Hey guys, I've been battling this issue for a few days and eventually resorted to a factory restore on my Samsung N120 netbook running Windows XP but even that hasn't fixed the problem. So here I am, looking for help to finally free my computer of whatever has infected it.

I've looked at the FAQ's and here is my DDS log...

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Boro at 19:31:27.98 on 11/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1507 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k yksvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Boro\My Documents\Downloads\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [BatteryLifeExtender] c:\program files\samsung\batterylifeextender\BatteryLifeExtender.exe /2
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\boro\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SUPBackGround] c:\program files\samsung\samsung update plus\SUPBackGround.exe
mRun: [BatteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe
mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1302470911287
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\boro\applic~1\mozilla\firefox\profiles\tj61wuhw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\documents and settings\boro\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-3-24 4300]
R2 SRS_PostInstaller;SRS PostInstaller Service;c:\program files\srs labs\wowxt and tsxt driver\SRS_PostInstaller2.exe [2009-2-19 74992]
R2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2009-3-24 14336]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-3-24 238464]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [2009-2-19 25560]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-24 1684736]
.
=============== Created Last 30 ================
.
2011-04-11 17:22:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-11 17:22:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-04-10 22:10:04 -------- d-----w- c:\docume~1\boro\applic~1\KompoZer
2011-04-10 22:03:55 -------- d-----w- c:\docume~1\boro\applic~1\CoreFTP
2011-04-10 22:03:28 -------- d-----w- c:\program files\CoreFTP
2011-04-10 21:51:54 -------- d-sh--w- c:\documents and settings\boro\PrivacIE
2011-04-10 21:51:22 -------- d-sh--w- c:\documents and settings\boro\IETldCache
2011-04-10 21:47:41 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-04-10 21:46:55 -------- dc-h--w- c:\windows\ie8
2011-04-10 21:33:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-10 21:33:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-10 21:32:05 885024 ----a-w- c:\program files\JavaSetup6u24.exe
2011-04-10 21:23:01 -------- d-----w- c:\docume~1\boro\locals~1\applic~1\Temp
2011-04-10 21:22:58 -------- d-----w- c:\docume~1\boro\locals~1\applic~1\Google
2011-04-10 21:22:44 568704 ----a-w- c:\program files\ChromeSetup.exe
2011-04-10 21:16:28 -------- d-----w- c:\docume~1\boro\locals~1\applic~1\Identities
2011-04-10 21:09:26 -------- d-----w- c:\program files\Marvell
2011-04-10 21:07:53 -------- d-----w- c:\docume~1\boro\applic~1\MSNInstaller
2011-04-10 21:04:36 -------- d-----w- c:\windows\system32\LogFiles
2011-04-10 20:39:55 -------- d-sh--w- c:\documents and settings\boro\UserData
2011-04-10 20:34:52 -------- d-----w- c:\documents and settings\boro\Bluetooth Software
.
==================== Find3M ====================
.
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS543216L9A300 rev.FB2OC4CC -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89B26439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89b2c7d0]; MOV EAX, [0x89b2c84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E1397] -> \Device\Harddisk0\DR0[0x89BA6AB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E1397] -> \Device\00000060[0x89BFD1E8]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E1397] -> [0x89BA7D98]
\Driver\atapi[0x89BFB240] -> IRP_MJ_CREATE -> 0x89B26439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV DS, AX; MOV ES, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, SP; MOV DI, 0x600; MOV CX, 0x100; CLD ; REP MOVSW ; JMP FAR 0x60:0x1b; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHitachi_HTS543216L9A300_________________FB2OC4CC#39303430313142463238303043564c4534304144#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x89B2627F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 19:33:30.95 ===============

Attached attach zip file

:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


Reply to this thread only by using the SUBMIT REPLY and please do not start any new topics.


Your infected with a rootkit :red:

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.






Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswmbrscan.gif
Click the "Scan" button to start scan


http://i1224.photobucket.com/albums/ee362/Essexboy3/aswmbrsavelog.gif
On completion of the scan click save log, save it to your desktop and post in your next reply

I've had to attach them as the character count was too long...

