTheSecondd
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\PXUZIGWO\ref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC_v2[7].adp%253Fmagic%253D93305241%2526width%253D234%2526height%253D60%2526sn%253DMBTheSecondd
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\PXUZIGWO\ref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC_v2[8].adp%253Fmagic%253D93305241%2526width%253D234%2526height%253D60%2526sn%253DMBTheSecondd
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\PXUZIGWO\ref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC_v2[9].adp%253Fmagic%253D93305241%2526width%253D234%2526height%253D60%2526sn%253DMBTheSecondd
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\XAXEU591\kvseg%3D99999%3A53013%3A53020%3A53052%3A53058%3A53410%3A50280%3Bkr581%3D3829%3Bkvag%3Dam2%3Aua29%3Bkvug%3D1%3Bkp%3D12323%3Bnodecode%3Dyes%3Blink%3D;ord=874390633[1]d
==============================================
>Hooks
==============================================
Key object-->ParseProcedure, Type: Kernel Object [unknown_code_page]
ntoskrnl.exe+0x00005B22, Type: Inline - RelativeJump 0x804DCB22-->804DCB29 [ntoskrnl.exe]
[1380]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1380]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1380]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1380]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[1380]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1380]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1380]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[308]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[308]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[308]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[308]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[308]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[308]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[308]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[308]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[308]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[308]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[308]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3264]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040C0E4-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0040C0E0-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0040C0B0-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x0040C0B8-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->shell32.dll-->gdi32.dll-->GetStockObject, Type: IAT modification 0x7C9C1134-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->AnimateWindow, Type: IAT modification 0x7C9C1D18-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->DefWindowProcA, Type: IAT modification 0x7C9C1D48-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->DefWindowProcW, Type: IAT modification 0x7C9C1EA4-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->GetSysColor, Type: IAT modification 0x7C9C1E3C-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->GetSysColorBrush, Type: IAT modification 0x7C9C1EE4-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->TrackPopupMenu, Type: IAT modification 0x7C9C1F90-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->TrackPopupMenuEx, Type: IAT modification 0x7C9C1D34-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->user32.dll-->DefWindowProcW, Type: IAT modification 0x0040C268-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->user32.dll-->gdi32.dll-->GetStockObject, Type: IAT modification 0x7E411130-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->user32.dll-->GetSysColor, Type: IAT modification 0x0040C2A4-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->user32.dll-->TrackPopupMenu, Type: IAT modification 0x0040C29C-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[580]igfxtray.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[580]igfxtray.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[580]igfxtray.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[580]igfxtray.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[580]igfxtray.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[580]igfxtray.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[580]igfxtray.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[580]igfxtray.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[580]igfxtray.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[580]igfxtray.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[580]igfxtray.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[580]igfxtray.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[580]igfxtray.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[580]igfxtray.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[580]igfxtray.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[580]igfxtray.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[580]igfxtray.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[604]hkcmd.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[604]hkcmd.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[604]hkcmd.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[604]hkcmd.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[604]hkcmd.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[604]hkcmd.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[604]hkcmd.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[604]hkcmd.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[604]hkcmd.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[604]hkcmd.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[604]hkcmd.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[604]hkcmd.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[604]hkcmd.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[604]hkcmd.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[604]hkcmd.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[604]hkcmd.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[604]hkcmd.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[628]jusched.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[628]jusched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[628]jusched.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[628]jusched.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[628]jusched.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[628]jusched.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[628]jusched.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[628]jusched.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[628]jusched.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[628]jusched.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[628]jusched.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[628]jusched.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[628]jusched.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[628]jusched.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[628]jusched.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[628]jusched.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[628]jusched.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[636]realsched.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[636]realsched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[636]realsched.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[636]realsched.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[636]realsched.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[636]realsched.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[636]realsched.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[636]realsched.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[636]realsched.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[636]realsched.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[636]realsched.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[636]realsched.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[636]realsched.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[636]realsched.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[636]realsched.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[636]realsched.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[636]realsched.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[680]ctfmon.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[680]ctfmon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[680]ctfmon.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[680]ctfmon.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[680]ctfmon.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[680]ctfmon.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[680]ctfmon.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[680]ctfmon.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[680]ctfmon.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[680]ctfmon.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[680]ctfmon.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[680]ctfmon.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[680]ctfmon.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[680]ctfmon.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[680]ctfmon.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[680]ctfmon.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[680]ctfmon.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[700]msmsgs.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[700]msmsgs.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[700]msmsgs.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[700]msmsgs.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[700]msmsgs.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[700]msmsgs.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[700]msmsgs.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[700]msmsgs.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[700]msmsgs.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[700]msmsgs.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[700]msmsgs.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[700]msmsgs.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[700]msmsgs.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[700]msmsgs.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[700]msmsgs.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[700]msmsgs.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[700]msmsgs.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]

Hi,

1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click
Start Scan
. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format).

Try to post contents of DDS logs (dds.txt & attach.txt) now.

There is one item found by TDSSKiller that does not have a "cure" option, but rather a "delete" option. Should I go ahead and delete that one? The other item does have a cure option.

Don't make any changes on that item that doesn't have cure option available.

2010/08/12 04:41:57.0484 TDSS rootkit removing tool 2.4.1.1 Aug 10 2010 14:48:09
2010/08/12 04:41:57.0484 ================================================================================
2010/08/12 04:41:57.0484 SystemInfo:
2010/08/12 04:41:57.0484
2010/08/12 04:41:57.0484 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/12 04:41:57.0484 Product type: Workstation
2010/08/12 04:41:57.0484 ComputerName: KINESIO
2010/08/12 04:41:57.0484 UserName: Waqar
2010/08/12 04:41:57.0484 Windows directory: C:\WINDOWS
2010/08/12 04:41:57.0484 System windows directory: C:\WINDOWS
2010/08/12 04:41:57.0484 Processor architecture: Intel x86
2010/08/12 04:41:57.0484 Number of processors: 2
2010/08/12 04:41:57.0484 Page size: 0x1000
2010/08/12 04:41:57.0484 Boot type: Normal boot
2010/08/12 04:41:57.0484 ================================================================================
2010/08/12 04:41:57.0562 Initialize success
2010/08/12 04:42:00.0265 ================================================================================
2010/08/12 04:42:00.0265 Scan started
2010/08/12 04:42:00.0265 Mode: Manual;
2010/08/12 04:42:00.0265 ================================================================================
2010/08/12 04:42:01.0343 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/12 04:42:01.0390 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/12 04:42:01.0468 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/08/12 04:42:01.0531 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/12 04:42:01.0593 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/12 04:42:01.0687 AgereSoftModem (f1a97570ea402493bcc22246e8141ae6) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/08/12 04:42:01.0890 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/12 04:42:02.0000 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/12 04:42:02.0046 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/12 04:42:02.0109 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/12 04:42:02.0156 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/12 04:42:02.0203 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/12 04:42:02.0281 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/12 04:42:02.0343 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/12 04:42:02.0406 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/12 04:42:02.0421 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/12 04:42:02.0625 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/12 04:42:02.0718 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/12 04:42:02.0765 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/12 04:42:02.0796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/12 04:42:02.0843 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/12 04:42:02.0921 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/12 04:42:02.0968 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/08/12 04:42:03.0046 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/12 04:42:03.0078 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/12 04:42:03.0109 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/12 04:42:03.0140 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/12 04:42:03.0187 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/12 04:42:03.0218 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/12 04:42:03.0250 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/12 04:42:03.0296 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/08/12 04:42:03.0359 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/12 04:42:03.0468 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/12 04:42:03.0546 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/12 04:42:03.0609 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/08/12 04:42:03.0640 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/12 04:42:03.0703 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/12 04:42:03.0734 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/12 04:42:03.0781 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/12 04:42:03.0843 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/12 04:42:03.0875 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/12 04:42:03.0921 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/12 04:42:03.0953 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/12 04:42:04.0000 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/12 04:42:04.0046 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\drivers\tsk9.tmp
2010/08/12 04:42:04.0046 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\tsk9.tmp. md5: 05a299ec56e52649b1cf2fc52d20f2d7
2010/08/12 04:42:04.0093 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/12 04:42:04.0140 klmdb (710f89af32b1acd8b008148e28584531) C:\WINDOWS\system32\drivers\klmdb.sys
2010/08/12 04:42:04.0203 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/12 04:42:04.0250 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/12 04:42:04.0265 Suspicious service (NoAccess): kxgvqxlj
2010/08/12 04:42:04.0328 kxgvqxlj (135c73fb45d9a6ad3c865fb942e340d6) C:\WINDOWS\system32\drivers\kxgvqxlj.sys
2010/08/12 04:42:04.0328 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\kxgvqxlj.sys. md5: 135c73fb45d9a6ad3c865fb942e340d6
2010/08/12 04:42:04.0343 kxgvqxlj - detected Locked service (1)
2010/08/12 04:42:04.0453 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/12 04:42:04.0515 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/12 04:42:04.0546 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/12 04:42:04.0562 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/12 04:42:04.0609 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/12 04:42:04.0687 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/12 04:42:04.0734 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/12 04:42:04.0781 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/12 04:42:04.0796 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/12 04:42:04.0828 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/12 04:42:04.0875 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/12 04:42:04.0937 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/12 04:42:05.0015 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/12 04:42:05.0093 ndisrd (1359b200974395679b092f1d5f63cfa9) C:\WINDOWS\system32\DRIVERS\ndisrd.sys
2010/08/12 04:42:05.0156 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/12 04:42:05.0187 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/12 04:42:05.0203 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/12 04:42:05.0250 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/12 04:42:05.0281 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/12 04:42:05.0328 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/12 04:42:05.0375 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/12 04:42:05.0421 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/12 04:42:05.0484 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/12 04:42:05.0546 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/12 04:42:05.0578 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/12 04:42:05.0593 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/12 04:42:05.0625 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/12 04:42:05.0687 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/12 04:42:05.0703 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/12 04:42:05.0734 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/12 04:42:05.0765 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/12 04:42:05.0828 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/12 04:42:05.0859 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/12 04:42:06.0093 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/12 04:42:06.0109 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/12 04:42:06.0156 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/12 04:42:06.0218 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/12 04:42:06.0359 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/12 04:42:06.0390 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/12 04:42:06.0421 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/12 04:42:06.0437 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/12 04:42:06.0484 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/12 04:42:06.0500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/12 04:42:06.0562 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/12 04:42:06.0625 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/12 04:42:06.0718 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/12 04:42:06.0765 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/08/12 04:42:06.0796 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/12 04:42:06.0906 smwdm (13739b36bd8d94d0fed7662aa7a4235d) C:\WINDOWS\system32\drivers\smwdm.sys
2010/08/12 04:42:07.0000 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/12 04:42:07.0078 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\drivers\sr.sys
2010/08/12 04:42:07.0140 srenum (bd679b08ddc9f5e28b0df812a4524a77) C:\WINDOWS\system32\DRIVERS\srenum.sys
2010/08/12 04:42:07.0218 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/12 04:42:07.0265 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/12 04:42:07.0281 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/12 04:42:07.0468 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/12 04:42:07.0515 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/12 04:42:07.0562 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/12 04:42:07.0593 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/12 04:42:07.0609 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/12 04:42:07.0687 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/12 04:42:07.0765 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/12 04:42:07.0828 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/08/12 04:42:07.0875 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/12 04:42:07.0890 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/12 04:42:07.0953 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/12 04:42:08.0000 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/12 04:42:08.0046 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/12 04:42:08.0062 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/12 04:42:08.0140 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/12 04:42:08.0187 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/12 04:42:08.0281 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/12 04:42:08.0421 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/12 04:42:08.0453 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/12 04:42:08.0531 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2010/08/12 04:42:08.0578 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2010/08/12 04:42:08.0609 ================================================================================
2010/08/12 04:42:08.0609 Scan finished
2010/08/12 04:42:08.0609 ================================================================================
2010/08/12 04:42:08.0625 Detected object count: 1
2010/08/12 04:42:23.0531 Locked service(kxgvqxlj) - User select action: Skip
2010/08/12 04:42:34.0468 ================================================================================
2010/08/12 04:42:34.0468 Scan started
2010/08/12 04:42:34.0468 Mode: Manual;
2010/08/12 04:42:34.0468 ================================================================================
2010/08/12 04:42:34.0984 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/12 04:42:35.0031 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/12 04:42:35.0093 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/08/12 04:42:35.0156 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/12 04:42:35.0218 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/12 04:42:35.0312 AgereSoftModem (f1a97570ea402493bcc22246e8141ae6) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/08/12 04:42:35.0453 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/12 04:42:35.0562 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/12 04:42:35.0609 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/12 04:42:35.0671 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/12 04:42:35.0703 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/12 04:42:35.0750 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/12 04:42:35.0812 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/12 04:42:35.0875 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/12 04:42:35.0937 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/12 04:42:35.0953 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/12 04:42:36.0140 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/12 04:42:36.0203 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/12 04:42:36.0250 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/12 04:42:36.0281 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/12 04:42:36.0328 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/12 04:42:36.0406 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/12 04:42:36.0453 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/08/12 04:42:36.0500 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/12 04:42:36.0531 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/12 04:42:36.0562 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/12 04:42:36.0578 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/12 04:42:36.0625 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/12 04:42:36.0656 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/12 04:42:36.0687 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/12 04:42:36.0734 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/08/12 04:42:36.0765 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/12 04:42:36.0859 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/12 04:42:36.0937 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/12 04:42:37.0000 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/08/12 04:42:37.0015 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/12 04:42:37.0078 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/12 04:42:37.0140 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/12 04:42:37.0187 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/12 04:42:37.0218 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/12 04:42:37.0250 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/12 04:42:37.0281 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/12 04:42:37.0312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/12 04:42:37.0359 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/12 04:42:37.0406 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\drivers\tsk9.tmp
2010/08/12 04:42:37.0406 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\tsk9.tmp. md5: 05a299ec56e52649b1cf2fc52d20f2d7
2010/08/12 04:42:37.0453 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/12 04:42:37.0484 klmdb (710f89af32b1acd8b008148e28584531) C:\WINDOWS\system32\drivers\klmdb.sys
2010/08/12 04:42:37.0546 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/12 04:42:37.0593 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/12 04:42:37.0609 Suspicious service (NoAccess): kxgvqxlj
2010/08/12 04:42:37.0671 kxgvqxlj (135c73fb45d9a6ad3c865fb942e340d6) C:\WINDOWS\system32\drivers\kxgvqxlj.sys
2010/08/12 04:42:37.0671 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\kxgvqxlj.sys. md5: 135c73fb45d9a6ad3c865fb942e340d6
2010/08/12 04:42:37.0687 kxgvqxlj - detected Locked service (1)
2010/08/12 04:42:37.0781 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/12 04:42:37.0843 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/12 04:42:37.0875 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/12 04:42:37.0890 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/12 04:42:37.0937 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/12 04:42:38.0046 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/12 04:42:38.0093 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/12 04:42:38.0187 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/12 04:42:38.0203 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/12 04:42:38.0234 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/12 04:42:38.0281 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/12 04:42:38.0296 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/12 04:42:38.0328 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/12 04:42:38.0390 ndisrd (1359b200974395679b092f1d5f63cfa9) C:\WINDOWS\system32\DRIVERS\ndisrd.sys
2010/08/12 04:42:38.0421 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/12 04:42:38.0453 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/12 04:42:38.0468 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/12 04:42:38.0500 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/12 04:42:38.0515 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/12 04:42:38.0546 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/12 04:42:38.0593 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/12 04:42:38.0625 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/12 04:42:38.0671 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/12 04:42:38.0734 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/12 04:42:38.0765 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/12 04:42:38.0781 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/12 04:42:38.0843 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/12 04:42:38.0859 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/12 04:42:38.0890 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/12 04:42:38.0906 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/12 04:42:38.0937 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/12 04:42:39.0015 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/12 04:42:39.0046 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/12 04:42:39.0312 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/12 04:42:39.0343 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/12 04:42:39.0390 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/12 04:42:39.0421 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/12 04:42:39.0578 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/12 04:42:39.0609 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/12 04:42:39.0640 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/12 04:42:39.0671 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/12 04:42:39.0703 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/12 04:42:39.0734 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/12 04:42:39.0796 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/12 04:42:39.0828 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/12 04:42:39.0937 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/12 04:42:39.0984 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/08/12 04:42:40.0015 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/12 04:42:40.0109 smwdm (13739b36bd8d94d0fed7662aa7a4235d) C:\WINDOWS\system32\drivers\smwdm.sys
2010/08/12 04:42:40.0218 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/12 04:42:40.0265 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\drivers\sr.sys
2010/08/12 04:42:40.0312 srenum (bd679b08ddc9f5e28b0df812a4524a77) C:\WINDOWS\system32\DRIVERS\srenum.sys
2010/08/12 04:42:40.0390 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/12 04:42:40.0437 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/12 04:42:40.0468 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/12 04:42:40.0609 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/12 04:42:40.0671 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/12 04:42:40.0703 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/12 04:42:40.0734 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/12 04:42:40.0781 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/12 04:42:40.0875 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/12 04:42:40.0953 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/12 04:42:41.0031 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/08/12 04:42:41.0078 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/12 04:42:41.0093 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/12 04:42:41.0156 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/12 04:42:41.0203 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/12 04:42:41.0234 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/12 04:42:41.0265 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/12 04:42:41.0312 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/12 04:42:41.0359 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/12 04:42:41.0453 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/12 04:42:41.0578 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/12 04:42:41.0609 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/12 04:42:41.0671 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2010/08/12 04:42:41.0703 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2010/08/12 04:42:41.0734 ================================================================================
2010/08/12 04:42:41.0734 Scan finished
2010/08/12 04:42:41.0734 ================================================================================
2010/08/12 04:42:41.0750 Detected object count: 1
2010/08/12 04:42:43.0781 Locked service(kxgvqxlj) - User select action: Skip

