Results 1 to 7 of 7

Thread: Another click.giftload problem, please help :-(

  1. #1
    Junior Member
    Join Date
    Apr 2011
    Posts
    3

    Default Another click.giftload problem, please help :-(

    Hey guys, I've been battling this issue for a few days and eventually resorted to a factory restore on my Samsung N120 netbook running Windows XP but even that hasn't fixed the problem. So here I am, looking for help to finally free my computer of whatever has infected it.

    I've looked at the FAQ's and here is my DDS log...

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Boro at 19:31:27.98 on 11/04/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1507 [GMT 1:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k yksvcs
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller2.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
    C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
    C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Boro\My Documents\Downloads\dds.com
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.co.uk/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [BatteryLifeExtender] c:\program files\samsung\batterylifeextender\BatteryLifeExtender.exe /2
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [Google Update] "c:\documents and settings\boro\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [SUPBackGround] c:\program files\samsung\samsung update plus\SUPBackGround.exe
    mRun: [BatteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
    mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe
    mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1302470911287
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
    Notify: igfxcui - igfxdev.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\boro\applic~1\mozilla\firefox\profiles\tj61wuhw.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - plugin: c:\documents and settings\boro\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-3-24 4300]
    R2 SRS_PostInstaller;SRS PostInstaller Service;c:\program files\srs labs\wowxt and tsxt driver\SRS_PostInstaller2.exe [2009-2-19 74992]
    R2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2009-3-24 14336]
    R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-3-24 238464]
    R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [2009-2-19 25560]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-24 1684736]
    .
    =============== Created Last 30 ================
    .
    2011-04-11 17:22:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-04-11 17:22:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2011-04-10 22:10:04 -------- d-----w- c:\docume~1\boro\applic~1\KompoZer
    2011-04-10 22:03:55 -------- d-----w- c:\docume~1\boro\applic~1\CoreFTP
    2011-04-10 22:03:28 -------- d-----w- c:\program files\CoreFTP
    2011-04-10 21:51:54 -------- d-sh--w- c:\documents and settings\boro\PrivacIE
    2011-04-10 21:51:22 -------- d-sh--w- c:\documents and settings\boro\IETldCache
    2011-04-10 21:47:41 26144 ----a-w- c:\windows\system32\spupdsvc.exe
    2011-04-10 21:46:55 -------- dc-h--w- c:\windows\ie8
    2011-04-10 21:33:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-04-10 21:33:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-04-10 21:32:05 885024 ----a-w- c:\program files\JavaSetup6u24.exe
    2011-04-10 21:23:01 -------- d-----w- c:\docume~1\boro\locals~1\applic~1\Temp
    2011-04-10 21:22:58 -------- d-----w- c:\docume~1\boro\locals~1\applic~1\Google
    2011-04-10 21:22:44 568704 ----a-w- c:\program files\ChromeSetup.exe
    2011-04-10 21:16:28 -------- d-----w- c:\docume~1\boro\locals~1\applic~1\Identities
    2011-04-10 21:09:26 -------- d-----w- c:\program files\Marvell
    2011-04-10 21:07:53 -------- d-----w- c:\docume~1\boro\applic~1\MSNInstaller
    2011-04-10 21:04:36 -------- d-----w- c:\windows\system32\LogFiles
    2011-04-10 20:39:55 -------- d-sh--w- c:\documents and settings\boro\UserData
    2011-04-10 20:34:52 -------- d-----w- c:\documents and settings\boro\Bluetooth Software
    .
    ==================== Find3M ====================
    .
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: Hitachi_HTS543216L9A300 rev.FB2OC4CC -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89B26439]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89b2c7d0]; MOV EAX, [0x89b2c84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 nt!IofCallDriver[0x804E1397] -> \Device\Harddisk0\DR0[0x89BA6AB8]
    3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E1397] -> \Device\00000060[0x89BFD1E8]
    5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E1397] -> [0x89BA7D98]
    \Driver\atapi[0x89BFB240] -> IRP_MJ_CREATE -> 0x89B26439
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV DS, AX; MOV ES, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, SP; MOV DI, 0x600; MOV CX, 0x100; CLD ; REP MOVSW ; JMP FAR 0x60:0x1b; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHitachi_HTS543216L9A300_________________FB2OC4CC#39303430313142463238303043564c4534304144#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x89B2627F
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 19:33:30.95 ===============

    Attached attach zip file
    Last edited by tashi; 2011-04-11 at 22:50. Reason: Merged two posts. :-)

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


    Reply to this thread only by using the SUBMIT REPLY and please do not start any new topics.