At this point, I should point out that I have downloaded and run a few programs in order to try and make my machine useable between my original post and now.

OTL logfile created on: 13/04/2011 17:52:12 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Boro\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 61.70 Gb Free Space | 86.85% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 71.91 Gb Free Space | 99.87% Space Free | Partition Type: NTFS

Computer Name: HURLEY | User Name: Boro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Boro\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Samsung\MagicKBD\MagicKBD.exe (SAMSUNG Electronics Co., Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller2.exe (SRS Labs, Inc.)
PRC - C:\Program Files\Samsung\MagicKBD\PerformanceManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Boro\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (McAfee SiteAdvisor Service) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (yksvc) -- C:\WINDOWS\system32\yk51x86.dll (Marvell)
SRV - (SRS_PostInstaller) -- C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller2.exe (SRS Labs, Inc.)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (wowfilter) -- C:\WINDOWS\system32\drivers\WOWFilter.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (VMC326) -- C:\WINDOWS\system32\drivers\VMC326.sys (Vimicro Corporation)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/04/11 23:17:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/10 22:41:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/04/10 22:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Boro\Application Data\Mozilla\Extensions
[2011/04/11 22:57:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Boro\Application Data\Mozilla\Firefox\Profiles\tj61wuhw.default\extensions
[2011/04/11 22:57:19 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Documents and Settings\Boro\Application Data\Mozilla\Firefox\Profiles\tj61wuhw.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2011/04/10 22:41:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/18 18:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/11 22:16:56 | 000,431,550 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14880 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [SUPBackGround] C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [BatteryLifeExtender] C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe (Samsung Electronics. Co. Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\Boro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1302553098250 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1302470911287 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O27 - HKLM IFEO\dotnet3.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnet3[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnet3[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3_ia64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3_ia64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3_ia64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx30SP1setup.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx30SP1setup[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx30SP1setup[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx35.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx35[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx35[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx35setup.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx35setup[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx35setup[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3setup.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3setup[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3setup[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_ia64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_ia64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_ia64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_x86.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_x86[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_x86[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_ia64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_ia64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_ia64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_x86.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_x86[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_x86[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx30SP1_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx30SP1_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx30SP1_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx30SP1_x86.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx30SP1_x86[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx30SP1_x86[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_ia64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_ia64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_ia64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_x86.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_x86[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_x86[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/24 23:28:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/12 18:44:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/12 18:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2011/04/12 18:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Local Settings\Application Data\Paint.NET
[2011/04/12 18:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/04/12 18:32:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\assembly
[2011/04/12 18:31:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/04/12 18:30:43 | 000,000,000 | RH-D | C] -- C:\AHCache
[2011/04/11 23:55:24 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/04/11 23:38:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/04/11 23:18:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Application Data\Avira
[2011/04/11 23:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/04/11 23:12:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/04/11 23:12:57 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/04/11 23:12:57 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/04/11 23:12:57 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/04/11 23:12:57 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/04/11 23:12:56 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/11 23:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/04/11 23:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Application Data\Malwarebytes
[2011/04/11 23:11:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/11 23:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/11 23:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/11 23:10:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/11 23:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/11 22:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\My Documents\ForceField Shared Files