As you can see, I have posted the TDSSKiller log but I am still having the same problems with the DDS and Attach logs. I can't copy and paste them; I get the "Connection was Reset" page. And the same thing happens if I try to upload them as attachments.

The other item does have a cure option.
I don't see any other detected items there. What item were you talking about? Please run TDSSKiller again and let it quarantine (or delete if quarantine is not available) the item skipped on previous run.

For some reason, I don't know why, I ran TDSSKiller again and no threats were found.

Hi,

Remove DDS related lines from both dds.txt and attach.txt log header part and try to copy-paste rest of the contents here. If that doesn't work let me know if you have other system you can use to post the logs.

Run by Waqar at 4:44:59.17 on Thu 08/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.181 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Waqar\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: moigh Object: {4fd1746b-6b0c-4761-8138-7677f99d0315} - c:\windows\system32\qiwgp.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [BitComet] "c:\program files\bitcomet\BitComet.exe" /tray
uRun: [{3E22F618-7EBF-DAD1-F566-648CEB8CC750}] "c:\documents and settings\waqar\application data\luuds\kuet.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [sta] rundll32 "uiwgp.dll",,Run
dRun: [Udusis] rundll32.exe "c:\windows\kbdbgsi.dll",Startup
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247800031515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\waqar\applic~1\mozilla\firefox\profiles\orf8mrek.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101046100&s=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\waqar\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
FF - HiddenExtension: Adobe Flash Plugin: No Registry Reference - c:\program files\mozilla firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R2 srenum;srenum;c:\windows\system32\drivers\srenum.sys [2010-8-8 46976]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2010-8-8 20480]
S3 3B38C503;3B38C503;c:\windows\system32\3B38C503.exe [2010-8-11 6656]
UnknownUnknown klmd24;klmd24; [x]

=============== Created Last 30 ================

2010-08-12 08:29:30 70608 ----a-w- c:\windows\system32\drivers\klmdb.sys
2010-08-12 08:29:30 37248 ----a-w- c:\windows\system32\drivers\tsk9.tmp
2010-08-11 21:47:09 6656 ----a-w- c:\windows\system32\3B38C503.exe
2010-08-09 04:11:33 0 d-----w- c:\docume~1\waqar\applic~1\Street-Ads
2010-08-09 04:11:33 0 d-----w- c:\docume~1\waqar\applic~1\Sky-Banners
2010-08-08 22:18:37 46976 ----a-w- c:\windows\system32\drivers\srenum.sys
2010-08-08 22:18:37 4128 ----a-w- c:\windows\system32\msrun.exe
2010-08-08 22:18:25 20480 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2010-07-26 21:27:20 0 d-----w- c:\docume~1\waqar\applic~1\Malwarebytes
2010-07-26 21:26:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 21:26:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-26 21:26:46 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 21:26:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-26 21:09:48 2767 ----a-w- c:\windows\ilavesaz.dll
2010-07-26 21:09:37 768000 ----a-w- c:\windows\system32\drivers\kxgvqxlj.sys
2010-07-26 21:06:38 5 ----a-w- C:\zrpt.xml
2010-07-26 21:06:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Update
2010-07-26 21:06:27 0 d-----w- c:\docume~1\waqar\applic~1\5E184C8E1602A42187F2A0BF820911F1
2010-07-16 04:18:18 246784 ----a-w- c:\windows\system32\qiwgp.dll
2010-07-14 05:00:07 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

==================== Find3M ====================

2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 4:46:36.59 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/16/2009 10:37:12 PM
System Uptime: 8/12/2010 4:23:55 AM (0 hours ago)

Motherboard: ASUSTek Computer Inc. | | P4SD-VL
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | CPU 1 | 2793/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 132.996 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

AAC Decoder
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Agere Systems AC'97 Modem
AIM 7
AIM Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Bonjour
Combined Community Codec Pack 2008-09-21 16:18
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Download Updater (AOL LLC)
Free RAR Extract Frog 1.00
H.264 Decoder
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
iTunes
Java(TM) 6 Update 14
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Move Media Player
Mozilla Firefox (3.5.11)
MSN
QuickTime
RealPlayer
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Street-Ads Browser Enhancer
thriXXX 3DSexVilla2-084.001
thriXXX WebLaunch
Times Reader
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

8/9/2010 6:01:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
8/9/2010 5:57:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
8/9/2010 5:57:22 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2010 5:57:22 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2010 5:57:22 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2010 5:57:22 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2010 5:57:22 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2010 5:57:22 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2010 5:56:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/9/2010 5:56:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/5/2010 10:31:14 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
8/5/2010 10:31:14 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================

Good. Let's continue :)

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

I can ComboFix and a log was even produced but when the computer re-booted afterwards, I found that I could no longer access the Internet. Every time I open a browser, Mozilla says, "Server not found." And my desktop picture was changed when the computer re-booted. Internet Explorer doesn't even work. When I opened the log that ComboFix produced, I found some Mozilla files deleted. I don't have the log on me right now since I am typing this reply from a different computer. What should I do?

Hi,

Could you transfer logs via removable drive and post them from system that has network access working, please?

ComboFix 10-08-15.01 - Waqar 08/16/2010 0:52.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.358 [GMT -4:00]
Running from: c:\documents and settings\Waqar\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Update\seupd.exe
c:\documents and settings\LocalService\Application Data\Sky-Banners
c:\documents and settings\LocalService\Application Data\Street-Ads
c:\documents and settings\Waqar\Application Data\5E184C8E1602A42187F2A0BF820911F1
c:\documents and settings\Waqar\Application Data\5E184C8E1602A42187F2A0BF820911F1\enemies-names.txt
c:\documents and settings\Waqar\Application Data\5E184C8E1602A42187F2A0BF820911F1\local.ini
c:\documents and settings\Waqar\Application Data\5E184C8E1602A42187F2A0BF820911F1\lsrslt.ini
c:\documents and settings\Waqar\Application Data\Luuds
c:\documents and settings\Waqar\Application Data\Luuds\kuet.exe
c:\documents and settings\Waqar\Application Data\Sky-Banners
c:\documents and settings\Waqar\Application Data\Street-Ads
c:\documents and settings\Waqar\Start Menu\Programs\Antimalware Doctor
c:\documents and settings\Waqar\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\documents and settings\Waqar\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\windows\$NtUninstallMTF1011$
c:\windows\$NtUninstallMTF1011$\apUninstall.exe
c:\windows\$NtUninstallMTF1011$\zrpt.xml
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\ilavesaz.dll
c:\windows\kbdbgsi.dll
c:\windows\system32\drivers\ndisrd.sys
c:\windows\system32\drivers\srenum.sys
c:\windows\system32\msrun.exe
c:\windows\system32\qiwgp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_ATAPIDRV
-------\Service_ndisrd
-------\Legacy_srenum
-------\Service_srenum


((((((((((((((((((((((((( Files Created from 2010-07-16 to 2010-08-16 )))))))))))))))))))))))))))))))
.

2010-08-13 22:51 . 2010-08-13 22:51 -------- d-----w- c:\documents and settings\Waqar\Application Data\BitComet
2010-08-11 21:47 . 2010-08-11 21:47 6656 ----a-w- c:\windows\system32\3B38C503.exe
2010-08-08 22:18 . 2010-08-08 22:18 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-08-08 22:18 . 2010-08-08 22:18 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AIM Toolbar
2010-08-08 22:18 . 2010-08-09 21:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\dsitjkcbc
2010-08-07 23:23 . 2010-08-15 20:15 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-08-01 04:59 . 2010-08-01 04:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-07-28 00:15 . 2010-07-28 00:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-26 23:28 . 2010-07-26 23:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-26 21:27 . 2010-07-26 21:27 -------- d-----w- c:\documents and settings\Waqar\Application Data\Malwarebytes
2010-07-26 21:26 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 21:26 . 2010-07-26 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 21:26 . 2010-07-26 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-26 21:26 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-26 21:08 . 2010-07-26 21:31 -------- d-----w- c:\documents and settings\Waqar\Local Settings\Application Data\exbnwpfwf
2010-07-26 21:08 . 2010-07-26 21:08 -------- d-----w- c:\documents and settings\Waqar\Local Settings\Application Data\{116E1CDE-1499-4068-BEE3-3C0DB2E07A0D}
2010-07-26 21:06 . 2010-07-26 21:31 -------- d-----w- c:\documents and settings\Waqar\Local Settings\Application Data\gygbthdjk
2010-07-26 21:06 . 2010-08-16 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 04:51 . 2009-07-17 22:14 -------- d-----w- c:\program files\BitComet
2010-08-12 09:22 . 2006-02-28 12:00 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-08-12 02:25 . 2009-10-27 00:12 -------- d-----w- c:\documents and settings\Waqar\Application Data\Oply
2010-07-01 01:58 . 2010-07-01 01:57 -------- d-----w- c:\program files\iTunes
2010-07-01 01:58 . 2010-07-01 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-01 01:57 . 2010-07-01 01:57 -------- d-----w- c:\program files\iPod
2010-07-01 01:57 . 2009-07-17 03:57 -------- d-----w- c:\program files\Common Files\Apple
2010-07-01 01:54 . 2010-01-03 02:52 -------- d-----w- c:\program files\QuickTime
2010-07-01 01:51 . 2010-07-01 01:51 -------- d-----w- c:\program files\Bonjour
2010-07-01 01:45 . 2010-07-01 01:45 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-30 12:31 . 2006-02-28 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2006-02-28 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-02-28 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-02-28 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-07-17 02:33 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-05-22 19:35 . 2010-05-22 19:35 503808 ----a-w- c:\documents and settings\Waqar\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7424c877-n\msvcp71.dll
2010-05-22 19:35 . 2010-05-22 19:35 499712 ----a-w- c:\documents and settings\Waqar\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7424c877-n\jmc.dll
2010-05-22 19:35 . 2010-05-22 19:35 348160 ----a-w- c:\documents and settings\Waqar\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7424c877-n\msvcr71.dll
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-07 114688]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 88363]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-26 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-29 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26439:TCP"= 26439:TCP:BitComet 26439 TCP
"26439:UDP"= 26439:UDP:BitComet 26439 UDP

S3 3B38C503;3B38C503;c:\windows\system32\3B38C503.exe [8/11/2010 5:47 PM 6656]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
FF - ProfilePath - c:\documents and settings\Waqar\Application Data\Mozilla\Firefox\Profiles\orf8mrek.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101046100&s=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\Waqar\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
HKCU-Run-{3E22F618-7EBF-DAD1-F566-648CEB8CC750} - c:\documents and settings\Waqar\Application Data\Luuds\kuet.exe
HKLM-Run-sta - uiwgp.dll
HKU-Default-Run-Udusis - c:\windows\kbdbgsi.dll
SafeBoot-klmdb.sys
AddRemove-$NtUninstallMTF1011$ - c:\windows\$NtUninstallMTF1011$\apUninstall.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3592)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-08-16 01:08:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-16 05:08

Pre-Run: 140,500,664,320 bytes free
Post-Run: 143,118,917,632 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - D67879B736817A88F5C651F622D7682C

Just posted the ComboFix log. I can't find DDS on my computer and so can't run it.

I have an update. While I was using my flash drive to paste the ComboFix log on another computer, I research the problem I had with Internet connectivity and found a download called "WinsockXP." I downloaded the program to my flash drive, ran it on my computer and the Internet now works.

I spoke too soon. About an hour after I ran the WinsockXP program, Antimalware Doctor (the original problem) showed up again and it seems my computer is still infected. Also, the Internet connection has been cut off again and Winsock won't work again. I run it and it won't reboot my Internet connection.

Hi,

Don't try to fix internet connection while we're working on this since you can post logs from other system. By connecting half clean system to internet you likely reinfect it and we are back to square one.

Run ComboFix & dds again and transfer their logs to system that has internet access. Post back the log contents.

ComboFix 10-08-15.01 - Waqar 08/17/2010 1:27.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.222 [GMT -4:00]
Running from: c:\documents and settings\Waqar\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-17 00:20 . 2010-08-17 00:20 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-16 23:13 . 2010-08-16 23:13 120 ----a-w- c:\windows\Ocawinuyozew.dat
2010-08-16 23:13 . 2010-08-16 23:13 0 ----a-w- c:\windows\Cmehukuhoxaj.bin
2010-08-16 22:55 . 2010-08-16 22:55 1440768 ----a-w- c:\documents and settings\Waqar\Application Data\Mozilla\Firefox\Profiles\orf8mrek.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
2010-08-16 22:20 . 2010-08-16 22:20 -------- d-----w- c:\documents and settings\Waqar\Local Settings\Application Data\{116E1CDE-1499-4068-BEE3-3C0DB2E07A0D}
2010-08-16 22:07 . 2010-08-16 22:20 -------- d-----w- C:\RECYCLER(2)
2010-08-13 22:51 . 2010-08-13 22:51 -------- d-----w- c:\documents and settings\Waqar\Application Data\BitComet
2010-08-11 21:47 . 2010-08-11 21:47 6656 ----a-w- c:\windows\system32\3B38C503.exe
2010-08-08 22:18 . 2010-08-08 22:18 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-08-08 22:18 . 2010-08-08 22:18 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AIM Toolbar
2010-08-08 22:18 . 2010-08-09 21:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\dsitjkcbc
2010-08-07 23:23 . 2010-08-15 20:15 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-08-01 04:59 . 2010-08-01 04:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-07-28 00:15 . 2010-07-28 00:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-26 23:28 . 2010-07-26 23:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-26 21:27 . 2010-07-26 21:27 -------- d-----w- c:\documents and settings\Waqar\Application Data\Malwarebytes
2010-07-26 21:26 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 21:26 . 2010-07-26 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 21:26 . 2010-07-26 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-26 21:26 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-26 21:08 . 2010-07-26 21:31 -------- d-----w- c:\documents and settings\Waqar\Local Settings\Application Data\exbnwpfwf
2010-07-26 21:06 . 2010-07-26 21:31 -------- d-----w- c:\documents and settings\Waqar\Local Settings\Application Data\gygbthdjk
2010-07-26 21:06 . 2010-08-17 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 01:13 . 2009-07-17 22:14 -------- d-----w- c:\program files\BitComet
2010-08-12 09:22 . 2006-02-28 12:00 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-08-12 02:25 . 2009-10-27 00:12 -------- d-----w- c:\documents and settings\Waqar\Application Data\Oply
2010-07-01 01:58 . 2010-07-01 01:57 -------- d-----w- c:\program files\iTunes
2010-07-01 01:58 . 2010-07-01 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-01 01:57 . 2010-07-01 01:57 -------- d-----w- c:\program files\iPod
2010-07-01 01:57 . 2009-07-17 03:57 -------- d-----w- c:\program files\Common Files\Apple
2010-07-01 01:54 . 2010-01-03 02:52 -------- d-----w- c:\program files\QuickTime
2010-07-01 01:51 . 2010-07-01 01:51 -------- d-----w- c:\program files\Bonjour
2010-07-01 01:45 . 2010-07-01 01:45 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-30 12:31 . 2006-02-28 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2006-02-28 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-02-28 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-02-28 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-07-17 02:33 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-05-22 19:35 . 2010-05-22 19:35 503808 ----a-w- c:\documents and settings\Waqar\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7424c877-n\msvcp71.dll
2010-05-22 19:35 . 2010-05-22 19:35 499712 ----a-w- c:\documents and settings\Waqar\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7424c877-n\jmc.dll
2010-05-22 19:35 . 2010-05-22 19:35 348160 ----a-w- c:\documents and settings\Waqar\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7424c877-n\msvcr71.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 . 0969330117EF0858059D1284566D13B5 . 361600 . . [------] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-08-16_05.06.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-17 05:16 . 2010-08-17 05:16 16384 c:\windows\Temp\Perflib_Perfdata_748.dat
+ 2010-08-16 22:20 . 2010-08-17 00:20 13256 c:\windows\system32\Restore\rstrlog.dat
+ 2006-02-28 12:00 . 2008-04-14 00:12 34699 c:\windows\system32\hlp.dat
+ 2009-07-17 02:38 . 2010-08-16 23:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-17 02:38 . 2009-07-17 03:37 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-17 02:38 . 2010-08-16 23:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-07-17 02:38 . 2009-07-17 03:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-02-28 12:00 . 2008-04-14 00:12 74240 c:\windows\kbdbgsi.dll
+ 2006-02-28 12:00 . 2008-04-14 00:12 206848 c:\windows\uqedehipenoxok.dll
+ 2010-08-16 05:26 . 2010-08-16 05:26 811008 c:\windows\system32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-07 114688]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 88363]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-26 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-29 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
itowym.exe [2010-8-9 133120]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

S3 3B38C503;3B38C503;c:\windows\system32\3B38C503.exe [8/11/2010 5:47 PM 6656]

--- Other Services/Drivers In Memory ---

*Deregistered* - klmdb
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\documents and settings\Waqar\Application Data\Mozilla\Firefox\Profiles\orf8mrek.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101053100&s=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Waqar\Application Data\Mozilla\Firefox\Profiles\orf8mrek.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\documents and settings\Waqar\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101053100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-17 01:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1668)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-17 01:33:11
ComboFix-quarantined-files.txt 2010-08-17 05:33
ComboFix2.txt 2010-08-17 03:19
ComboFix3.txt 2010-08-16 05:34
ComboFix4.txt 2010-08-16 05:08

Pre-Run: 141,937,188,864 bytes free
Post-Run: 141,930,901,504 bytes free

- - End Of File - - CC903C581666E7CA5254FC907C61158A

Run by Waqar at 8:17:59.76 on Tue 08/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.258 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
F:\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.6.22.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.6.22.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247800031515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\waqar\applic~1\mozilla\firefox\profiles\orf8mrek.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101053100&s=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\waqar\application data\mozilla\firefox\profiles\orf8mrek.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\documents and settings\waqar\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
FF - HiddenExtension: Adobe Flash Plugin: No Registry Reference - c:\program files\mozilla firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101053100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

S3 3B38C503;3B38C503;c:\windows\system32\3B38C503.exe [2010-8-11 6656]

=============== Created Last 30 ================

2010-08-17 00:20:34 0 d-----w- c:\windows\system32\wbem\Repository
2010-08-16 23:13:52 120 ----a-w- c:\windows\Ocawinuyozew.dat
2010-08-16 23:13:52 0 ----a-w- c:\windows\Cmehukuhoxaj.bin
2010-08-16 22:07:21 0 d-----w- C:\RECYCLER(2)
2010-08-16 04:43:45 0 d-sha-r- C:\cmdcons
2010-08-16 04:38:07 98816 ----a-w- c:\windows\sed.exe
2010-08-16 04:38:07 77312 ----a-w- c:\windows\MBR.exe
2010-08-16 04:38:07 256512 ----a-w- c:\windows\PEV.exe
2010-08-16 04:38:07 161792 ----a-w- c:\windows\SWREG.exe
2010-08-13 22:51:57 0 d-----w- c:\docume~1\waqar\applic~1\BitComet
2010-08-11 21:47:09 6656 ----a-w- c:\windows\system32\3B38C503.exe
2010-07-26 21:27:20 0 d-----w- c:\docume~1\waqar\applic~1\Malwarebytes
2010-07-26 21:26:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 21:26:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-26 21:26:46 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 21:26:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-26 21:06:38 5 ----a-w- C:\zrpt.xml
2010-07-26 21:06:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Update

==================== Find3M ====================

2010-08-12 09:22:52 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

============= FINISH: 8:18:22.51 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/16/2009 10:37:12 PM
System Uptime: 8/17/2010 8:12:48 AM (0 hours ago)

Motherboard: ASUSTek Computer Inc. | | P4SD-VL
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | CPU 1 | 2793/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 132.202 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WinpkFilter Miniport
Device ID: ROOT\NT_NDISRDMP\0000
Manufacturer: NTKR
Name: Intel(R) PRO/100 VE Network Connection - WinpkFilter Miniport
PNP Device ID: ROOT\NT_NDISRDMP\0000
Service: Ndisrd

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WinpkFilter Miniport
Device ID: ROOT\NT_NDISRDMP\0001
Manufacturer: NTKR
Name: WAN Miniport (IP) - WinpkFilter Miniport
PNP Device ID: ROOT\NT_NDISRDMP\0001
Service: Ndisrd

==== System Restore Points ===================

RP1: 8/16/2010 7:56:25 PM - System Checkpoint
RP2: 8/16/2010 8:19:58 PM - Restore Operation

==== Installed Programs ======================

AAC Decoder
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Agere Systems AC'97 Modem
AIM 7
AIM Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
BitComet 1.22
Bonjour
Combined Community Codec Pack 2008-09-21 16:18
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Download Updater (AOL LLC)
Free RAR Extract Frog 1.00
H.264 Decoder
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
iTunes
Java(TM) 6 Update 14
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Move Media Player
Mozilla Firefox (3.5.11)
MSN
QuickTime
RealPlayer
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
thriXXX 3DSexVilla2-084.001
thriXXX WebLaunch
Times Reader
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

8/17/2010 12:44:50 AM, error: Service Control Manager [7001] - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The operation completed successfully.
8/17/2010 12:44:49 AM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
8/17/2010 12:28:17 AM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The specified driver is invalid.
8/17/2010 12:28:17 AM, error: Service Control Manager [7000] - The TCP/IP Protocol Driver service failed to start due to the following error: The specified driver is invalid.
8/17/2010 12:28:14 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Tcpip
8/17/2010 12:28:14 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The specified driver is invalid.
8/17/2010 12:28:14 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2010 12:28:14 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2010 12:28:14 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2010 12:28:14 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2010 12:28:14 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2010 12:26:18 AM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
8/17/2010 1:16:59 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde Tcpip
8/17/2010 1:14:55 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================

Hi again,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitComet


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


After that:

Open notepad and copy/paste the text in the quotebox below into it:



Driver::
3B38C503
DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.6.22.dll
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.6.22.dll/206
File::
c:\windows\Ocawinuyozew.dat
c:\windows\Cmehukuhoxaj.bin
c:\windows\system32\3B38C503.exe
c:\documents and settings\Default User\Start Menu\Programs\Startup\itowym.exe
c:\windows\kbdbgsi.dll
c:\windows\uqedehipenoxok.dll
Folder::
c:\documents and settings\Waqar\Application Data\BitComet
c:\program files\BitComet
DirLook::
c:\documents and settings\LocalService\Local Settings\Application Data\dsitjkcbc
c:\documents and settings\Waqar\Local Settings\Application Data\exbnwpfwf
c:\documents and settings\Waqar\Local Settings\Application Data\gygbthdjk
c:\documents and settings\All Users\Application Data\Update
c:\documents and settings\Waqar\Application Data\Oply
Rootkit::
c:\windows\win32k.sys
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one with updates (9.3 and updates 9.3.2 & 9.3.3) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 21 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

ComboFix 10-08-15.01 - Waqar 08/17/2010 18:02:39.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.312 [GMT -4:00]
Running from: c:\documents and settings\Waqar\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Waqar\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\Default User\Start Menu\Programs\Startup\itowym.exe"
"c:\windows\Cmehukuhoxaj.bin"
"c:\windows\kbdbgsi.dll"
"c:\windows\Ocawinuyozew.dat"
"c:\windows\system32\3B38C503.exe"
"c:\windows\uqedehipenoxok.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Default User\Start Menu\Programs\Startup\itowym.exe
c:\documents and settings\Waqar\Application Data\BitComet
c:\documents and settings\Waqar\Application Data\BitComet\fav\download-complete.wav
c:\documents and settings\Waqar\Application Data\BitComet\fav\fav_bg.xml
c:\documents and settings\Waqar\Application Data\BitComet\fav\fav_ca.xml
c:\documents and settings\Waqar\Application Data\BitComet\fav\fav_de.xml
c:\documents and settings\Waqar\Application Data\BitComet\fav\fav_el.xml
c:\documents and settings\Waqar\Application Data\BitComet\fav\fav_en_us.xml
c:\documents and settings\Waqar\Application Data\BitComet\fav\fav_es.xml
c:\documents and settings\Waqar\Application Data\BitComet\fav\fav_fi.xml
c:\documents and settings\Waqar\Application Data\BitComet\fav\fav_he.xml
c:\documents and settings\Waqar\Application Data\BitComet\fav\fav_hu.xml
c:\documents and settings\Waqar\Application Data\BitComet\fav\fav_it.xml
c:\documents and settings\Waqar\Application Data\BitComet\fav\fav_ja.xml
c:\documents and settings\Waqar\Application Data\BitComet\fav\fav_ko.xml
c:\documents and settings\Waqar\Application Data\BitComet\fav\fav_lv.xml
c:\documents and settings\Waqar\Application Data\BitComet\fav\fav_nl.xml
c:\documents and settings\Waqar\Application Data\BitComet\fav\fav_pl.xml
c:\documents and settings\Waqar\Application Data\BitComet\fav\fav_pt.xml
c:\documents and settings\Waqar\Application Data\BitComet\fav\fav_pt_br.xml
c:\documents and settings\Waqar\Application Data\BitComet\fav\fav_ru.xml
c:\documents and settings\Waqar\Application Data\BitComet\fav\fav_sl.xml
c:\documents and settings\Waqar\Application Data\BitComet\fav\fav_th.xml
c:\documents and settings\Waqar\Application Data\BitComet\fav\fav_uk.xml
c:\documents and settings\Waqar\Application Data\BitComet\fav\fav_vi.xml
c:\documents and settings\Waqar\Application Data\BitComet\fav\fav_zh_cn.xml
c:\documents and settings\Waqar\Application Data\BitComet\fav\fav_zh_tw.xml
c:\documents and settings\Waqar\Application Data\BitComet\fav\HowTo-AddYourSite.txt
c:\documents and settings\Waqar\Application Data\BitComet\fav\passport_info_en_us.mht
c:\documents and settings\Waqar\Application Data\BitComet\fav\passport_info_en_us.mht.bak
c:\documents and settings\Waqar\Application Data\BitComet\fav\passport_info_zh_cn.mht
c:\documents and settings\Waqar\Application Data\BitComet\fav\passport_info_zh_tw.mht
c:\documents and settings\Waqar\Application Data\BitComet\fav\passport_login_en_us.mht
c:\documents and settings\Waqar\Application Data\BitComet\fav\passport_login_zh_cn.mht
c:\documents and settings\Waqar\Application Data\BitComet\fav\passport_login_zh_tw.mht
c:\program files\BitComet
c:\program files\BitComet\archive\001ea5db51fab8c0ee6a625c0d3da61e9ced7608.torrent
c:\program files\BitComet\archive\0037fd122a31de37d8668bb6d7b67aad4e05ea14.torrent
c:\program files\BitComet\archive\01801ddf496315b5468eab98d71077f7127d5def.torrent
c:\program files\BitComet\archive\02fba11c61cdebfd84dd4079e0f5adc08a00fd77.torrent
c:\program files\BitComet\archive\053ee5a67a9094cfbfbe22f1c4668ccb3e7e6b7d.torrent
c:\program files\BitComet\archive\054654a5f27bc549af59da6ce7495e877301053f.torrent
c:\program files\BitComet\archive\05c42a55c8e8dabbcabffdde9f81806b753379d5.torrent
c:\program files\BitComet\archive\05e3452e4a29e59ea01a573a64cc5e376cb61a21.torrent
c:\program files\BitComet\archive\069bc02aaeeccf33f7fd77f907c45d479acde98f.torrent
c:\program files\BitComet\archive\06fdc65470f577c06ad9568235a81c23b639533e.torrent
c:\program files\BitComet\archive\074bcd2c9d1cdec2f05bad0318849faa1b1765d4.torrent
c:\program files\BitComet\archive\078c12e9d1c687c5ae23f0933daa13b29ce3a046.torrent
c:\program files\BitComet\archive\07df3741e91c5772f9571b2d9025aedc46848937.torrent
c:\program files\BitComet\archive\089ae1305825c1590c6936768563962581ce5b30.torrent
c:\program files\BitComet\archive\0a3e7251711b12df8365a319b769fb2a5dcc95b3.torrent
c:\program files\BitComet\archive\0a6cab6c47ec3c84ff88330890ba6b1b43a60b54.torrent
c:\program files\BitComet\archive\0b8a0abd1926e5f0e8fbe161ca34199d1986dca7.torrent
c:\program files\BitComet\archive\0ba1bad74cb4896122d0ba81f86ab7c1c94e6108.torrent
c:\program files\BitComet\archive\0c2caf26b8dad4b4191b763f2e409aa3c1ab700d.torrent
c:\program files\BitComet\archive\0c37449d9635d65ce1bd73b8eed7eae62f8d1f39.torrent
c:\program files\BitComet\archive\0c43b8a1b3a6d973b8ae1d734a3925cb21d174f0.torrent
c:\program files\BitComet\archive\0cd5f674e9251c079bdfcca76a5b1dfc7bd487e5.torrent
c:\program files\BitComet\archive\0cf7106ee3d6ae8feaafab07b6400cbc7347c6d8.torrent
c:\program files\BitComet\archive\0e5d1a896cd68b3849b30365bd4d9ed0c36cc7e2.torrent
c:\program files\BitComet\archive\0e78247de758d17bff857cdc56f49554d1580125.torrent
c:\program files\BitComet\archive\0fe6edcf5b0726806749de161e004913eb544c42.torrent
c:\program files\BitComet\archive\102b09c6cae9d85b73610ac2116e3981fb416d84.torrent
c:\program files\BitComet\archive\10b0fdc6df2493558cec99d915ce3f37e62f40f7.torrent
c:\program files\BitComet\archive\10fd6b6758106cd0033e41b5e00458b188aac023.torrent
c:\program files\BitComet\archive\129b2e10b4ea519c28cd581e03289f5fef0c2212.torrent
c:\program files\BitComet\archive\13401105b35f09f59e7fd05e5c51e09c9fbf109e.torrent
c:\program files\BitComet\archive\13d21aa95f2b05fcc28722d34708607ae01a916d.torrent
c:\program files\BitComet\archive\147aabad2a91dc6cd3f2da32c3da7e4c356969e5.torrent
c:\program files\BitComet\archive\156d32538231e948a356b73d97bad214877f5219.torrent
c:\program files\BitComet\archive\15df6c3f394cc051f4aed91848738beb85c4f63a.torrent
c:\program files\BitComet\archive\15f737306b0cdd144cb5d60ba998ad4f34b120c9.torrent
c:\program files\BitComet\archive\1626a1335d597758bc6e913a577639261495f9ed.torrent
c:\program files\BitComet\archive\1770891a8c23484afcbd3efebaffb994957b870c.torrent
c:\program files\BitComet\archive\1785aeb6946eb1c9805e8f25d130dadfa747f6ae.torrent
c:\program files\BitComet\archive\17a707e7c7e16d1e989fec2bba0b19f795d383d0.torrent
c:\program files\BitComet\archive\1896cda403b98a161cc27431df26620e62143929.torrent
c:\program files\BitComet\archive\18e99ed14007e0a7189d2aa62e2a5f2f1ec0e7f2.torrent
c:\program files\BitComet\archive\19259d35520c9e1ed34d29b265dcc50f3f18ea37.torrent
c:\program files\BitComet\archive\193b8e64fb72246d8931c7f7e860af9f8e495e70.torrent
c:\program files\BitComet\archive\1ad7f87265df3c5b111e8a3a56863f865c843d74.torrent
c:\program files\BitComet\archive\1c85cad0f1584047e380c54822bd6f73e341c04f.torrent
c:\program files\BitComet\archive\1d90054bc5c2fe46539e5c69382475958e9c759a.torrent
c:\program files\BitComet\archive\1e0379676f5eb6809282bf0464d992ddde059ffa.torrent
c:\program files\BitComet\archive\20cbc87cff262c25fc4034f7d69c6a4c7535fd6f.torrent
c:\program files\BitComet\archive\2194147f1c4b3824ecb0a7c2aa1d0a768372cd33.torrent
c:\program files\BitComet\archive\2272aa4cc6326c9391f6975ff57f8a18c16bd5f8.torrent
c:\program files\BitComet\archive\227409a3eaba83b04fc04f4608d6792cd036a0dd.torrent
c:\program files\BitComet\archive\22747bf878cb1bbc371bbd6e38f0172efc03632a.torrent
c:\program files\BitComet\archive\22a6636a675671177202ad09f3aa89125726cfe9.torrent
c:\program files\BitComet\archive\2372f75cebf11e931ea92f6b7e381e0a395a529d.torrent
c:\program files\BitComet\archive\23b1055c73701d683326ca766a8b6908be99c9d4.torrent
c:\program files\BitComet\archive\23d72d79b0c27c925e6fc73a7667f4e392eedc10.torrent
c:\program files\BitComet\archive\240201f1f6f513c94aa048dcb059438a83aa9e37.torrent
c:\program files\BitComet\archive\2403fc0a3782f523d3d6f3bf5091a6997f2196d3.torrent
c:\program files\BitComet\archive\24059a54e107430611e462ee0d183126a566c105.torrent
c:\program files\BitComet\archive\241ba895850cd5a67dc59c4ae9112b4a4fcc3e77.torrent
c:\program files\BitComet\archive\2439e2243a0e7ec5e8989d026947bc295601753a.torrent
c:\program files\BitComet\archive\25247a8a532f0e488a0069a0923a1bf8698d3deb.torrent
c:\program files\BitComet\archive\254897694d00b5cbfc0975768874ff1d8001ea42.torrent
c:\program files\BitComet\archive\256e2ac8a4f59759622f8c53f876094a6179b5c3.torrent
c:\program files\BitComet\archive\26fcac6abad57a8f81e0da6d06e014a97812220a.torrent
c:\program files\BitComet\archive\270f72bba94bb90c7820ee3d16acb7eecf4a5e88.torrent
c:\program files\BitComet\archive\272e7fc628fa167e83c4aca364c0ec0306ef53cd.torrent
c:\program files\BitComet\archive\2813697ac8ee4100132dddebab65ebf4d594ee39.torrent
c:\program files\BitComet\archive\29c8469436b78eddb1f70af1083604477d05c428.torrent
c:\program files\BitComet\archive\29ca591b0dd9cca8681046f0bd8ccfa673d6440a.torrent
c:\program files\BitComet\archive\2ac7956f6d81bf4bf48b642058d31912479d8d8e.torrent
c:\program files\BitComet\archive\2b0e98263a863f6051ffaccc7d0b1ccab98ed095.torrent
c:\program files\BitComet\archive\2b8e6755218dff51ca57fd69cee44f44a0e5ea6d.torrent
c:\program files\BitComet\archive\2b9c450cefbd907f1d7d0e0f27c88f770f3a0c1c.torrent
c:\program files\BitComet\archive\2be7fdbdce64888dce4ebfc5712b7c06a5e11c65.torrent
c:\program files\BitComet\archive\2c52dfd5a10b680c46aa32328c781b857bc523f0.torrent
c:\program files\BitComet\archive\2cf15e6bf8d9817ce8fdce2121a88a2450b2c9ca.torrent
c:\program files\BitComet\archive\2db3a0906837e1a0c492edc9ef78fd3c17304589.torrent
c:\program files\BitComet\archive\2ed9c348559b8f741dedc2ddbf035b8d1879f378.torrent
c:\program files\BitComet\archive\2f0948acfdc4bf2e51ecfb77a4ffac0cfa32b4d7.torrent
c:\program files\BitComet\archive\2f218b955fefad867b49e97dca4a6cab6bcc029c.torrent
c:\program files\BitComet\archive\2fdcc660e031c9be1adc282ea7361aa9a205ec1a.torrent
c:\program files\BitComet\archive\3082eaef1c3ebfeb0a7b67538a1500f87c7950b5.torrent
c:\program files\BitComet\archive\30b89efa3533f7a42b5511c9f2693d868e769be5.torrent
c:\program files\BitComet\archive\30e9cf4eb6cd49bc804b5a07b5f5020987ff9c65.torrent
c:\program files\BitComet\archive\311ffa44c21750773b5494a3af40f9e8bc3c30d9.torrent
c:\program files\BitComet\archive\31f4c3dfb32374007274ece05a76389aaa69ca16.torrent
c:\program files\BitComet\archive\32619fc5797b6dff2416cab56f644c07a2588036.torrent
c:\program files\BitComet\archive\327dd7bd7476b4f8e084bfefb09815a02386f8f9.torrent
c:\program files\BitComet\archive\3285e5d9fedd8e950ea061606cc35d376da2a075.torrent
c:\program files\BitComet\archive\32a3998aab90a7b7fbf9d16016946699848a8380.torrent
c:\program files\BitComet\archive\32d73ae1968c73bc36a7a44f969915ef493a4391.torrent
c:\program files\BitComet\archive\337023cdd8d3919f7574875c45a4dc67af9127ed.torrent
c:\program files\BitComet\archive\33b1a2637e13ea3de68cbac0e0cc3ee6886a19e2.torrent
c:\program files\BitComet\archive\348683738a4438d253f5e324ae7d7fc8ff470d80.torrent
c:\program files\BitComet\archive\36299fed28ac43af7d57b5e9f089adb02eae5c53.torrent
c:\program files\BitComet\archive\363a8e7517c85b09bedef3b8aecb9495bfee1fbd.torrent
c:\program files\BitComet\archive\36afa581b8772d98190427bfc5f39ae258dfc6d8.torrent
c:\program files\BitComet\archive\36ef13fbfe349b9679fe46c3f26d2c0fce6bfeba.torrent
c:\program files\BitComet\archive\37201c9d219dff90e98270a66d9b0c44ea700596.torrent
c:\program files\BitComet\archive\37cb9de885a24e91f651a6b2a5f1717246c73503.torrent
c:\program files\BitComet\archive\37e874c9f8c01cdae924ee9b7ab10e7b5b19514a.torrent
c:\program files\BitComet\archive\383d0b2fdb67cb9a80e65f68382f3a0da286f3b3.torrent
c:\program files\BitComet\archive\3af9938a00ccc1cb5d3db36c796cd19d53572dc9.torrent
c:\program files\BitComet\archive\3be2b5d1e103849439e9dd5574e316992d302a6a.torrent
c:\program files\BitComet\archive\3c962e34edf5380d2fd876ee16b036d340b1239d.torrent
c:\program files\BitComet\archive\3df963e1c62b3db51f3f075b446ed07e6e11ed90.torrent
c:\program files\BitComet\archive\3ed3fa4b185b4c56b180a56e4919cd3e82c8d057.torrent
c:\program files\BitComet\archive\3f174d2052c10e14ab632f6d97b60cac98098dcf.torrent
c:\program files\BitComet\archive\3f94bed18e5d15b43c245c17c8652f9200e8dcb9.torrent
c:\program files\BitComet\archive\3faa7cb1c8a159b932ed915e93f2e0580b319bbf.torrent
c:\program files\BitComet\archive\410d8bfb80f0a9789898aeba35e7360c5062bfed.torrent
c:\program files\BitComet\archive\41c6472214b85c1ad00a71f57bea8c06777d2b1c.torrent
c:\program files\BitComet\archive\43fd3f8d8acc1499686c369a83b8ba3f556a988e.torrent
c:\program files\BitComet\archive\4413445dadced2d3407abc48966c3a85667484aa.torrent
c:\program files\BitComet\archive\44943e2c2552a9c8f39c2555bcbf30b452723b89.torrent
c:\program files\BitComet\archive\4590efcc89cfea1b789e35f0ba1188fc3d511e2a.torrent
c:\program files\BitComet\archive\466d3249acadb6967c5ff96eff3ba92c593974b0.torrent
c:\program files\BitComet\archive\46e32f38c67b5f376faab1bc048e1f8ea4a9d470.torrent
c:\program files\BitComet\archive\4700cede6af6ad52e88fe543c96d7feda82dea4c.torrent
c:\program files\BitComet\archive\47121a918de0a496ab2a19eda3a7be9417650ad2.torrent
c:\program files\BitComet\archive\481bb8261015133e676503b4f6aeca1ff3304917.torrent
c:\program files\BitComet\archive\48205fd86dcf7b29fb9ae448c42e04a9928545a1.torrent
c:\program files\BitComet\archive\4832bfab40a1c7643886a3766c0392a9129bb07b.torrent
c:\program files\BitComet\archive\48382f113e09bb350da5a278a1a19ba817a988ab.torrent
c:\program files\BitComet\archive\49871e73510e72a173bbc656ca2e0897694773ca.torrent
c:\program files\BitComet\archive\4a1088eb7fb4f378864ed6a39e2a43de20c38e76.torrent
c:\program files\BitComet\archive\4a509088bbd3a36df8d4a123ba76be6fbb88e32c.torrent
c:\program files\BitComet\archive\4a5dfdbdfadb8280cf1e547fd2e3f9b8b07d2f01.torrent
c:\program files\BitComet\archive\4a733fe9309a9a45449dda93b534740d927bd994.torrent
c:\program files\BitComet\archive\4b3a068d98f619bf0b0d9bd5b86f19f1ea12c195.torrent
c:\program files\BitComet\archive\4b56cfdf43b618dcfb71009c24dd6437f9dccb82.torrent
c:\program files\BitComet\archive\4b9054fc33f04c55903b6db20a322deb404b8ecf.torrent
c:\program files\BitComet\archive\4b9616d88e671fa544eaa3b5ef73efc2fbdafc91.torrent
c:\program files\BitComet\archive\4bb76afe0d42bb2e948e4da43f9c4a3eb00b1298.torrent
c:\program files\BitComet\archive\4bc51d5b64f1e0cbdaed50e0a1963a6a8daa951e.torrent
c:\program files\BitComet\archive\4bea95de88e1ec5e0c92b297bb75c78f8d86890d.torrent
c:\program files\BitComet\archive\4c5d0ec5cfe8adfb72598b8199a27261220e393e.torrent
c:\program files\BitComet\archive\4d32fe5640288d32e683b27cc258fdead509a7e8.torrent
c:\program files\BitComet\archive\4eeb8f8000a8dade8d47e2270a1a4c12279b35c6.torrent
c:\program files\BitComet\archive\4efc5150003b6ba7ab8c9d658ea3e6280237b424.torrent
c:\program files\BitComet\archive\4fb7ce88d694f8b1bb788c49f96d3db9eb29b61a.torrent
c:\program files\BitComet\archive\500cbe75b5848f6ed8a447580fc98dd71bd18d39.torrent
c:\program files\BitComet\archive\505715bc770596d85fcb78eb8d36216bd6dda48c.torrent
c:\program files\BitComet\archive\5099de1ec33e05d4501f22090da7953e5649c14c.torrent
c:\program files\BitComet\archive\514254d92f6c72613146087155b5e0381a139937.torrent
c:\program files\BitComet\archive\51462170686f2bdfab98f7f8658b3da9bb85b166.torrent
c:\program files\BitComet\archive\5148499902b0a05973fbc5e270a787476d418281.torrent
c:\program files\BitComet\archive\51792ec9bb9853e88c3b4a39e50749a97157c89e.torrent
c:\program files\BitComet\archive\524e21511b64e43046a3d02e18bfc066dd81c50f.torrent
c:\program files\BitComet\archive\52c1614b17655443a86c72f171c6e468211fe5aa.torrent
c:\program files\BitComet\archive\530064adf099ed7934d150b55da93b404f585393.torrent
c:\program files\BitComet\archive\5368d6f34e3f69b8c7ef515606ec9b5fcad6bc3c.torrent
c:\program files\BitComet\archive\539cc4425f0f8f7ed779554afb09fbbafeb5cf38.torrent
c:\program files\BitComet\archive\53dc8591a4dcb55581d09d23a3a048abaf5d55e7.torrent
c:\program files\BitComet\archive\53e06d4d7d957f0e24be7b4803dd6fd8c46a61be.torrent
c:\program files\BitComet\archive\53fef9c1a22a7115247d2bd11c04462fad32c760.torrent