    Your infected with a rootkit

    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.





    Download aswMBR.exe ( 511KB ) to your desktop.

    Double click the aswMBR.exe to run it


    Click the "Scan" button to start scan



    On completion of the scan click save log, save it to your desktop and post in your next reply
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    Apr 2011
    Posts
    3

    Default

    I've had to attach them as the character count was too long...

    At this point, I should point out that I have downloaded and run a few programs in order to try and make my machine useable between my original post and now.

    OTL logfile created on: 13/04/2011 17:52:12 - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Boro\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 71.04 Gb Total Space | 61.70 Gb Free Space | 86.85% Space Free | Partition Type: NTFS
    Drive D: | 72.00 Gb Total Space | 71.91 Gb Free Space | 99.87% Space Free | Partition Type: NTFS

    Computer Name: HURLEY | User Name: Boro | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Boro\My Documents\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
    PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
    PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
    PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe ()
    PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
    PRC - C:\Program Files\Samsung\MagicKBD\MagicKBD.exe (SAMSUNG Electronics Co., Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller2.exe (SRS Labs, Inc.)
    PRC - C:\Program Files\Samsung\MagicKBD\PerformanceManager.exe (Samsung Electronics Co., Ltd.)
    PRC - C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
    PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
    PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
    PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Boro\My Documents\Downloads\OTL.exe (OldTimer Tools)
    MOD - C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (McAfee SiteAdvisor Service) -- File not found
    SRV - (HidServ) -- File not found
    SRV - (AppMgmt) -- File not found
    SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
    SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
    SRV - (yksvc) -- C:\WINDOWS\system32\yk51x86.dll (Marvell)
    SRV - (SRS_PostInstaller) -- C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller2.exe (SRS Labs, Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
    DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
    DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
    DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
    DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
    DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
    DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
    DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
    DRV - (wowfilter) -- C:\WINDOWS\system32\drivers\WOWFilter.sys ()
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (VMC326) -- C:\WINDOWS\system32\drivers\VMC326.sys (Vimicro Corporation)
    DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
    DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
    DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
    DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
    DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========


    FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/04/11 23:17:18 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/10 22:41:31 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2011/04/10 22:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Boro\Application Data\Mozilla\Extensions
    [2011/04/11 22:57:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Boro\Application Data\Mozilla\Firefox\Profiles\tj61wuhw.default\extensions
    [2011/04/11 22:57:19 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Documents and Settings\Boro\Application Data\Mozilla\Firefox\Profiles\tj61wuhw.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
    [2011/04/10 22:41:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/03/18 18:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
    [2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/04/11 22:16:56 | 000,431,550 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 123fporn.info
    O1 - Hosts: 14880 more lines...
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
    O4 - HKLM..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
    O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
    O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\Samsung\MagicKBD\PreMKbd.exe ()
    O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
    O4 - HKLM..\Run: [SUPBackGround] C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe ()
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O4 - HKCU..\Run: [BatteryLifeExtender] C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe (Samsung Electronics. Co. Ltd.)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    O4 - Startup: C:\Documents and Settings\Boro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1302553098250 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1302470911287 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O27 - HKLM IFEO\dotnet3.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnet3[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnet3[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnetfx.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnetfx[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnetfx[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnetfx3.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnetfx3[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnetfx3[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnetfx3_ia64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnetfx3_ia64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnetfx3_ia64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnetfx3_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnetfx3_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnetfx3_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnetfx30SP1setup.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnetfx30SP1setup[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnetfx30SP1setup[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnetfx35.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnetfx35[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnetfx35[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnetfx35setup.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnetfx35setup[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnetfx35setup[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnetfx3setup.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnetfx3setup[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\dotnetfx3setup[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx20SP1_ia64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx20SP1_ia64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx20SP1_ia64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx20SP1_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx20SP1_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx20SP1_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx20SP1_x86.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx20SP1_x86[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx20SP1_x86[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx20SP2_ia64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx20SP2_ia64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx20SP2_ia64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx20SP2_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx20SP2_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx20SP2_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx20SP2_x86.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx20SP2_x86[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx20SP2_x86[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx30SP1_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx30SP1_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx30SP1_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx30SP1_x86.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx30SP1_x86[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx30SP1_x86[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx35_ia64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx35_ia64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx35_ia64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx35_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx35_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx35_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx35_x86.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx35_x86[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx35_x86[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O27 - HKLM IFEO\NetFx64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/03/24 23:28:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/04/12 18:44:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/04/12 18:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
    [2011/04/12 18:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Local Settings\Application Data\Paint.NET
    [2011/04/12 18:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
    [2011/04/12 18:32:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\assembly
    [2011/04/12 18:31:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
    [2011/04/12 18:30:43 | 000,000,000 | RH-D | C] -- C:\AHCache
    [2011/04/11 23:55:24 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
    [2011/04/11 23:38:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
    [2011/04/11 23:18:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Application Data\Avira
    [2011/04/11 23:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
    [2011/04/11 23:12:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2011/04/11 23:12:57 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2011/04/11 23:12:57 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2011/04/11 23:12:57 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2011/04/11 23:12:57 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2011/04/11 23:12:56 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2011/04/11 23:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2011/04/11 23:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Application Data\Malwarebytes
    [2011/04/11 23:11:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/04/11 23:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/04/11 23:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/04/11 23:10:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/04/11 23:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/04/11 22:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\My Documents\ForceField Shared Files
    [2011/04/11 22:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Application Data\CheckPoint
    [2011/04/11 22:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
    [2011/04/11 22:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Local Settings\Application Data\Conduit
    [2011/04/11 22:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Local Settings\Application Data\ZoneAlarm_Security
    [2011/04/11 22:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security
    [2011/04/11 22:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
    [2011/04/11 22:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ZoneAlarm
    [2011/04/11 22:56:50 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
    [2011/04/11 22:56:47 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
    [2011/04/11 22:56:47 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
    [2011/04/11 22:56:39 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
    [2011/04/11 22:56:39 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
    [2011/04/11 22:56:39 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
    [2011/04/11 22:56:38 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
    [2011/04/11 22:56:38 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
    [2011/04/11 22:56:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
    [2011/04/11 22:56:36 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
    [2011/04/11 22:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
    [2011/04/11 22:55:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
    [2011/04/11 22:55:34 | 000,715,264 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
    [2011/04/11 22:55:34 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