[2011/04/11 22:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Application Data\CheckPoint
[2011/04/11 22:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/04/11 22:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Local Settings\Application Data\Conduit
[2011/04/11 22:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Local Settings\Application Data\ZoneAlarm_Security
[2011/04/11 22:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security
[2011/04/11 22:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/04/11 22:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ZoneAlarm
[2011/04/11 22:56:50 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2011/04/11 22:56:47 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2011/04/11 22:56:47 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2011/04/11 22:56:39 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2011/04/11 22:56:39 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2011/04/11 22:56:39 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2011/04/11 22:56:38 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2011/04/11 22:56:38 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2011/04/11 22:56:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2011/04/11 22:56:36 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2011/04/11 22:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2011/04/11 22:55:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2011/04/11 22:55:34 | 000,715,264 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2011/04/11 22:55:34 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2011/04/11 22:55:34 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2011/04/11 22:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/04/11 22:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/04/11 22:14:09 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2011/04/11 22:14:09 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2011/04/11 22:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/04/11 22:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/04/11 21:57:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/04/11 21:53:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/04/11 21:53:49 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/04/11 21:53:48 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/04/11 21:53:48 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/04/11 21:44:00 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2011/04/11 21:43:13 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/04/11 21:38:11 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/04/11 21:38:10 | 002,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/04/11 21:38:10 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/04/11 21:24:33 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011/04/11 21:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/04/11 21:21:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/04/11 21:18:52 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2011/04/11 21:18:52 | 000,021,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2011/04/11 21:18:51 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2011/04/11 21:18:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/04/11 21:09:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/11 21:08:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/11 21:08:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/11 21:08:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/11 21:08:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/11 21:07:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/11 19:38:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/11 19:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/04/11 19:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/11 18:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/11 18:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/11 18:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/04/10 23:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Application Data\KompoZer
[2011/04/10 23:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\My Documents\WEBSITES
[2011/04/10 23:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Application Data\CoreFTP
[2011/04/10 23:03:28 | 000,000,000 | ---D | C] -- C:\Program Files\CoreFTP
[2011/04/10 23:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Start Menu\Programs\Core FTP
[2011/04/10 22:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\My Documents\Downloads
[2011/04/10 22:51:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Boro\PrivacIE
[2011/04/10 22:51:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Boro\IETldCache
[2011/04/10 22:47:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/04/10 22:47:41 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2011/04/10 22:46:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/04/10 22:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Local Settings\Application Data\Mozilla
[2011/04/10 22:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Application Data\Mozilla
[2011/04/10 22:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/04/10 22:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Application Data\Macromedia
[2011/04/10 22:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/04/10 22:33:37 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/10 22:33:37 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/10 22:33:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/10 22:33:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/10 22:33:37 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/10 22:32:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Application Data\Sun
[2011/04/10 22:32:05 | 000,885,024 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\JavaSetup6u24.exe
[2011/04/10 22:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/10 22:26:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/04/10 22:26:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/04/10 22:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Start Menu\Programs\Google Chrome
[2011/04/10 22:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Local Settings\Application Data\Temp
[2011/04/10 22:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Local Settings\Application Data\Google
[2011/04/10 22:22:44 | 000,568,704 | ---- | C] (Google Inc.) -- C:\Program Files\ChromeSetup.exe
[2011/04/10 22:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Local Settings\Application Data\Identities
[2011/04/10 22:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Marvell
[2011/04/10 22:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Application Data\MSNInstaller
[2011/04/10 22:04:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/04/10 21:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/10 21:47:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/10 21:39:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Boro\UserData