c:\program files\BitComet\archive\56574e5181b3077fbcecba501a5538a2d30e8ff3.torrent
c:\program files\BitComet\archive\56f8de42bdc760b555484184d4dd26eb1cd37bcf.torrent
c:\program files\BitComet\archive\56faef933af62634d0677a6940cf99d695125503.torrent
c:\program files\BitComet\archive\5754b891d3e22420f5a26ba1bc35c7c391a78e06.torrent
c:\program files\BitComet\archive\58ba64d81d924d1c905a0ffc0ca0d825e7b1637c.torrent
c:\program files\BitComet\archive\59593afcf9d6fd7dca1e6b6a82dc5a4b860ada33.torrent
c:\program files\BitComet\archive\596390e7cb56d6fafb090a95ed4fa4610f6a25ac.torrent
c:\program files\BitComet\archive\597651afaa94761329ebb7d35c898f636b6d2743.torrent
c:\program files\BitComet\archive\59af615e12815b283f7eb9ac025026df9910047a.torrent
c:\program files\BitComet\archive\59f2161b6de00b8e97b030f02033e9f7a25006de.torrent
c:\program files\BitComet\archive\5a48efaa1e25a3f54da1aa2ce539e248b9d48ee7.torrent
c:\program files\BitComet\archive\5b861c1ba814191128db2d5eec65f605b1dff610.torrent
c:\program files\BitComet\archive\5ba7cf571339e51c134954a281f1a235bdb37792.torrent
c:\program files\BitComet\archive\5c056a1fc1179110919d94c19f0939581eb1d75a.torrent
c:\program files\BitComet\archive\5c0635d04aaa81df049ffd539f341538f141bc44.torrent
c:\program files\BitComet\archive\5ca54eac28e3223429dc61986126751c84a11777.torrent
c:\program files\BitComet\archive\5dcea2aedf0af436a9dbc92aebebefc9151d889b.torrent
c:\program files\BitComet\archive\5e4bcb36c431fa1ff8d822005a0836a1d6d07cd3.torrent
c:\program files\BitComet\archive\5ef0166d2fbed41efe1be5420ae01ebac73a834a.torrent
c:\program files\BitComet\archive\5f2bcba01f5d30e7276a209f058d643f01491a44.torrent
c:\program files\BitComet\archive\5f750c38d7e23feb267e4873472cbc3cb8151cf5.torrent
c:\program files\BitComet\archive\5fa4a18aedf98926bc94a7e1feae396a16913092.torrent
c:\program files\BitComet\archive\600891bed7409359d36a2df9c725cd3a58465ada.torrent
c:\program files\BitComet\archive\60a28fc26755997d4f4e9ecd45ad92a2fad9bdd1.torrent
c:\program files\BitComet\archive\60a9ca8bd684d590fd03ca2573c16728dafa5df3.torrent
c:\program files\BitComet\archive\60e7e6911e876a191df906ef529c7075fc3ddf1f.torrent
c:\program files\BitComet\archive\613bb36f3400df80eea2f5381672dd2cb0530dee.torrent
c:\program files\BitComet\archive\6213eb1bc1fa2e6e77991520b4ac15bb7b6db429.torrent
c:\program files\BitComet\archive\62b3660f444a472897abd20c7130e9f3182451bd.torrent
c:\program files\BitComet\archive\639afdf4c0cb53b0b7adcd5943ffbfc782501e53.torrent
c:\program files\BitComet\archive\64613983b14fa2ffe59f57b7db3925230478a7c1.torrent
c:\program files\BitComet\archive\6467cde5aab88eb201643a770924e4c05c362f3b.torrent
c:\program files\BitComet\archive\64fbc44e4f52cbd864de849bc7f40775667c3e26.torrent
c:\program files\BitComet\archive\6544a8182cea7642d3e71c2c9a3f910d13357e38.torrent
c:\program files\BitComet\archive\654531813e3dd816948624299f912f649a2f1fc4.torrent
c:\program files\BitComet\archive\655f6f7a0ad88032392ba4a2e864bdf194104e6b.torrent
c:\program files\BitComet\archive\65bfa5af655c92ca51517236e2df37a5887e50ca.torrent
c:\program files\BitComet\archive\66080a422127a92ff73c32bee9d238e903967308.torrent
c:\program files\BitComet\archive\66292e3870ff91959310a6247a897e421bb3a5ad.torrent
c:\program files\BitComet\archive\66f7b2f861e023dcd9bb0f2da2ee13d2cbf32a3e.torrent
c:\program files\BitComet\archive\670d6ea3717527b5d78680d74efe1089589e19aa.torrent
c:\program files\BitComet\archive\672553d7c772fa1e29e2f34dd0bde28b4f30d59d.torrent
c:\program files\BitComet\archive\679f21a530350dda62ebfa5519a7e22f65895e15.torrent
c:\program files\BitComet\archive\681dd729edf0ffdd414d7f43ccfb243ca4feb28c.torrent
c:\program files\BitComet\archive\691ef66b4b62add5ab48bf0a20249ece1c276b4e.torrent
c:\program files\BitComet\archive\69a947a6e0cbaac558109f042e27ea91a3453d28.torrent
c:\program files\BitComet\archive\69e78c39e5d1a54645880aae2056b766f2e52c7e.torrent
c:\program files\BitComet\archive\6a4ddcb163630016b4e9d08988070e08c3bd7a3b.torrent
c:\program files\BitComet\archive\6a723ec76f535db27316b4aecbb36c1dd6227276.torrent
c:\program files\BitComet\archive\6b4a2a6c1863d52a77377351563c539e1be987ce.torrent
c:\program files\BitComet\archive\6c577f19e1543b28202f784498a3a436929c8846.torrent
c:\program files\BitComet\archive\6c6871a3034aed9e5666822f416156d72977e757.torrent
c:\program files\BitComet\archive\6cc97750f0192047227380f726b29cc76ceddb15.torrent
c:\program files\BitComet\archive\6d5ae8b7cff10cbe843c362078ba8ca71159b88e.torrent
c:\program files\BitComet\archive\6d66d776c6c54d58674a78ee4a02e6151da29ef3.torrent
c:\program files\BitComet\archive\6d8e20f4c9e1355ee75a51456dadc0c66a61e9f0.torrent
c:\program files\BitComet\archive\6e004174d1ec1bfe942b7a29062915b1bb546b06.torrent
c:\program files\BitComet\archive\6e06bea945effc7934e6c22e82e1b38c6946af33.torrent
c:\program files\BitComet\archive\6ebf3e2a42f98aa11c6ba9fe8f90789722aeb705.torrent
c:\program files\BitComet\archive\6f20a17f38f0075a3c7caa5fbd7544117a75f2c8.torrent
c:\program files\BitComet\archive\70132286c5834d3719defcc870c4541b02b38ff8.torrent
c:\program files\BitComet\archive\703edecea6d9274f279353fa835bb5bbbb911ae3.torrent
c:\program files\BitComet\archive\708531cc9c0e616756e19d0dba6e6a72017da370.torrent
c:\program files\BitComet\archive\7116d6ab924a83d999d16aa4e0aaf7141d77997b.torrent
c:\program files\BitComet\archive\71369e886b9972ed117d9109ccd8152b3d7ae20f.torrent
c:\program files\BitComet\archive\71a61d02970d419ab92817a58a56e4ff5f132759.torrent
c:\program files\BitComet\archive\71ad9419768371d592c1674b9da91b34e8c63f32.torrent
c:\program files\BitComet\archive\7287ae4a9a7a419419091247d03853a3eb19ac51.torrent
c:\program files\BitComet\archive\72aa32392911cff1936ba445d7364fed3bfdb2c7.torrent
c:\program files\BitComet\archive\72c76b6ad8103be33360764527d69ea68d2e75a4.torrent
c:\program files\BitComet\archive\72ee47fde0ddcce2d1b662f785c38d0aa51f9723.torrent
c:\program files\BitComet\archive\7358eaa2715e5f75835e10de7508e74015fdb90d.torrent
c:\program files\BitComet\archive\73861137b664a826f8754bb7f31a7ac2d3dda91c.torrent
c:\program files\BitComet\archive\75a1d7a43b65578b26e8c45a4e91ee4372c82f26.torrent
c:\program files\BitComet\archive\760f005be8ac1dd981d3bb220bb688cae9afb8ed.torrent
c:\program files\BitComet\archive\769e5d536290d9ca83a41a37cb12a5ed9a5f7ace.torrent
c:\program files\BitComet\archive\76fd3db8526d7ca404fbb5325dfdc35718872b5a.torrent
c:\program files\BitComet\archive\7718bfce941cfb4f32ad0ac56f544a026998fb2f.torrent
c:\program files\BitComet\archive\7742e72ce382dfde761b895edf4e8cb36e7cfeb1.torrent
c:\program files\BitComet\archive\77b67ca309274314d168c2965927cd2aedbf75fa.torrent
c:\program files\BitComet\archive\77be83a691b248c758c0ad8ed44c2eda4ca4aff5.torrent
c:\program files\BitComet\archive\77c4e06cb24bb2ba1275cb097f2c33a58f011f6b.torrent
c:\program files\BitComet\archive\77fa5aaaefd9dba97478d2f46ab7e71e103f9640.torrent
c:\program files\BitComet\archive\7874f0d1ffbcd3a8174cb49d25b69ccb42f0655e.torrent
c:\program files\BitComet\archive\799ddc60a13cf6a9140ab0265e52588a6ce36414.torrent
c:\program files\BitComet\archive\79c9e9b29b78c8c44b653b476e42ba54654cbdd0.torrent
c:\program files\BitComet\archive\7a67df0e6601ab5036b8a6d5330445d106c7ed47.torrent
c:\program files\BitComet\archive\7a7da3260c3983f22c82014bcec333f1fd190458.torrent
c:\program files\BitComet\archive\7b42f4753e40bc43156dcb942a95bb3585435632.torrent
c:\program files\BitComet\archive\7c1f82e87d8423c86881d241b94732feb7667988.torrent
c:\program files\BitComet\archive\7c8aef0f67640a79217e8bfcfa1c79427d423a28.torrent
c:\program files\BitComet\archive\7ce561d60abf787931d35029aa9722aab763aed7.torrent
c:\program files\BitComet\archive\7d967193df43852c9cd6f2f1f887947b00bd5d1b.torrent
c:\program files\BitComet\archive\7daa4ac74d632ace905618c643fe7d45cd77d88f.torrent
c:\program files\BitComet\archive\7dabb03bd10d88e830eb66cb6e80e50bddbcc679.torrent
c:\program files\BitComet\archive\7dd12519cd85489262a64db98ec785ce7adad647.torrent
c:\program files\BitComet\archive\7dff7f24b79b208e0bf36b335e3ee948e17fcbf0.torrent
c:\program files\BitComet\archive\7e0492816bdd9aa29edc86632ae6120c220344fc.torrent
c:\program files\BitComet\archive\7f3eebba1e277153bf8406b02c6aeda432143cf2.torrent
c:\program files\BitComet\archive\809e67c9c72b49b5b5aa662966758d2bbaa604ce.torrent
c:\program files\BitComet\archive\80a512d4f3d08de87493aa729e7936c0fbbd9c1a.torrent
c:\program files\BitComet\archive\817ef1366a1db79801bb1b4a3b4757d725840141.torrent
c:\program files\BitComet\archive\81e95af3385994463f726d1f9a6a69d1de681c2a.torrent
c:\program files\BitComet\archive\823f219ce0065550953c5f7fdadd46df25146478.torrent
c:\program files\BitComet\archive\8253dd4ccc30808364d4cfd4b3d767eba9798850.torrent
c:\program files\BitComet\archive\82639353d81d7a34a792cdad30d2e8d4ba8d0d59.torrent
c:\program files\BitComet\archive\82714a1a5ff6c632773a8e59122e0a6889c9f630.torrent
c:\program files\BitComet\archive\827e36519ff4b0b545d8a3b6f3e5af6d06c524f4.torrent
c:\program files\BitComet\archive\82acce830e396b5786b571abc915b4f09716faf0.torrent
c:\program files\BitComet\archive\83a0670c853f206bd4d6731d1f6158c26b18b815.torrent
c:\program files\BitComet\archive\83de52c086559738cc90863de5139dae15947851.torrent
c:\program files\BitComet\archive\84c8dfc07f3128984f30c330d6d9775e266f67b5.torrent
c:\program files\BitComet\archive\863b40419d9ebdba44b8e456ede81cd09cb03b2d.torrent
c:\program files\BitComet\archive\865dbfc8a87a0b020ac5e2849cc47032b873a58c.torrent
c:\program files\BitComet\archive\8707c1ef86e802b3e51c4ddb60ddc291aa0a5747.torrent
c:\program files\BitComet\archive\872e7c370a3ad8f18060dd55235ea60883c3889a.torrent
c:\program files\BitComet\archive\87c58d3eb8ff79ea931fc8ff9bb7391cef8b9e73.torrent
c:\program files\BitComet\archive\8922999338acda3e7b891bcd8b2f81b176de05d5.torrent
c:\program files\BitComet\archive\8a2b773bf458797e467ad8eb8268c2a2e47b3a01.torrent
c:\program files\BitComet\archive\8b606a18684436e157c51ffab5b9425aaa917f39.torrent
c:\program files\BitComet\archive\8b6e271aa647e03fcbc4f1a672850c3c037df24f.torrent
c:\program files\BitComet\archive\8c1f7fea4ccbdca8a1920dc4ed4712798bb7c098.torrent
c:\program files\BitComet\archive\8c21b1221cc53a7d38b7258a0aa35f747329a2be.torrent
c:\program files\BitComet\archive\8c8b7931835eb493ed06f94003c51f09f35a8f8d.torrent
c:\program files\BitComet\archive\8d37fa7a5fa81e8bbfb16a8e360519122440f0a9.torrent
c:\program files\BitComet\archive\8dc54890f73edf79e5d9910c949ddace5833bc27.torrent
c:\program files\BitComet\archive\8de60a4af7b95f0b8b224ca43668e262b0970fce.torrent
c:\program files\BitComet\archive\8f29d7701a974fc08341411b054a522ca9fdb58e.torrent
c:\program files\BitComet\archive\8f45ae775e7b6d3c6652a9d4d00099b3c6c800df.torrent
c:\program files\BitComet\archive\8f8f9418ce611c9b8fd4eacc4c68fad44f5e6419.torrent
c:\program files\BitComet\archive\8fb08d1120fa52372f35528256f4cf7f04b96a4b.torrent
c:\program files\BitComet\archive\90c880bda1345532c93da423dbe8aa9d105ff9af.torrent
c:\program files\BitComet\archive\9186dd96b4cfb55e4d2de9c2234cef03e18a802e.torrent
c:\program files\BitComet\archive\91b90054239ec6fd1c9758a73bad3da9c8632bcc.torrent
c:\program files\BitComet\archive\9249e9987e6062e8fc6159a312224e39cc92ca85.torrent
c:\program files\BitComet\archive\92ef0da7fd2a4abb0ecc8653a505cc5110b1a59f.torrent
c:\program files\BitComet\archive\9332554f019b78d8a93ee6f73eee66d71d84837d.torrent
c:\program files\BitComet\archive\93b6aa4c49c7869129f3fd09544510b91728c189.torrent
c:\program files\BitComet\archive\93ed8b942981d2caebb191a5ebcf1e0bca6534f0.torrent
c:\program files\BitComet\archive\941865e3f68e77fea5b202ab463342ac6d5ec859.torrent
c:\program files\BitComet\archive\949ef94e4e57a4c944554649bf51f03219c04ad7.torrent
c:\program files\BitComet\archive\94b1c0bfb4fe4f9a725f3d1f4631a7715bfffc6a.torrent
c:\program files\BitComet\archive\94b50449c0dde386fb40782251286617e8615ecc.torrent
c:\program files\BitComet\archive\95339a30913fe67bc094116c1a17b61baad00a7a.torrent
c:\program files\BitComet\archive\95f815cf3005feb20f2954638eb4e60523af87d9.torrent
c:\program files\BitComet\archive\96648926a5c0ae04596f92f485ec3bbb562e86f8.torrent
c:\program files\BitComet\archive\969615c3945a520f84ece5adbec818d8dce039f1.torrent
c:\program files\BitComet\archive\969ec59273e487a347a4e519480639e62891a2fc.torrent
c:\program files\BitComet\archive\983741f3769c2f10c37255c68eb002c5e61278f7.torrent
c:\program files\BitComet\archive\987d5a01819706d03ba1a4b59a0e0b189d666827.torrent
c:\program files\BitComet\archive\987e5006457f1d6e38ec2a4ece8a01690dac280f.torrent
c:\program files\BitComet\archive\9980f7e7061834ab5c1cda3353bbc922c70423e8.torrent
c:\program files\BitComet\archive\9982b1b5718279562760544e7007b765602a86ee.torrent
c:\program files\BitComet\archive\9a2887718422c25fe17d583f2894473d97254e20.torrent
c:\program files\BitComet\archive\9a538bbd72d19f9693d54471453362bf4f53f549.torrent
c:\program files\BitComet\archive\9a86eda8dabc851f36d2b258a2276d994fb12f75.torrent
c:\program files\BitComet\archive\9b1cd721061454e31407cd8a372c7f1830a83aa6.torrent
c:\program files\BitComet\archive\9e0623b4a6d37c7e6bd647313c913b3069982327.torrent
c:\program files\BitComet\archive\9facb9ab92fb4ee29795abb5e2d693615f24af7e.torrent
c:\program files\BitComet\archive\a027fadb91027ceede253155a5c61f6c64d913e2.torrent
c:\program files\BitComet\archive\a0c1cbddf685e6c97f1b554a4cd1c4e77c9dd952.torrent
c:\program files\BitComet\archive\a0ed3fed39a2f196925de856972a11ad76d648e9.torrent
c:\program files\BitComet\archive\a0f176df420b58a86a77c33a5103e0de0ec4dc1b.torrent
c:\program files\BitComet\archive\a1c855ede5192525d829a9d41b23c572dd13b98d.torrent
c:\program files\BitComet\archive\a23cee42a0742442d44bed0756fb37ab0b46f80b.torrent
c:\program files\BitComet\archive\a2ac6c5690673790a05ca45763390a09bcc118f6.torrent
c:\program files\BitComet\archive\a2dc5208f583764a09ef630e1b98e1d7cefefb50.torrent
c:\program files\BitComet\archive\a401033a82bca19c1626b487a60aa6765e94a411.torrent
c:\program files\BitComet\archive\a4ddc6ac25f8ae8ec59a80c41d8ff3199849038b.torrent
c:\program files\BitComet\archive\a504d4cecd956254b648d172dadc72887fcd50d3.torrent
c:\program files\BitComet\archive\a5606fca8b44c1bc91a6c88a472ea95d39d94112.torrent
c:\program files\BitComet\archive\a79c20179d7b3de53869ba9842d80b2aa0c75831.torrent
c:\program files\BitComet\archive\a7dfbe548caee66f19899117f595b439ddee59e2.torrent
c:\program files\BitComet\archive\a8387167aea1eb18c8588b586036cac26e1fd5fe.torrent
c:\program files\BitComet\archive\a8d7f9655ba11857de096746d6fcb9b527bfa2b5.torrent
c:\program files\BitComet\archive\a92e101b2b00665ab3494ef440be4542a37d4a89.torrent
c:\program files\BitComet\archive\a9e4ce83d5c276dcd2a36e66e04d7f254acc8286.torrent
c:\program files\BitComet\archive\aa2e1b8b225279f2108a462ebb489082c1c21255.torrent
c:\program files\BitComet\archive\aa424705589d68321f8e61cfc808d564bd11a924.torrent
c:\program files\BitComet\archive\aa57f1b7f4b99988d8ffda2bde29c6bb8e357d56.torrent
c:\program files\BitComet\archive\ab8dd70b050f2d2405443996f42e46822fca29ac.torrent
c:\program files\BitComet\archive\ac35d5dacaa1c17aa5de11d6948448b33192f4d2.torrent
c:\program files\BitComet\archive\aca690ce59c3b37aee0ca8e021feef5faf018dba.torrent
c:\program files\BitComet\archive\aef5cb41a38fbb540fcc0cfc8f1dbbe5920b7270.torrent
c:\program files\BitComet\archive\b00cfe083ab5ef354b8142a1cef4e22d44194b5f.torrent
c:\program files\BitComet\archive\b072a60f298ccee952f5b4552ac83b483735946d.torrent
c:\program files\BitComet\archive\b0890e64fc38fa84d0758b9f961ee08da94e3c7b.torrent
c:\program files\BitComet\archive\b0a969739b80cc4430296feed0f4e7835c8f1ed3.torrent
c:\program files\BitComet\archive\b0b63340a00b5a5476abf9ace8f75112b887a849.torrent
c:\program files\BitComet\archive\b12bc273c6adb05ade39d09d9db0f075b88f84b6.torrent
c:\program files\BitComet\archive\b131f939bd48c7acf5331ec2c0c2e42ab805b1dc.torrent
c:\program files\BitComet\archive\b18eee3fb4eb40ee2bd8e8ef2d229f7b72f64b87.torrent
c:\program files\BitComet\archive\b2a345832f2c6ba0934b83ca428f347c3df541ea.torrent
c:\program files\BitComet\archive\b30887252773032b7f1b8110e016caa43e461cf8.torrent
c:\program files\BitComet\archive\b31fd4b254937e067f845230009a3d92a6f8e543.torrent
c:\program files\BitComet\archive\b59243c0871334ce83dc95de6bf28962e9857c1c.torrent
c:\program files\BitComet\archive\b6a4d2459b0db0b6cffd97e8835b57bc9f63a5fe.torrent
c:\program files\BitComet\archive\b6f70b63963882282027fb5464524ef1be791d6c.torrent
c:\program files\BitComet\archive\b714911e8a6752771deca8538b673b59657e76df.torrent
c:\program files\BitComet\archive\b85f099148a5bde8fbacda3b433936f6e97d91ee.torrent
c:\program files\BitComet\archive\b90f74b0711dcedd1a2eca82749db6a48a4cc9e7.torrent
c:\program files\BitComet\archive\b9cc11a9a502a299fd44e4dd49789ffbab9f44bf.torrent
c:\program files\BitComet\archive\baa2071b5cfd0e73c2bbeeffd9a9760829de9f8a.torrent
c:\program files\BitComet\archive\baa979a798d547414cd55b2d6175848c17e8c76d.torrent
c:\program files\BitComet\archive\baee945247fd4de453902a608f6b1f435d5986e9.torrent
c:\program files\BitComet\archive\bb04e6250c4030f28b6086b38ad49f7630bfa623.torrent
c:\program files\BitComet\archive\bb394fb86092903cf2c7e50e2aef6318b3cda963.torrent
c:\program files\BitComet\archive\bc0f8c2d3af3bae167d668290dae146dcd35a440.torrent
c:\program files\BitComet\archive\bc6cb11bd56023f59b47934b86f489ba9b973fcd.torrent
c:\program files\BitComet\archive\bc85b4cd4de11f5c562b7a0ea7f604da6a4fbf9a.torrent
c:\program files\BitComet\archive\bd5601838c0c1f8376485cc894a641620ee1f15d.torrent
c:\program files\BitComet\archive\bdcc2676202fdae042ebbe2df6cfa7b6080e61b0.torrent
c:\program files\BitComet\archive\bdd09a80d2c2520fd7f588bfcbe1536f5c1a84ea.torrent
c:\program files\BitComet\archive\be16685ca5cf4c7ec8ec774160cc4ab7e9effb2b.torrent
c:\program files\BitComet\archive\bff5aed6c9bddb40e7f026524a77d95b5e9348f3.torrent
c:\program files\BitComet\archive\c0064334a57b484aa28528f4a99b4fc335178500.torrent
c:\program files\BitComet\archive\c06ca11c13f7f592569d127e76cc6b99732a6444.torrent
c:\program files\BitComet\archive\c0867eb5ab266c453a29a0c9810b97947ad659aa.torrent
c:\program files\BitComet\archive\c1970b8116a23ab65108c118d1648d0aa5668a94.torrent
c:\program files\BitComet\archive\c2953468c0ab03e13e4c0df33ddd74e29761c3d8.torrent
c:\program files\BitComet\archive\c2f9ae6a6502ea83b01552098e233c6936253435.torrent
c:\program files\BitComet\archive\c3103d0f8ff2471a97392f56a43686471199aade.torrent
c:\program files\BitComet\archive\c34285086a1c1ac524c3e32779828a79498dac60.torrent
c:\program files\BitComet\archive\c3a817056640c49aa8f9b8e0f96bc93a234ac4ce.torrent
c:\program files\BitComet\archive\c3d2b2f3e16768594b6448e52f6a7dc158ebbab1.torrent
c:\program files\BitComet\archive\c4b2a52badcd6d786d2d6a352d0767078cc90bf5.torrent
c:\program files\BitComet\archive\c54ba500d9749d6c4ceb312c5d54e16e380fb7fe.torrent
c:\program files\BitComet\archive\c56ef3c974bc5c591396efeca6a747faaece3cbb.torrent
c:\program files\BitComet\archive\c755b64414abd03aacdfb3338676cce03cf708c6.torrent
c:\program files\BitComet\archive\c824c2edfdb0b11ac68688506a14663735fdf446.torrent
c:\program files\BitComet\archive\c9c5f5936e65d6bb60c8add7ac42b1d47c5758dd.torrent
c:\program files\BitComet\archive\ca3bc7d375d8b4966727738e8023f1f5c995f3f4.torrent
c:\program files\BitComet\archive\ca636a4f7d426d193326f9f3149d9c3757321df1.torrent
c:\program files\BitComet\archive\cade9ccf234a62823464d9f4a98480a8a4c45243.torrent
c:\program files\BitComet\archive\cb6c5631eadadb9229ac8fc9bb86b1e9ca47e0b4.torrent
c:\program files\BitComet\archive\cb7def5779ce98eaeb252f9e6cd1a14962342297.torrent
c:\program files\BitComet\archive\cb9e993a0070b77d498327c6c8a0501ce576b30d.torrent
c:\program files\BitComet\archive\ce21853dd109301032e553c6fe69d63f2871f564.torrent
c:\program files\BitComet\archive\ceea885a0e16cb5d1c8f67e7f7a31cd2a17b469f.torrent
c:\program files\BitComet\archive\cfe352e41745db77fe54ab02abf9ccd0b27efd8a.torrent
c:\program files\BitComet\archive\cfed30642af4bc088a7d3e6b02cfd69328f7abef.torrent
c:\program files\BitComet\archive\d05c49ee62c1eedfab146fd0a910d4b6f4659360.torrent
c:\program files\BitComet\archive\d1836f3938d609c6583b4333eff19ec925cc9dfc.torrent
c:\program files\BitComet\archive\d2939789c9bedd10aff5ef129aca7949e3557320.torrent
c:\program files\BitComet\archive\d3832ee96fc79585a28b9a6332290268f33baad0.torrent
c:\program files\BitComet\archive\d4ce3d39ba014d0d1a8079b139406de95d668a37.torrent
c:\program files\BitComet\archive\d513334afecf25941a3413c979ec8a42a19a4ae9.torrent
c:\program files\BitComet\archive\d60968291c64a4e9f2fa0938e9a37cb258419461.torrent
c:\program files\BitComet\archive\d61a2d20de9c3312feb84d4d5e07d6fd7e3c5689.torrent
c:\program files\BitComet\archive\d642db11e5162784a588223b3e5be1190ea4a1e8.torrent
c:\program files\BitComet\archive\d6ff702f41d8f7a085cacb6dda856ad37c47dfbd.torrent
c:\program files\BitComet\archive\d819a23721a8e7f56e862342352dbd5212500a7c.torrent
c:\program files\BitComet\archive\d93ff1e727cad28624c436113c2aaef1b450e922.torrent
c:\program files\BitComet\archive\d98fdec20dd853a9eaf25eb182e7dd3aff916a67.torrent
c:\program files\BitComet\archive\da968fc6506cb26a74090050618f9913595fe518.torrent
c:\program files\BitComet\archive\dabdff3d7d49b3e43a5a17c956238bdb38010b6c.torrent
c:\program files\BitComet\archive\dbcc9aa4eaf6648621df6463637ef0a5549d3f2e.torrent
c:\program files\BitComet\archive\dbe293ededb444e89eb88532600054b66027edd2.torrent
c:\program files\BitComet\archive\dbf537e917876c816a5532f8a6b4ea9915ffbc18.torrent
c:\program files\BitComet\archive\dc76d62875cb13b0f29be7e8726c2a36b5599369.torrent
c:\program files\BitComet\archive\dcbc3b20139c0c44dc410682ed991a11e56e9a2d.torrent
c:\program files\BitComet\archive\dd9f6ea5ee2aa19501885881152694309c682948.torrent
c:\program files\BitComet\archive\de831b4855158e017672446d6ac8ee48a39f8ea6.torrent
c:\program files\BitComet\archive\df16135bde47a86c9270d2df50f1d2e9e9639931.torrent
c:\program files\BitComet\archive\df41dfa23c15211b6825b06591dc92fe41c3ba02.torrent
c:\program files\BitComet\archive\dfc34c2e7e01892612b7a0c436f5456f6b3a3ee0.torrent
c:\program files\BitComet\archive\e00c65bae2b560b0d68d3b2ad7839248ab7af3fc.torrent
c:\program files\BitComet\archive\e0f29a68a5bc0fc6e3c034606386e6c6c65e1c17.torrent
c:\program files\BitComet\archive\e15c7b5ab23e41de8fd77e5ceb1495c7a989b383.torrent
c:\program files\BitComet\archive\e17555720788a4dc49c3784ef88816c27c4e8bb5.torrent
c:\program files\BitComet\archive\e1770a05c539397d2f254050449219aacacd3962.torrent
c:\program files\BitComet\archive\e1dcea6eca4fa80c0d77d73404bb95ef6b811fab.torrent
c:\program files\BitComet\archive\e244fa78bf6b5146ebdd1ffc8c21f27666bfd37d.torrent
c:\program files\BitComet\archive\e2b91de119343f4f86cba1061c2500c10040b48b.torrent
c:\program files\BitComet\archive\e417b9fd8a7ba08abd8c8a4f9be072d5bad63da5.torrent
c:\program files\BitComet\archive\e447c4e6cb226d525fcc246329604c3b5f707d12.torrent
c:\program files\BitComet\archive\e4e25ed91077c4313fb95da8c78b6baa9b6d249b.torrent
c:\program files\BitComet\archive\e519ff770617379d7b5fde7b395234a74ca572e7.torrent
c:\program files\BitComet\archive\e523a7412b5fbe369e5211b6152179d0dc893bb5.torrent
c:\program files\BitComet\archive\e576aeef115eb3d06177213d73225966f425cc3f.torrent
c:\program files\BitComet\archive\e59ca3f74e4fdddd5da906d8293b7087867e6c53.torrent
c:\program files\BitComet\archive\e6defd4844dbfc9c41141e72a31cfe14f0930a5d.torrent
c:\program files\BitComet\archive\e77c14a6ec15c4757d3065ce775af6e4e670a78d.torrent
c:\program files\BitComet\archive\e7d8e7ca536e8ad3c619d441f68345ab8454b8e9.torrent
c:\program files\BitComet\archive\e849f1903eda169fe8d0f98998afdf324de81f77.torrent
c:\program files\BitComet\archive\e85121d494a3816343aeb1d353d23acc13a5f30f.torrent
c:\program files\BitComet\archive\e86d5d1d454f09094ef72d0421cfe25a01655cd4.torrent
c:\program files\BitComet\archive\e8c71c94128b03244c44b776b261f71982b2fb38.torrent
c:\program files\BitComet\archive\e9c8e4726373a9b5f2fb872ee2306ee83f587316.torrent
c:\program files\BitComet\archive\ebc0ebf0433777918b30f741ba8c710facba2931.torrent
c:\program files\BitComet\archive\ed70dde3e4e2bf796d8bd914a566cdee76c86e18.torrent
c:\program files\BitComet\archive\edc3271b33a44ac942ad9aa368fb72033aabb969.torrent
c:\program files\BitComet\archive\ee95e975d0a3fff3e6f82e4d84cab9277f481f53.torrent
c:\program files\BitComet\archive\ef0faebe72f5db064b3aa96cf0debc3257da8e65.torrent
c:\program files\BitComet\archive\ef372b594b478413c16ff7b865149051679bd34e.torrent
c:\program files\BitComet\archive\efea99c4ca60a9cbae90e227bf3c01d652416af7.torrent
c:\program files\BitComet\archive\f04f6fd439dbababdf66f9796e9d5543f778864e.torrent
c:\program files\BitComet\archive\f0886464a8db05dc0d8ea73ef15014ff6e954d53.torrent
c:\program files\BitComet\archive\f0c15c27982d1ddfc9b0f5f8e5f238ed11e55ee7.torrent
c:\program files\BitComet\archive\f0e8162803162df7c5710c1e02874d0aa2bf4cf6.torrent
c:\program files\BitComet\archive\f1361ce091d34a4db78619fa701c67cabcdec6e8.torrent
c:\program files\BitComet\archive\f1f881b711e19b42724ba0a91e0fb8bcab1ac448.torrent
c:\program files\BitComet\archive\f2597d440a11cb65ba7f09f412dce39b61e0633f.torrent
c:\program files\BitComet\archive\f2a7b58b90a0defca9dbf707148a44f25460de01.torrent
c:\program files\BitComet\archive\f2d25b164b70da926042cb1dde50fba35259ce1c.torrent
c:\program files\BitComet\archive\f2ecd4c34e9e22dc85c9e043433c572800ba1d20.torrent
c:\program files\BitComet\archive\f36f341721bbf3957375382c262cc73cb26cf348.torrent
c:\program files\BitComet\archive\f67e2a7e84762a15e0a25846c52048f4ca024219.torrent
c:\program files\BitComet\archive\f6fbb11e37a8367f51be30dc2c8ed9c10483670e.torrent
c:\program files\BitComet\archive\f7f2249a4a2ac68e1f97863d53018fefd1c0cc43.torrent
c:\program files\BitComet\archive\f7f5455ebe24806be63470de0214eeb83671ee3c.torrent
c:\program files\BitComet\archive\f8bbb1652f5b96f0680d897219eea03296f08fb6.torrent
c:\program files\BitComet\archive\f9ba23d75306b067bfdc048bb8ded1f91f224a21.torrent
c:\program files\BitComet\archive\fa2cf17a2d7769d9dd54f33e900829a0c5f70913.torrent
c:\program files\BitComet\archive\fab3c31bf9b888663881557d969f42b6482c39c0.torrent
c:\program files\BitComet\archive\fb3311b8ae9349cc7568171d51670ac7c69cec86.torrent
c:\program files\BitComet\archive\fb548da227aba0fe62912f654a56bac2b8a2e9b3.torrent
c:\program files\BitComet\archive\fcc5a1f8a1877397f8846f729e47d63ed98dfc13.torrent
c:\program files\BitComet\archive\fe747dbae81b5c9609f0d3425537b609b8fe73a2.torrent
c:\program files\BitComet\archive\fef3ca88df2950a31d30942d3b09cd1748911067.torrent
c:\program files\BitComet\archive\ff08a15a2ceb5f0f2f2b4613ea2b927f87ff1256.torrent
c:\program files\BitComet\archive\ffdcb4adcb46a02308f08145174dcb09e6bad358.torrent
c:\program files\BitComet\archive\my_history.xml
c:\program files\BitComet\BitComet.xml
c:\program files\BitComet\Downloads.xml
c:\program files\BitComet\Downloads.xml.20100811.bak
c:\program files\BitComet\Downloads.xml.20100814.bak
c:\program files\BitComet\Downloads.xml.20100816.bak
c:\program files\BitComet\Downloads.xml.20100817.bak
c:\program files\BitComet\Downloads.xml.bak
c:\program files\BitComet\rules\dhtnodes.dat
c:\program files\BitComet\share\83de52c086559738cc90863de5139dae15947851.torrent
c:\program files\BitComet\share\863b40419d9ebdba44b8e456ede81cd09cb03b2d.torrent
c:\program files\BitComet\share\9332554f019b78d8a93ee6f73eee66d71d84837d.torrent
c:\program files\BitComet\share\b6f70b63963882282027fb5464524ef1be791d6c.torrent
c:\program files\BitComet\share\f2ecd4c34e9e22dc85c9e043433c572800ba1d20.torrent
c:\program files\BitComet\share\f9ba23d75306b067bfdc048bb8ded1f91f224a21.torrent
c:\program files\BitComet\share\my_shares.xml
c:\program files\BitComet\torrents\Date Night[2010][Unrated Edition]DvDrip[Eng]-FXG.torrent
c:\program files\BitComet\torrents\Date Night[2010][Unrated Edition]DvDrip[Eng]-FXG.xml
c:\program files\BitComet\torrents\Entourage.S07E03.Dramedy.HDTV.XviD-FQM.avi.torrent
c:\program files\BitComet\torrents\Entourage.S07E03.Dramedy.HDTV.XviD-FQM.avi.xml
c:\program files\BitComet\torrents\Entourage.S07E04.HDTV.XviD-XII.avi.torrent
c:\program files\BitComet\torrents\Entourage.S07E04.HDTV.XviD-XII.avi.xml
c:\program files\BitComet\torrents\Entourage.S07E05.Bottoms.Up.HDTV.XviD-FQM.avi.torrent
c:\program files\BitComet\torrents\Entourage.S07E05.Bottoms.Up.HDTV.XviD-FQM.avi.xml
c:\program files\BitComet\torrents\Entourage.S07E06.HDTV.XviD-NoTV.avi.torrent
c:\program files\BitComet\torrents\Entourage.S07E06.HDTV.XviD-NoTV.avi.xml
c:\program files\BitComet\torrents\Entourage.S07E07.Tequila.and.Coke.HDTV.XviD-FQM.avi.torrent
c:\program files\BitComet\torrents\Entourage.S07E07.Tequila.and.Coke.HDTV.XviD-FQM.avi.xml
c:\program files\BitComet\torrents\GHOST DOG - Soundtrack.torrent
c:\program files\BitComet\torrents\GHOST DOG - Soundtrack[0].torrent
c:\program files\BitComet\torrents\GHOST DOG - Soundtrack[1].torrent
c:\program files\BitComet\torrents\GHOST DOG - Soundtrack[1].xml
c:\program files\BitComet\torrents\Ghost.Dog-The.Way.Of.The.Samurai.1CD.2000.Soundtrack.[WmC].torrent
c:\program files\BitComet\torrents\Ghost.Dog-The.Way.Of.The.Samurai.1CD.2000.Soundtrack.[WmC].xml
c:\program files\BitComet\torrents\Hung.S02E03.HDTV.XviD-NoTV.avi.torrent
c:\program files\BitComet\torrents\Hung.S02E03.HDTV.XviD-NoTV.avi.xml
c:\program files\BitComet\torrents\Hung.S02E04.Sing.it.Again.Ray.or.Home.Plate.HDTV.XviD-FQM.avi.torrent
c:\program files\BitComet\torrents\Hung.S02E04.Sing.it.Again.Ray.or.Home.Plate.HDTV.XviD-FQM.avi.xml
c:\program files\BitComet\torrents\Hung.S02E05.A.Man.A.Plan.or.Thank.You.Jimmy.Carter.HDTV.XviD-FQM.avi.torrent
c:\program files\BitComet\torrents\Hung.S02E05.A.Man.A.Plan.or.Thank.You.Jimmy.Carter.HDTV.XviD-FQM.avi.xml
c:\program files\BitComet\torrents\Hung.S02E06.HDTV.XviD-NoTV.avi.torrent
c:\program files\BitComet\torrents\Hung.S02E06.HDTV.XviD-NoTV.avi.xml
c:\program files\BitComet\torrents\Hung.S02E07.The.Middle.East.Is.Complicated.HDTV.XviD-FQM.avi.torrent
c:\program files\BitComet\torrents\Hung.S02E07.The.Middle.East.Is.Complicated.HDTV.XviD-FQM.avi.xml
c:\program files\BitComet\torrents\Iron Man 2 TS XViD - IMAGiNE [NO-RAR] - [ www.torrentday.com ].torrent
c:\program files\BitComet\torrents\Iron Man 2 TS XViD - IMAGiNE [NO-RAR] - [ www.torrentday.com ].xml
c:\program files\BitComet\torrents\Massage.Creep.-.Heather.Summers.torrent
c:\program files\BitComet\torrents\Playboy - June 2010.torrent
c:\program files\BitComet\torrents\Repo.Men.2010.uNRATED.DvDRip.AC3 5.1-FxM.torrent
c:\program files\BitComet\torrents\Repo.Men.2010.uNRATED.DvDRip.AC3 5.1-FxM.xml
c:\program files\BitComet\torrents\The Ghost Writer[2010]DvDrip[Eng]-FXG.torrent
c:\program files\BitComet\torrents\The Ghost Writer[2010]DvDrip[Eng]-FXG.xml
c:\program files\BitComet\torrents\The.Boondocks.S03E12.HDTV.XviD-2HD.avi.torrent
c:\program files\BitComet\torrents\The.Boondocks.S03E12.HDTV.XviD-2HD.avi.xml
c:\program files\BitComet\torrents\True.Blood.S03E04.9.Crimes.HDTV.XviD-FQM.avi.torrent
c:\program files\BitComet\torrents\True.Blood.S03E04.9.Crimes.HDTV.XviD-FQM.avi.xml
c:\program files\BitComet\torrents\True.Blood.S03E05.Trouble.HDTV.XviD-FQM.avi.torrent
c:\program files\BitComet\torrents\True.Blood.S03E05.Trouble.HDTV.XviD-FQM.avi.xml
c:\program files\BitComet\torrents\True.Blood.S03E06.I.Got.a.Right.to.Sing.the.Blues.HDTV.XviD-FQM.avi.torrent
c:\program files\BitComet\torrents\True.Blood.S03E06.I.Got.a.Right.to.Sing.the.Blues.HDTV.XviD-FQM.avi.xml
c:\program files\BitComet\torrents\True.Blood.S03E07.Hitting.the.Ground.HDTV.XviD-FQM.avi.torrent
c:\program files\BitComet\torrents\True.Blood.S03E07.Hitting.the.Ground.HDTV.XviD-FQM.avi.xml
c:\program files\BitComet\torrents\True.Blood.S03E08.HDTV.XviD-NoTV.avi.torrent
c:\program files\BitComet\torrents\True.Blood.S03E08.HDTV.XviD-NoTV.avi.xml
c:\program files\BitComet\torrents\True.Blood.S03E09.Everything.is.Broken.HDTV.XviD-FQM.avi.torrent
c:\program files\BitComet\torrents\True.Blood.S03E09.Everything.is.Broken.HDTV.XviD-FQM.avi.xml
c:\program files\BitComet\torrents\Weeds.S06E01.DVDRip.PreAir.XviD-BuRN.avi.torrent
c:\program files\BitComet\torrents\Weeds.S06E01.DVDRip.PreAir.XviD-BuRN.avi.xml
c:\program files\BitComet\torrents\Youth.In.Revolt.DVDRip.XviD-ARROW.torrent
c:\program files\BitComet\torrents\Youth.In.Revolt.DVDRip.XviD-ARROW.xml
c:\windows\Cmehukuhoxaj.bin
c:\windows\kbdbgsi.dll
c:\windows\Ocawinuyozew.dat
c:\windows\system32\3B38C503.exe
c:\windows\uqedehipenoxok.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_3B38C503
-------\Service_3B38C503


((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-17 00:20 . 2010-08-17 00:20 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-16 22:20 . 2010-08-16 22:20 -------- d-----w- c:\documents and settings\Waqar\Local Settings\Application Data\{116E1CDE-1499-4068-BEE3-3C0DB2E07A0D}
2010-08-16 22:07 . 2010-08-16 22:20 -------- d-----w- C:\RECYCLER(2)
2010-08-08 22:18 . 2010-08-08 22:18 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-08-08 22:18 . 2010-08-08 22:18 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AIM Toolbar
2010-08-08 22:18 . 2010-08-09 21:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\dsitjkcbc
2010-08-07 23:23 . 2010-08-15 20:15 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-08-01 04:59 . 2010-08-01 04:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-07-28 00:15 . 2010-07-28 00:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-26 23:28 . 2010-07-26 23:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-26 21:27 . 2010-07-26 21:27 -------- d-----w- c:\documents and settings\Waqar\Application Data\Malwarebytes
2010-07-26 21:26 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 21:26 . 2010-07-26 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 21:26 . 2010-07-26 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-26 21:26 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-26 21:08 . 2010-07-26 21:31 -------- d-----w- c:\documents and settings\Waqar\Local Settings\Application Data\exbnwpfwf
2010-07-26 21:06 . 2010-07-26 21:31 -------- d-----w- c:\documents and settings\Waqar\Local Settings\Application Data\gygbthdjk
2010-07-26 21:06 . 2010-08-17 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 09:22 . 2006-02-28 12:00 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-08-12 02:25 . 2009-10-27 00:12 -------- d-----w- c:\documents and settings\Waqar\Application Data\Oply
2010-07-01 01:58 . 2010-07-01 01:57 -------- d-----w- c:\program files\iTunes
2010-07-01 01:58 . 2010-07-01 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-01 01:57 . 2010-07-01 01:57 -------- d-----w- c:\program files\iPod
2010-07-01 01:57 . 2009-07-17 03:57 -------- d-----w- c:\program files\Common Files\Apple
2010-07-01 01:54 . 2010-01-03 02:52 -------- d-----w- c:\program files\QuickTime
2010-07-01 01:51 . 2010-07-01 01:51 -------- d-----w- c:\program files\Bonjour
2010-07-01 01:45 . 2010-07-01 01:45 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-30 12:31 . 2006-02-28 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2006-02-28 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-02-28 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-02-28 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-07-17 02:33 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-05-22 19:35 . 2010-05-22 19:35 503808 ----a-w- c:\documents and settings\Waqar\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7424c877-n\msvcp71.dll
2010-05-22 19:35 . 2010-05-22 19:35 499712 ----a-w- c:\documents and settings\Waqar\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7424c877-n\jmc.dll
2010-05-22 19:35 . 2010-05-22 19:35 348160 ----a-w- c:\documents and settings\Waqar\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7424c877-n\msvcr71.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\Update ----


---- Directory of c:\documents and settings\LocalService\Local Settings\Application Data\dsitjkcbc ----


---- Directory of c:\documents and settings\Waqar\Application Data\Oply ----

2010-08-12 02:25 . 2010-08-16 04:04 515161 ----a-w- c:\documents and settings\Waqar\Application Data\Oply\zegae.ehz
2010-08-12 01:54 . 2010-08-12 02:10 21900 ----a-w- c:\documents and settings\Waqar\Application Data\Oply\zegae.tmp

---- Directory of c:\documents and settings\Waqar\Local Settings\Application Data\exbnwpfwf ----


---- Directory of c:\documents and settings\Waqar\Local Settings\Application Data\gygbthdjk ----



((((((((((((((((((((((((((((( SnapShot@2010-08-16_05.06.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-16 22:20 . 2010-08-17 00:20 13256 c:\windows\system32\Restore\rstrlog.dat
+ 2006-02-28 12:00 . 2008-04-14 00:12 34699 c:\windows\system32\hlp.dat
+ 2009-07-17 02:38 . 2010-08-16 23:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-17 02:38 . 2009-07-17 03:37 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-17 02:38 . 2010-08-16 23:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-07-17 02:38 . 2009-07-17 03:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-08-16 05:26 . 2010-08-16 05:26 811008 c:\windows\system32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-07 114688]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 88363]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-26 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-29 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Waqar\Application Data\Mozilla\Firefox\Profiles\orf8mrek.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101053100&s=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\Waqar\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101053100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-17 18:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2616)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\AGRSMMSG.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-08-17 18:14:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-17 22:14
ComboFix2.txt 2010-08-17 05:33
ComboFix3.txt 2010-08-17 03:19
ComboFix4.txt 2010-08-16 05:34
ComboFix5.txt 2010-08-17 22:01

Pre-Run: 141,942,284,288 bytes free
Post-Run: 141,933,555,712 bytes free

- - End Of File - - 919B121A221BD0EED9FEF9F3DA87F964

Run by Waqar at 18:17:43.59 on Tue 08/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.297 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
F:\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247800031515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\waqar\applic~1\mozilla\firefox\profiles\orf8mrek.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101053100&s=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\waqar\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
FF - HiddenExtension: Adobe Flash Plugin: No Registry Reference - c:\program files\mozilla firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101053100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-08-17 00:20:34 0 d-----w- c:\windows\system32\wbem\Repository
2010-08-16 22:07:21 0 d-----w- C:\RECYCLER(2)
2010-08-16 04:43:45 0 d-sha-r- C:\cmdcons
2010-08-16 04:38:07 98816 ----a-w- c:\windows\sed.exe
2010-08-16 04:38:07 77312 ----a-w- c:\windows\MBR.exe
2010-08-16 04:38:07 256512 ----a-w- c:\windows\PEV.exe
2010-08-16 04:38:07 161792 ----a-w- c:\windows\SWREG.exe
2010-07-26 21:27:20 0 d-----w- c:\docume~1\waqar\applic~1\Malwarebytes
2010-07-26 21:26:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 21:26:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-26 21:26:46 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 21:26:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-26 21:06:38 5 ----a-w- C:\zrpt.xml
2010-07-26 21:06:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Update

==================== Find3M ====================

2010-08-12 09:22:52 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

============= FINISH: 18:17:52.01 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/16/2009 10:37:12 PM
System Uptime: 8/17/2010 6:10:51 PM (0 hours ago)

Motherboard: ASUSTek Computer Inc. | | P4SD-VL
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | CPU 1 | 2793/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 132.2 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WinpkFilter Miniport
Device ID: ROOT\NT_NDISRDMP\0000
Manufacturer: NTKR
Name: Intel(R) PRO/100 VE Network Connection - WinpkFilter Miniport
PNP Device ID: ROOT\NT_NDISRDMP\0000
Service: Ndisrd

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WinpkFilter Miniport
Device ID: ROOT\NT_NDISRDMP\0001
Manufacturer: NTKR
Name: WAN Miniport (IP) - WinpkFilter Miniport
PNP Device ID: ROOT\NT_NDISRDMP\0001
Service: Ndisrd

==== System Restore Points ===================

RP1: 8/16/2010 7:56:25 PM - System Checkpoint
RP2: 8/16/2010 8:19:58 PM - Restore Operation

==== Installed Programs ======================

AAC Decoder
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Agere Systems AC'97 Modem
AIM 7
AIM Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Bonjour
Combined Community Codec Pack 2008-09-21 16:18
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Download Updater (AOL LLC)
Free RAR Extract Frog 1.00
H.264 Decoder
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
iTunes
Java(TM) 6 Update 14
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Move Media Player
Mozilla Firefox (3.5.11)
MSN
QuickTime
RealPlayer
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
thriXXX 3DSexVilla2-084.001
thriXXX WebLaunch
Times Reader
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

8/17/2010 8:15:26 AM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The specified driver is invalid.
8/17/2010 8:15:26 AM, error: Service Control Manager [7000] - The TCP/IP Protocol Driver service failed to start due to the following error: The specified driver is invalid.
8/17/2010 8:15:22 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Tcpip
8/17/2010 8:15:22 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The specified driver is invalid.
8/17/2010 8:15:22 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2010 8:15:22 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2010 8:15:22 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2010 8:15:22 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2010 8:15:22 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2010 8:13:29 AM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
8/17/2010 12:53:12 AM, error: Service Control Manager [7001] - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The operation completed successfully.
8/17/2010 12:53:12 AM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
8/17/2010 1:16:59 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde Tcpip
8/17/2010 1:14:55 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================

I have posted new ComboFix, DDS, and Attach logs. I couldn't run the Kaspersky scanner because the Internet connection on my computer has been cut off. I can't access Mozilla or IE. Any suggestions on what to do about the Internet connection?

I appreciate the help.

Hi,

Does your device manager have any items with exclamation marks listed there?

Open notepad and copy/paste the text in the quotebox below into it:



Folder::
c:\documents and settings\LocalService\Local Settings\Application Data\dsitjkcbc
c:\documents and settings\Waqar\Local Settings\Application Data\exbnwpfwf
c:\documents and settings\Waqar\Local Settings\Application Data\gygbthdjk
c:\documents and settings\All Users\Application Data\Update
c:\documents and settings\Waqar\Application Data\Oply
File::
C:\zrpt.xml



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

ComboFix 10-08-15.01 - Waqar 08/18/2010 1:05.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.321 [GMT -4:00]
Running from: c:\documents and settings\Waqar\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Waqar\Desktop\CFScript.txt

FILE ::
"C:\zrpt.xml"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Update
c:\documents and settings\LocalService\Local Settings\Application Data\dsitjkcbc
c:\documents and settings\Waqar\Application Data\Oply
c:\documents and settings\Waqar\Application Data\Oply\zegae.ehz
c:\documents and settings\Waqar\Application Data\Oply\zegae.tmp
c:\documents and settings\Waqar\Local Settings\Application Data\exbnwpfwf
c:\documents and settings\Waqar\Local Settings\Application Data\gygbthdjk
C:\zrpt.xml

.
((((((((((((((((((((((((( Files Created from 2010-07-18 to 2010-08-18 )))))))))))))))))))))))))))))))
.

2010-08-17 00:20 . 2010-08-17 00:20 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-16 22:20 . 2010-08-16 22:20 -------- d-----w- c:\documents and settings\Waqar\Local Settings\Application Data\{116E1CDE-1499-4068-BEE3-3C0DB2E07A0D}
2010-08-16 22:07 . 2010-08-16 22:20 -------- d-----w- C:\RECYCLER(2)
2010-08-08 22:18 . 2010-08-08 22:18 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-08-08 22:18 . 2010-08-08 22:18 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AIM Toolbar
2010-08-07 23:23 . 2010-08-15 20:15 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-08-01 04:59 . 2010-08-01 04:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-07-28 00:15 . 2010-07-28 00:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-26 23:28 . 2010-07-26 23:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-26 21:27 . 2010-07-26 21:27 -------- d-----w- c:\documents and settings\Waqar\Application Data\Malwarebytes
2010-07-26 21:26 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 21:26 . 2010-07-26 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 21:26 . 2010-07-26 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-26 21:26 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 09:22 . 2006-02-28 12:00 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-07-01 01:58 . 2010-07-01 01:57 -------- d-----w- c:\program files\iTunes
2010-07-01 01:58 . 2010-07-01 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-01 01:57 . 2010-07-01 01:57 -------- d-----w- c:\program files\iPod
2010-07-01 01:57 . 2009-07-17 03:57 -------- d-----w- c:\program files\Common Files\Apple
2010-07-01 01:54 . 2010-01-03 02:52 -------- d-----w- c:\program files\QuickTime
2010-07-01 01:51 . 2010-07-01 01:51 -------- d-----w- c:\program files\Bonjour
2010-07-01 01:45 . 2010-07-01 01:45 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-30 12:31 . 2006-02-28 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2006-02-28 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-02-28 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-02-28 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-07-17 02:33 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-05-22 19:35 . 2010-05-22 19:35 503808 ----a-w- c:\documents and settings\Waqar\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7424c877-n\msvcp71.dll
2010-05-22 19:35 . 2010-05-22 19:35 499712 ----a-w- c:\documents and settings\Waqar\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7424c877-n\jmc.dll
2010-05-22 19:35 . 2010-05-22 19:35 348160 ----a-w- c:\documents and settings\Waqar\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7424c877-n\msvcr71.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 . 0969330117EF0858059D1284566D13B5 . 361600 . . [------] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-08-16_05.06.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-17 22:34 . 2010-08-17 22:34 16384 c:\windows\Temp\Perflib_Perfdata_664.dat
+ 2010-08-16 22:20 . 2010-08-17 00:20 13256 c:\windows\system32\Restore\rstrlog.dat
+ 2006-02-28 12:00 . 2008-04-14 00:12 34699 c:\windows\system32\hlp.dat
+ 2009-07-17 02:38 . 2010-08-16 23:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-17 02:38 . 2009-07-17 03:37 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-17 02:38 . 2010-08-16 23:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-07-17 02:38 . 2009-07-17 03:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-08-16 05:26 . 2010-08-16 05:26 811008 c:\windows\system32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-07 114688]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 88363]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-26 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-29 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Waqar\Application Data\Mozilla\Firefox\Profiles\orf8mrek.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101053100&s=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\Waqar\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101053100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-18 01:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-08-18 01:11:16
ComboFix-quarantined-files.txt 2010-08-18 05:11
ComboFix2.txt 2010-08-17 22:14
ComboFix3.txt 2010-08-17 05:33
ComboFix4.txt 2010-08-17 03:19
ComboFix5.txt 2010-08-18 05:04

Pre-Run: 141,929,349,120 bytes free
Post-Run: 141,920,854,016 bytes free

- - End Of File - - CCED5648FD10ADF88D277DEF86662AF4

Posted the new resultant log from ComboFix. Also, my device manager shows two items with exclamation marks:

-Intel(R) PRO/100 VE Network Connection - WinpkFilter Miniport
-WAN Miniport (IP) - WinpkFilter Miniport

What does properties window (right click the items and select properties) show for those?

For the first one:

Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)

Click Troubleshoot to start the troubleshooter for this device.

For the second one:

Same thing.

Hi,

Try to select uninstall option for both of those and reboot the system.

The computer won't let me uninstall either of those two items. A message pops up saying, "Failed to uninstall the device. The device may be required to boot up the computer."

Does it let you to disable those?

There is an option for disabling them. Should I go ahead and do that?

Please try that.

Okay, I disabled both items and there is now a red X next to each one of them. Please inform me of the next step. Thanks for helping, by the way.

Reboot and see if you're able to access the net.

Rebooted and tried again. Doesn't work.

Hi,

Go to control panel->network connections and open your network connection there.
In its connection status window click properties.
Uncheck WinpkFilter Miniport and uninstall it.
Reboot and see if problem still exist (run WinsockXP if needed).

Hi,

Followed your instructions, unchecked WinpkFilter Driver, uninstalled it, and rebooted. Still no Internet connection.

Then tried WinsockXP from my flash drive. Ran it, rebooted. Still no Internet connection.

Does the device manager still show exclamation marked items? Please try to uninstall your network card via device manager (it should be installed again after reboot).

No, there are no items with exclamation marks in the Device Manager. The two items with the exclamation marks from before are not even listed anymore.

Could you please provide more details on uninstalling my network card? Not sure what to do here.

In device manager network adapters section you should see your network adapter. Right click it->uninstall and have a reboot. System should detect the card again.

Okay, I know this is probably really simple but under the Network adapters section, I see two items: 1) 1394 Net Adapter, and 2) Intel(R) PRO/100 VE Network Connection.

Which is the one I should uninstall?

Intel(R) PRO/100 VE Network Connection

Tried it, still no luck.

By the way, when I rebooted the computer, the card was recognized as new hardware but when I open network connection, the original connection is no longer listed.

Does the device manager show any network adapters/devices with exclamation mark? You may have to install network card drivers (those are usually bundled with computer on a cd/dvd).

The device manager shows nothing with an exclamation mark.

I don't have the CD that came with my computer. My computer is about six years old so I lost all packages that came with it.

I tried downloading the Intel(R) PRO/100 VE network driver from another computer and use a flash drive to run the driver on mine. I ran it and the problem still exists.

Do you think my computer is just too old and broken?

Okay, after hours of working on the problem, I finally got the Internet back up. The trick was downloading WinSockFix from a website other than the one I got it from before.

My computer seems to run smoothly. Any other steps?

Good to hear that connection works now :)


Any other steps?
Yes, I'd still like to see if Kaspersky scanner finds anything. Post back the report + fresh dds log.

Still there?

Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.

Thank you Blade81. :)