    [2011/04/11 22:55:34 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
    [2011/04/11 22:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2011/04/11 22:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2011/04/11 22:14:09 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
    [2011/04/11 22:14:09 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
    [2011/04/11 22:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
    [2011/04/11 22:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
    [2011/04/11 21:57:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
    [2011/04/11 21:53:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
    [2011/04/11 21:53:49 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
    [2011/04/11 21:53:48 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
    [2011/04/11 21:53:48 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
    [2011/04/11 21:44:00 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
    [2011/04/11 21:43:13 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
    [2011/04/11 21:38:11 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
    [2011/04/11 21:38:10 | 002,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
    [2011/04/11 21:38:10 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
    [2011/04/11 21:24:33 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
    [2011/04/11 21:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    [2011/04/11 21:21:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
    [2011/04/11 21:18:52 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
    [2011/04/11 21:18:52 | 000,021,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
    [2011/04/11 21:18:51 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
    [2011/04/11 21:18:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
    [2011/04/11 21:09:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/04/11 21:08:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/04/11 21:08:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/04/11 21:08:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/04/11 21:08:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/04/11 21:07:49 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/04/11 19:38:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/04/11 19:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2011/04/11 19:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2011/04/11 18:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
    [2011/04/11 18:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/04/11 18:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2011/04/10 23:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Application Data\KompoZer
    [2011/04/10 23:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\My Documents\WEBSITES
    [2011/04/10 23:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Application Data\CoreFTP
    [2011/04/10 23:03:28 | 000,000,000 | ---D | C] -- C:\Program Files\CoreFTP
    [2011/04/10 23:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Start Menu\Programs\Core FTP
    [2011/04/10 22:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\My Documents\Downloads
    [2011/04/10 22:51:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Boro\PrivacIE
    [2011/04/10 22:51:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Boro\IETldCache
    [2011/04/10 22:47:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
    [2011/04/10 22:47:41 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
    [2011/04/10 22:46:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2011/04/10 22:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Local Settings\Application Data\Mozilla
    [2011/04/10 22:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Application Data\Mozilla
    [2011/04/10 22:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2011/04/10 22:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Application Data\Macromedia
    [2011/04/10 22:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2011/04/10 22:33:37 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
    [2011/04/10 22:33:37 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2011/04/10 22:33:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2011/04/10 22:33:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2011/04/10 22:33:37 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2011/04/10 22:32:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Application Data\Sun
    [2011/04/10 22:32:05 | 000,885,024 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\JavaSetup6u24.exe
    [2011/04/10 22:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2011/04/10 22:26:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
    [2011/04/10 22:26:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2011/04/10 22:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Start Menu\Programs\Google Chrome
    [2011/04/10 22:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Local Settings\Application Data\Temp
    [2011/04/10 22:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Local Settings\Application Data\Google
    [2011/04/10 22:22:44 | 000,568,704 | ---- | C] (Google Inc.) -- C:\Program Files\ChromeSetup.exe
    [2011/04/10 22:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Local Settings\Application Data\Identities
    [2011/04/10 22:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Marvell
    [2011/04/10 22:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Application Data\MSNInstaller
    [2011/04/10 22:04:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2011/04/10 21:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2011/04/10 21:47:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2011/04/10 21:39:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Boro\UserData
    [2011/04/10 21:39:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\SACore
    [2011/04/10 21:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\Bluetooth Software
    [2011/04/10 21:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boro\My Documents\Bluetooth Exchange Folder
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/04/12 20:28:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2666514318-3810101157-1613676-1005UA.job
    [2011/04/12 18:45:19 | 000,041,771 | ---- | M] () -- C:\Documents and Settings\Boro\My Documents\wedding-banner.jpg
    [2011/04/12 18:35:02 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
    [2011/04/12 18:34:06 | 000,390,662 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/04/12 18:34:06 | 000,049,600 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/04/12 17:40:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/04/12 17:40:13 | 2137,444,352 | -HS- | M] () -- C:\hiberfil.sys
    [2011/04/11 23:13:23 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2011/04/11 23:11:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/04/11 22:58:12 | 000,421,442 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
    [2011/04/11 22:56:52 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
    [2011/04/11 22:56:52 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Boro\Desktop\ZoneAlarm Security.lnk
    [2011/04/11 22:43:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/04/11 22:27:01 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2666514318-3810101157-1613676-1005Core.job
    [2011/04/11 22:25:25 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2011/04/11 22:16:56 | 000,431,550 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/04/11 22:14:09 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Boro\Desktop\SpywareBlaster.lnk
    [2011/04/11 22:06:53 | 000,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/04/11 21:23:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/04/11 21:09:20 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/04/11 20:30:35 | 000,001,585 | ---- | M] () -- C:\Documents and Settings\Boro\My Documents\Attach.zip
    [2011/04/11 20:24:56 | 004,318,945 | R--- | M] () -- C:\Documents and Settings\Boro\Desktop\ComboFix.exe
    [2011/04/11 19:38:11 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Boro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/04/11 19:38:08 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Boro\Desktop\NTREGOPT.lnk
    [2011/04/11 19:38:08 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Boro\Desktop\ERUNT.lnk
    [2011/04/11 18:52:46 | 000,431,550 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110411-221656.backup
    [2011/04/11 18:22:48 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Boro\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/04/11 18:22:48 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Boro\Desktop\Spybot - Search & Destroy.lnk
    [2011/04/10 23:03:29 | 000,000,491 | ---- | M] () -- C:\Documents and Settings\Boro\Desktop\Core FTP LE.lnk
    [2011/04/10 22:56:17 | 000,001,142 | ---- | M] () -- C:\Documents and Settings\Boro\Desktop\Kompozer.lnk
    [2011/04/10 22:51:26 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Boro\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/04/10 22:41:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
    [2011/04/10 22:41:33 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Boro\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/04/10 22:41:33 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/04/10 22:33:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