[2011/04/10 21:39:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2011/04/10 21:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Bluetooth Software
[2011/04/10 21:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\My Documents\Bluetooth Exchange Folder
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/12 20:28:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2666514318-3810101157-1613676-1005UA.job
[2011/04/12 18:45:19 | 000,041,771 | ---- | M] () -- C:\Documents and Settings\Boro\My Documents\wedding-banner.jpg
[2011/04/12 18:35:02 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2011/04/12 18:34:06 | 000,390,662 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/12 18:34:06 | 000,049,600 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/12 17:40:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/12 17:40:13 | 2137,444,352 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/11 23:13:23 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/04/11 23:11:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/11 22:58:12 | 000,421,442 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/04/11 22:56:52 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/04/11 22:56:52 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Boro\Desktop\ZoneAlarm Security.lnk
[2011/04/11 22:43:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/11 22:27:01 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2666514318-3810101157-1613676-1005Core.job
[2011/04/11 22:25:25 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/04/11 22:16:56 | 000,431,550 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/11 22:14:09 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Boro\Desktop\SpywareBlaster.lnk
[2011/04/11 22:06:53 | 000,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/11 21:23:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/11 21:09:20 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/11 20:30:35 | 000,001,585 | ---- | M] () -- C:\Documents and Settings\Boro\My Documents\Attach.zip
[2011/04/11 20:24:56 | 004,318,945 | R--- | M] () -- C:\Documents and Settings\Boro\Desktop\ComboFix.exe
[2011/04/11 19:38:11 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Boro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/04/11 19:38:08 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Boro\Desktop\NTREGOPT.lnk
[2011/04/11 19:38:08 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Boro\Desktop\ERUNT.lnk
[2011/04/11 18:52:46 | 000,431,550 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110411-221656.backup
[2011/04/11 18:22:48 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Boro\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/11 18:22:48 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Boro\Desktop\Spybot - Search & Destroy.lnk
[2011/04/10 23:03:29 | 000,000,491 | ---- | M] () -- C:\Documents and Settings\Boro\Desktop\Core FTP LE.lnk
[2011/04/10 22:56:17 | 000,001,142 | ---- | M] () -- C:\Documents and Settings\Boro\Desktop\Kompozer.lnk
[2011/04/10 22:51:26 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Boro\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/10 22:41:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/04/10 22:41:33 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Boro\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/10 22:41:33 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/10 22:33:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/10 22:33:20 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/10 22:33:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/10 22:33:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/10 22:33:20 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/10 22:32:13 | 000,885,024 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\JavaSetup6u24.exe
[2011/04/10 22:24:28 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Boro\Desktop\Google Chrome.lnk
[2011/04/10 22:24:28 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Boro\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/10 22:22:56 | 000,568,704 | ---- | M] (Google Inc.) -- C:\Program Files\ChromeSetup.exe
[2011/04/10 22:07:25 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2011/04/10 21:34:49 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\Boro\Desktop\CyberLink YouCam.lnk
[2011/03/18 01:24:38 | 001,238,528 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2011/03/18 01:24:34 | 000,715,264 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2011/03/18 01:24:34 | 000,110,080 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2011/03/18 01:24:34 | 000,104,448 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2011/03/18 01:24:34 | 000,069,120 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2011/03/18 01:24:34 | 000,043,008 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2011/03/18 01:24:32 | 000,302,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2011/03/18 01:24:32 | 000,228,864 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2011/03/18 01:24:32 | 000,112,128 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2011/03/18 01:24:32 | 000,108,032 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2011/03/18 01:24:32 | 000,058,368 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/12 18:45:19 | 000,041,771 | ---- | C] () -- C:\Documents and Settings\Boro\My Documents\wedding-banner.jpg
[2011/04/12 18:35:02 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Paint.NET.lnk
[2011/04/12 18:35:02 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2011/04/12 18:33:53 | 000,060,416 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/11 23:13:23 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/04/11 23:11:06 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/11 22:56:52 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/04/11 22:56:52 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Boro\Desktop\ZoneAlarm Security.lnk
[2011/04/11 22:56:36 | 000,421,442 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/04/11 22:25:25 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/11 22:25:25 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/04/11 22:14:09 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Boro\Desktop\SpywareBlaster.lnk
[2011/04/11 21:09:20 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/11 21:09:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/11 21:08:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/11 21:08:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/11 21:08:09 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/11 21:08:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/11 21:08:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/11 20:30:35 | 000,001,585 | ---- | C] () -- C:\Documents and Settings\Boro\My Documents\Attach.zip
[2011/04/11 20:24:27 | 004,318,945 | R--- | C] () -- C:\Documents and Settings\Boro\Desktop\ComboFix.exe
[2011/04/11 19:38:11 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Boro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/04/11 19:38:08 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Boro\Desktop\NTREGOPT.lnk
[2011/04/11 19:38:08 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Boro\Desktop\ERUNT.lnk
[2011/04/11 18:22:48 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Boro\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/11 18:22:48 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Boro\Desktop\Spybot - Search & Destroy.lnk
[2011/04/10 23:03:28 | 000,000,491 | ---- | C] () -- C:\Documents and Settings\Boro\Desktop\Core FTP LE.lnk
[2011/04/10 22:56:17 | 000,001,142 | ---- | C] () -- C:\Documents and Settings\Boro\Desktop\Kompozer.lnk
[2011/04/10 22:41:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/10 22:41:33 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Boro\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/10 22:41:33 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/10 22:41:33 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/10 22:24:28 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\Boro\Desktop\Google Chrome.lnk
[2011/04/10 22:24:28 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\Boro\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/10 22:23:00 | 000,000,972 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2666514318-3810101157-1613676-1005UA.job
[2011/04/10 22:22:59 | 000,000,920 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2666514318-3810101157-1613676-1005Core.job
[2011/04/10 22:07:25 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2009/08/01 18:33:04 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Boro_KBD.ini
[2009/04/17 11:39:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/24 23:54:02 | 000,307,200 | ---- | C] () -- C:\WINDOWS\SetDisplayResolution.exe
[2009/03/24 23:39:38 | 000,000,002 | ---- | C] () -- C:\WINDOWS\HotFixList.ini
[2009/03/24 23:39:32 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2009/03/24 23:39:32 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Owner_KBD.ini
[2009/03/24 23:39:30 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2009/03/24 23:39:30 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2009/03/24 23:39:30 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2009/03/24 23:39:30 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2009/03/24 23:39:30 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2009/03/24 23:39:30 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2009/03/24 23:39:30 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2009/03/24 23:39:30 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2009/03/24 23:39:30 | 000,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
[2009/03/24 23:39:30 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2009/03/24 23:39:30 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2009/03/24 23:39:30 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2009/03/24 23:39:30 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2009/03/24 23:39:30 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2009/03/24 23:39:30 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2009/03/24 23:39:30 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2009/03/24 23:39:30 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2009/03/24 23:38:16 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2009/03/24 23:38:16 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2009/03/24 23:34:42 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/03/24 23:32:09 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Marker.exe
[2009/03/24 23:32:08 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2009/03/24 23:30:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/24 23:26:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/24 21:28:24 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/03/24 21:27:54 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/03/24 21:27:53 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/03/24 21:27:53 | 000,390,662 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/24 21:27:53 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/03/24 21:27:53 | 000,049,600 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/24 21:27:53 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/03/24 21:27:53 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/03/24 21:27:53 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/03/24 21:27:51 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/03/24 21:27:51 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/03/24 21:27:46 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/03/24 21:27:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/03/24 15:20:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/24 15:19:53 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/19 05:08:50 | 000,043,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2009/02/19 05:08:48 | 000,025,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWFilter.sys
[2009/02/19 05:08:46 | 000,036,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2008/09/17 14:20:08 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/27 01:49:12 | 006,139,774 | ---- | C] () -- C:\WINDOWS\imagine digital freedom.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/08/01 18:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/04/11 06:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinClon
[2009/03/24 23:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLAN
[2011/04/11 22:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boro\Application Data\CheckPoint
[2011/04/13 17:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boro\Application Data\CoreFTP
[2011/04/10 23:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boro\Application Data\KompoZer
[2011/04/10 22:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boro\Application Data\MSNInstaller

========== Purity Check ==========



< End of report >

What exactly did you do ? Your DDS log showed you where infected with a Rootkit but your aswMBR does not.

I ran TDSS Killer and Combofix, ran Spybot S&D and Avira AV, then updated windows.

Well , looks like you did ok, but have to warn you that these tools you ran are constantly updated and sometimes a bug is detected that can damage a system, we are alerted to these bugs but the user is not, you may want to take some precaution in the future before you run any of these tools or you can wind up doing a format and reinstall.

Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe







Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses

:OTL



:Services

:Reg

:Files
ipconfig /flushdns /c
[2011/04/11 23:55:24 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW




:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.