    [2011/04/10 22:33:20 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2011/04/10 22:33:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2011/04/10 22:33:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2011/04/10 22:33:20 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2011/04/10 22:32:13 | 000,885,024 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\JavaSetup6u24.exe
    [2011/04/10 22:24:28 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Boro\Desktop\Google Chrome.lnk
    [2011/04/10 22:24:28 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Boro\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011/04/10 22:22:56 | 000,568,704 | ---- | M] (Google Inc.) -- C:\Program Files\ChromeSetup.exe
    [2011/04/10 22:07:25 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
    [2011/04/10 21:34:49 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\Boro\Desktop\CyberLink YouCam.lnk
    [2011/03/18 01:24:38 | 001,238,528 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
    [2011/03/18 01:24:34 | 000,715,264 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
    [2011/03/18 01:24:34 | 000,110,080 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
    [2011/03/18 01:24:34 | 000,104,448 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
    [2011/03/18 01:24:34 | 000,069,120 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
    [2011/03/18 01:24:34 | 000,043,008 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
    [2011/03/18 01:24:32 | 000,302,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
    [2011/03/18 01:24:32 | 000,228,864 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
    [2011/03/18 01:24:32 | 000,112,128 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
    [2011/03/18 01:24:32 | 000,108,032 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
    [2011/03/18 01:24:32 | 000,058,368 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/04/12 18:45:19 | 000,041,771 | ---- | C] () -- C:\Documents and Settings\Boro\My Documents\wedding-banner.jpg
    [2011/04/12 18:35:02 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Paint.NET.lnk
    [2011/04/12 18:35:02 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
    [2011/04/12 18:33:53 | 000,060,416 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/04/11 23:13:23 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2011/04/11 23:11:06 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/04/11 22:56:52 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
    [2011/04/11 22:56:52 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Boro\Desktop\ZoneAlarm Security.lnk
    [2011/04/11 22:56:36 | 000,421,442 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
    [2011/04/11 22:25:25 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
    [2011/04/11 22:25:25 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2011/04/11 22:14:09 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Boro\Desktop\SpywareBlaster.lnk
    [2011/04/11 21:09:20 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/04/11 21:09:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/04/11 21:08:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/04/11 21:08:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/04/11 21:08:09 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/04/11 21:08:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/04/11 21:08:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/04/11 20:30:35 | 000,001,585 | ---- | C] () -- C:\Documents and Settings\Boro\My Documents\Attach.zip
    [2011/04/11 20:24:27 | 004,318,945 | R--- | C] () -- C:\Documents and Settings\Boro\Desktop\ComboFix.exe
    [2011/04/11 19:38:11 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Boro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/04/11 19:38:08 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Boro\Desktop\NTREGOPT.lnk
    [2011/04/11 19:38:08 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Boro\Desktop\ERUNT.lnk
    [2011/04/11 18:22:48 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Boro\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/04/11 18:22:48 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Boro\Desktop\Spybot - Search & Destroy.lnk
    [2011/04/10 23:03:28 | 000,000,491 | ---- | C] () -- C:\Documents and Settings\Boro\Desktop\Core FTP LE.lnk
    [2011/04/10 22:56:17 | 000,001,142 | ---- | C] () -- C:\Documents and Settings\Boro\Desktop\Kompozer.lnk
    [2011/04/10 22:41:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2011/04/10 22:41:33 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Boro\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/04/10 22:41:33 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/04/10 22:41:33 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/04/10 22:24:28 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\Boro\Desktop\Google Chrome.lnk
    [2011/04/10 22:24:28 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\Boro\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011/04/10 22:23:00 | 000,000,972 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2666514318-3810101157-1613676-1005UA.job
    [2011/04/10 22:22:59 | 000,000,920 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2666514318-3810101157-1613676-1005Core.job
    [2011/04/10 22:07:25 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
    [2009/08/01 18:33:04 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Boro_KBD.ini
    [2009/04/17 11:39:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2009/03/24 23:54:02 | 000,307,200 | ---- | C] () -- C:\WINDOWS\SetDisplayResolution.exe
    [2009/03/24 23:39:38 | 000,000,002 | ---- | C] () -- C:\WINDOWS\HotFixList.ini
    [2009/03/24 23:39:32 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
    [2009/03/24 23:39:32 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Owner_KBD.ini
    [2009/03/24 23:39:30 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
    [2009/03/24 23:39:30 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
    [2009/03/24 23:39:30 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
    [2009/03/24 23:39:30 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
    [2009/03/24 23:39:30 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
    [2009/03/24 23:39:30 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
    [2009/03/24 23:39:30 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
    [2009/03/24 23:39:30 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
    [2009/03/24 23:39:30 | 000,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
    [2009/03/24 23:39:30 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
    [2009/03/24 23:39:30 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
    [2009/03/24 23:39:30 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
    [2009/03/24 23:39:30 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
    [2009/03/24 23:39:30 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
    [2009/03/24 23:39:30 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
    [2009/03/24 23:39:30 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
    [2009/03/24 23:39:30 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
    [2009/03/24 23:38:16 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
    [2009/03/24 23:38:16 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
    [2009/03/24 23:34:42 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
    [2009/03/24 23:32:09 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Marker.exe
    [2009/03/24 23:32:08 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
    [2009/03/24 23:30:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2009/03/24 23:26:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2009/03/24 21:28:24 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2009/03/24 21:27:54 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2009/03/24 21:27:53 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2009/03/24 21:27:53 | 000,390,662 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2009/03/24 21:27:53 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2009/03/24 21:27:53 | 000,049,600 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2009/03/24 21:27:53 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2009/03/24 21:27:53 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2009/03/24 21:27:53 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2009/03/24 21:27:51 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2009/03/24 21:27:51 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2009/03/24 21:27:46 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2009/03/24 21:27:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2009/03/24 15:20:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2009/03/24 15:19:53 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/02/19 05:08:50 | 000,043,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
    [2009/02/19 05:08:48 | 000,025,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWFilter.sys
    [2009/02/19 05:08:46 | 000,036,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
    [2008/09/17 14:20:08 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
    [2007/02/27 01:49:12 | 006,139,774 | ---- | C] () -- C:\WINDOWS\imagine digital freedom.dat
    [2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

    ========== LOP Check ==========

    [2009/08/01 18:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
    [2011/04/11 06:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinClon
    [2009/03/24 23:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLAN
    [2011/04/11 22:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boro\Application Data\CheckPoint
    [2011/04/13 17:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boro\Application Data\CoreFTP
    [2011/04/10 23:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boro\Application Data\KompoZer
    [2011/04/10 22:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boro\Application Data\MSNInstaller

    ========== Purity Check ==========



    < End of report >

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    What exactly did you do ? Your DDS log showed you where infected with a Rootkit but your aswMBR does not.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Junior Member
    Join Date
    Apr 2011
    Posts
    3

    Default

    I ran TDSS Killer and Combofix, ran Spybot S&D and Avira AV, then updated windows.

  6. #6
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Well , looks like you did ok, but have to warn you that these tools you ran are constantly updated and sometimes a bug is detected that can damage a system, we are alerted to these bugs but the user is not, you may want to take some precaution in the future before you run any of these tools or you can wind up doing a format and reinstall.

    Backup Your Registry with ERUNT:
    • Download erunt.zip to your Desktop from here:
      http://aumha.org/downloads/erunt.zip
    • Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
    • Inside the new folder, double-click ERUNT.exe to start the program
    • OK all the prompts to back up your registry to the default location.
    Note: to restore your registry, go to the backup folder and start ERDNT.exe







    Open OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :processes
      killallprocesses
      
      :OTL
      
      
      
      :Services
      
      :Reg
      
      :Files
      ipconfig /flushdns /c
      [2011/04/11 23:55:24 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
      
      
      
      
      :Commands
      [purity]
      [resethosts]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top. <--Not run Scan
    • Let the program run unhindered, reboot when it is done
    • Then post the results of the log it produces.
    • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Due to inactivity, this thread will now be closed.

    If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •