Malware not found, websites asking for concerning information

Hi,

Run ComboFix again and this time, if hanging occurs, please open task manager and look for PEV process. If you find it, kill it to see if ComboFix gets past stage 3 (and 4).
 
Last edited:
Hi,

Could you uninstall AVG for now and then run ComboFix & DDS and post their logs?
 
Hi,

Could you still post a fresh DDS log? If you can't make DDS run post a fresh OTL.txt log then.
 
OTL logfile created on: 3/9/2010 10:34:42 AM - Run 3
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\DJ\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.13 Gb Total Space | 29.74 Gb Free Space | 31.93% Space Free | Partition Type: NTFS
Drive D: | 186.33 Gb Total Space | 24.81 Gb Free Space | 13.32% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 698.64 Gb Total Space | 180.46 Gb Free Space | 25.83% Space Free | Partition Type: NTFS
Drive G: | 3.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMESTYLEE
Current User Name: DJ
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\DJ\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
PRC - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe ()
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\ASUS\AI Gear\GearHelp.exe ()
PRC - C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe (ScanSoft, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\DJ\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\DJ\Local Settings\temp\21211899927.nls ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Documents and Settings\DJ\Local Settings\temp\IadHide5.dll (BackWeb)
MOD - C:\WINDOWS\system32\shfolder.dll (Microsoft Corporation)
MOD - C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll (ScanSoft, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (MA_CMIDI_InstallerService) -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe ()


========== Driver Services (SafeList) ==========

DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SL3Usb) -- C:\WINDOWS\system32\drivers\Sl3.sys (Cristalink Ltd)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (KORGUMDS) -- C:\WINDOWS\system32\drivers\KORGUMDS.SYS (KORG Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (pcouffin) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (AlesisFirewire) -- C:\WINDOWS\system32\drivers\AlesisFirewire.sys (Alesis)
DRV - (AlesisFirewireAudio) -- C:\WINDOWS\system32\drivers\AlesisFirewireAudio.sys (Alesis)
DRV - (AlesisFirewireMidi) -- C:\WINDOWS\system32\drivers\AlesisFirewireMidi.sys (Alesis)
DRV - (wceusbsh) -- C:\WINDOWS\system32\drivers\wceusbsh.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (camflt) -- C:\WINDOWS\system32\drivers\camflt.sys (Devguru Corporation, Inc)
DRV - (Camav) -- C:\WINDOWS\system32\drivers\Camav.sys (Samsung electronics, Inc)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (ADIDTSFiltService) -- C:\WINDOWS\system32\drivers\adidts.sys (Analog Devices, Inc.)
DRV - (PxHelp20) -- C:\WINDOWS\system32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
DRV - (nvata) -- C:\WINDOWS\System32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (MA_CMIDI) -- C:\WINDOWS\system32\drivers\ma_cmidi.sys (M-Audio)
DRV - (AEAudio) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (SI3132) -- C:\WINDOWS\System32\DRIVERS\SI3132.sys (Silicon Image, Inc.)
DRV - (SiFilter) -- C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (SONYPVU1) Sony USB Filter Driver (SONYPVU1) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)
DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation)
DRV - (sfman) Creative SoundFont Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)
DRV - (UPATC) -- C:\WINDOWS\system32\drivers\upatc.sys (SCM Microsystems Inc.)
DRV - (PfModNT) -- C:\WINDOWS\system32\PFMODNT.SYS (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/02 07:45:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/02 07:45:14 | 000,000,000 | ---D | M]

[2009/12/10 13:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DJ\Application Data\Mozilla\Extensions
[2009/12/10 13:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DJ\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/11/20 16:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DJ\Application Data\Mozilla\Firefox\Profiles\akh31lr7.default\extensions
[2009/09/27 21:50:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\DJ\Application Data\Mozilla\Firefox\Profiles\akh31lr7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/20 16:05:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/03/04 10:32:41 | 000,379,546 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13102 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Ai Gear Help] C:\Program Files\ASUS\AI Gear\GearHelp.exe ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [Joystick 2 Mouse] C:\Program Files\Joystick 2 Mouse 3\Joystick 2 Mouse.exe (Offer Atzitz)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SpybotSnD] C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\DJ\Start Menu\Programs\Utilites\Startup\Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1194369867421 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1194369856953 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_15)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bw+0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\offline-8876480 {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\DJ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DJ\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/06 08:55:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5b05a102-e68e-11de-aee4-001d603d2ee1}\Shell - "" = AutoRun
O33 - MountPoints2\{5b05a102-e68e-11de-aee4-001d603d2ee1}\Shell\Auto\command - "" = I:\Se81.exe -- File not found
O33 - MountPoints2\{5b05a102-e68e-11de-aee4-001d603d2ee1}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/08 10:29:43 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/03/08 09:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/08 09:11:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/08 09:11:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/08 09:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/03 13:40:51 | 000,551,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DJ\Desktop\OTL.exe
[2010/02/27 08:40:01 | 000,000,000 | ---D | C] -- C:\rsit
[2010/02/09 10:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/07 21:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/02/07 20:55:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/07 20:55:38 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/07 20:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/05 11:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008/11/07 16:34:37 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2008/08/16 10:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/05/16 10:13:49 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\DJ\Application Data\pcouffin.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/09 10:29:10 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/09 10:29:10 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/09 10:29:10 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/09 10:28:19 | 000,000,006 | ---- | M] () -- C:\WINDOWS\sdfinacs.dll
[2010/03/09 10:28:18 | 000,080,434 | ---- | M] () -- C:\WINDOWS\msacm32.drv
[2010/03/09 10:28:18 | 000,000,091 | ---- | M] () -- C:\WINDOWS\wuasirvy.dll
[2010/03/09 10:28:13 | 000,000,005 | ---- | M] () -- C:\WINDOWS\sdfixwcs.dll
[2010/03/09 10:28:05 | 000,179,092 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/09 10:27:34 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/09 10:22:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/09 10:22:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/08 18:33:25 | 000,003,195 | ---- | M] () -- C:\WINDOWS\FORGE32.ini
[2010/03/08 14:08:52 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/08 12:27:03 | 011,796,480 | -H-- | M] () -- C:\Documents and Settings\DJ\NTUSER.DAT
[2010/03/08 12:27:03 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\DJ\ntuser.ini
[2010/03/08 10:06:46 | 003,882,589 | R--- | M] () -- C:\Documents and Settings\DJ\Desktop\ComboFix.exe
[2010/03/07 09:52:05 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/05 10:50:04 | 000,000,036 | ---- | M] () -- C:\WINDOWS\rasqervy.dll
[2010/03/04 10:32:41 | 000,379,546 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/03 13:40:51 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DJ\Desktop\OTL.exe
[2010/03/02 13:17:58 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/02/27 08:35:18 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\DJ\Desktop\RSIT.exe
[2010/02/22 08:18:14 | 000,379,442 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100304-103241.backup
[2010/02/13 14:31:57 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\DJ\Desktop\t5d7kh4w.exe
[2010/02/12 02:04:45 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/02/11 16:26:08 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\DJ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/11 10:37:24 | 000,377,740 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100222-081814.backup
[2010/02/09 21:19:20 | 000,044,548 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/07 21:17:22 | 000,001,976 | ---- | M] () -- C:\Documents and Settings\DJ\Desktop\HiJackThis.lnk
[2010/02/07 20:55:43 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/08 10:06:40 | 003,882,589 | R--- | C] () -- C:\Documents and Settings\DJ\Desktop\ComboFix.exe
[2010/03/05 10:50:04 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2010/03/05 10:49:55 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2010/03/05 10:49:54 | 000,000,006 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2010/03/04 13:31:17 | 000,080,434 | ---- | C] () -- C:\WINDOWS\msacm32.drv
[2010/03/04 13:31:17 | 000,000,091 | ---- | C] () -- C:\WINDOWS\wuasirvy.dll
[2010/02/27 08:35:16 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\DJ\Desktop\RSIT.exe
[2010/02/13 14:31:54 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\DJ\Desktop\t5d7kh4w.exe
[2010/02/07 21:17:22 | 000,001,976 | ---- | C] () -- C:\Documents and Settings\DJ\Desktop\HiJackThis.lnk
[2010/02/07 20:55:43 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/10 20:44:27 | 000,253,096 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/07/15 15:12:32 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\DJ\Application Data\mcs.rma
[2009/07/15 15:12:32 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\DJ\Application Data\3C79E9
[2008/11/07 16:34:54 | 000,000,128 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/11/07 16:34:53 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/11/07 16:34:41 | 000,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2008/11/07 16:34:41 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/11/07 16:34:38 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008/10/06 19:11:07 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/17 10:49:21 | 000,003,195 | ---- | C] () -- C:\WINDOWS\FORGE32.ini
[2008/05/17 10:49:19 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\rmmerge2.DLL
[2008/05/17 10:49:19 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\rmevents.DLL
[2008/05/17 08:49:50 | 000,000,066 | ---- | C] () -- C:\Documents and Settings\DJ\Application Data\Printer.ini
[2008/05/16 10:13:52 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\DJ\Application Data\pcouffin.log
[2008/05/16 10:13:49 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\DJ\Application Data\pcouffin.cat
[2008/05/16 10:13:49 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\DJ\Application Data\pcouffin.inf
[2008/01/06 11:07:52 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/03 16:22:53 | 008,183,675 | ---- | C] () -- C:\Program Files\gmaker.exe
[2007/11/30 15:14:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2007/11/08 13:04:14 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\DJ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/08 08:36:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/11/08 08:36:54 | 000,000,105 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2007/11/08 08:36:47 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/11/08 08:36:15 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2007/11/08 08:35:47 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/11/08 08:32:01 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6y.DLL
[2007/11/06 14:36:23 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/11/06 11:02:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/06 10:24:29 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2007/11/06 10:24:29 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2007/11/06 10:24:27 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2007/11/06 10:24:27 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2007/11/06 09:12:56 | 000,000,962 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2007/11/06 09:12:56 | 000,000,403 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2007/11/06 09:01:59 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/11/06 09:01:58 | 000,036,158 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/11/06 09:01:43 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/08/13 13:14:16 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/08/13 13:14:16 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/08/13 13:14:13 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/08/13 13:14:12 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/08/13 13:14:11 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2004/03/22 00:32:06 | 000,000,398 | ---- | C] () -- C:\WINDOWS\System32\CNCMP60.INI
[1999/01/22 02:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
< End of report >
 
Hi,

I shall ask for another opinion on ComboFix issue. Shall get back ASAP.
 
Hi,

1. Click Start, click Run, type sigverif, and then click OK.

2. Click Advanced, click Look for other files that are not digitally signed, navigate to the c:\windows\System32\Drivers folder, and then click OK.

3. Click Start.

After Sigverif.exe is finished running its check, a list of all unsigned drivers installed on your computer is displayed. The list of all signed and unsigned drivers found by Sigverif.exe can be found in the Sigverif.txt file in the c:\windows folder.

Please attach that file to your post.

Also, please try to run GMER by deselecting devices and sections on rootkit tab before clicking scan. Post back its results.
 
********************************

Microsoft Signature Verification

Log file generated on 3/15/2010 at 9:45 AM
OS Platform: Windows 2000 (x86), Version: 5.1, Build: 2600, CSDVersion: Service Pack 3
Scan Results: Total Files: 338, Signed: 320, Unsigned: 18, Not Scanned: 0

User-specified search path: *.*
User-specified search pattern: C:\WINDOWS\system32\drivers

File Modified Version Status Catalog Signed By
------------------ ------------ ----------- ------------ ----------- -------------------
[c:\windows\system32\drivers]
1394bus.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
2gmgsmt.sf2 7/21/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
acpi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
acpiec.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
adidts.sys 12/8/2006 2:5.00,2:5.1 Signed oem10.CAT Microsoft Windows Hardware Compatibility Publisher
adihdaud.sys 1/15/2007 2:5.00,2:5.1 Signed oem10.CAT Microsoft Windows Hardware Compatibility Publisher
adv01nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv02nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv05nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv07nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv08nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv09nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv11nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
aeaudio.sys 8/6/2006 2:5.00,2:5.1 Signed oem10.CAT Microsoft Windows Hardware Compatibility Publisher
aec.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
aegisp.sys 11/6/2007 3.4.5.0 Not Signed N/A
afd.sys 8/14/2008 2:5.1 Signed KB956803.cat Microsoft Windows Component Publisher
agp440.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
agpcpq.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
alesisfirewire.sys 3/10/2008 3.1.0.1210 Not Signed N/A
alesisfirewireaudio. 3/10/2008 3.1.0.1210 Not Signed N/A
alesisfirewiremidi.s 3/10/2008 3.1.0.1210 Not Signed N/A
alim1541.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
amdagp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
amdk6.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
amdk7.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
amdk8.sys 6/19/2006 2:5.1,2:5.2 Signed oem9.CAT Microsoft Windows Component Publisher
arp1394.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
asacpi.sys 8/12/2004 2:5.1 Signed oem0.CAT Microsoft Windows Hardware Compatibility Publisher
asinshelp32.sys 10/19/2006 None Signed N/A ASUSTeK Computer Inc.
asinshelp64.sys 10/19/2006 None Signed N/A ASUSTeK Computer Inc.
asio.sys 10/18/2006 None Signed N/A ASUSTeK Computer Inc.
asushwio.sys 10/10/2006 None Not Signed N/A
asyncmac.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atapi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1btxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1mdxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1pdxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1raxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1rvxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1snxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1ttxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1tuxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1xbxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1xsxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati2mtaa.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati2mtag.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinbtxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinmdxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinpdxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinraxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinrvxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinsnxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinttxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atintuxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinxbxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinxsxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ativmc20.cod 7/17/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atmarpc.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atmepvc.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
atmlane.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atmuni.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
atv01nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atv02nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atv04nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atv06nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atv10nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
audstub.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
beep.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
bridge.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthenum.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthmodem.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthpan.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthport.sys 6/13/2008 2:5.1 Signed KB951376-v2.cat Microsoft Windows Component Publisher
bthprint.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthusb.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
camav.sys 1/25/2007 2:5.00,2:5.1,2:6.0 Signed oem39.CAT Microsoft Windows Hardware Compatibility Publisher
camflt.sys 1/26/2007 2:5.00,2:5.1,2:6.0 Signed oem41.CAT Microsoft Windows Hardware Compatibility Publisher
cbidf2k.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ccdecode.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cdaudio.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
cdfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cdr4_xp.sys 8/28/2006 8.0.0.212 Not Signed N/A
cdralw2k.sys 8/28/2006 8.0.0.212 Not Signed N/A
cdrom.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ch7xxnt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cinemst2.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
classpnp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cpqdap01.sys 8/23/2001 2:5.1 Signed nt5inf.cat Microsoft Windows Component Publisher
crusoe.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ctac32k.sys 7/19/2002 1:4.90,2:5.00,2:5.1 Signed oem23.CAT Microsoft Windows Hardware Compatibility Publisher
ctaud2k.sys 7/19/2002 1:4.90,2:5.00,2:5.1 Signed oem23.CAT Microsoft Windows Hardware Compatibility Publisher
ctlfacem.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ctljystk.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ctoss2k.sys 7/19/2002 1:4.90,2:5.00,2:5.1 Signed oem23.CAT Microsoft Windows Hardware Compatibility Publisher
ctprxy2k.sys 7/19/2002 1:4.90,2:5.00,2:5.1 Signed oem23.CAT Microsoft Windows Hardware Compatibility Publisher
ctsfm2k.sys 7/19/2002 1:4.90,2:5.00,2:5.1 Signed oem23.CAT Microsoft Windows Hardware Compatibility Publisher
cxthsfs2.cty 7/17/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
difxapi.dll 11/2/2006 None Signed N/A Microsoft Windows Component Publisher
disk.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
diskdump.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dmboot.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dmio.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dmload.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
dmusic.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
drmk.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
drmkaud.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dxapi.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
dxg.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dxgthk.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
emu10k1m.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
emupia2k.sys 7/19/2002 1:4.90,2:5.00,2:5.1 Signed oem23.CAT Microsoft Windows Hardware Compatibility Publisher
enum1394.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
fastfat.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
fdc.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
fips.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
flpydisk.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
fltmgr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
fsvga.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
fs_rec.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ftdisk.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
gagp30kx.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
gameenum.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
gearaspiwdm.sys 5/18/2009 2:5.00,2:5.1,2:5.2,2Signed oem38.CAT Microsoft Windows Hardware Compatibility Publisher
gm.dls 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
gmreadme.txt 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ha10kx2k.sys 7/24/2002 1:4.90,2:5.00,2:5.1 Signed oem23.CAT Microsoft Windows Hardware Compatibility Publisher
hamachi.sys 11/9/2008 None Signed N/A LogMeIn, Inc.
hdaudbus.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hdaudio.sys 10/27/2004 2:5.1 Signed KB888111WXPSP2.cat Microsoft Windows XP Publisher
hidbth.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hidclass.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hidir.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hidparse.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hidusb.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hsfbs2s2.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hsfcxts2.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hsfdpsp2.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
http.sys 10/20/2009 2:5.1 Signed KB970430.cat Microsoft Windows Component Publisher
i8042prt.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
imapi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
intelppm.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ip6fw.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ipfltdrv.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ipinip.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ipnat.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ipsec.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
irenum.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
isapnp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
kbdclass.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
kbdhid.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
kmixer.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
korgumds.sys 10/29/2008 None Signed N/A Korg Inc.
ks.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ksecdd.sys 6/24/2009 2:5.1 Signed KB968389.cat Microsoft Windows Component Publisher
marvinbus.sys 9/23/2005 2.1.29.0 Not Signed N/A
ma_cmidi.sys 8/16/2006 0.4.2.3 Not Signed N/A
mbam.sys 1/7/2010 None Signed N/A Malwarebytes Corporation
mbamswissarmy.sys 1/7/2010 None Signed N/A Malwarebytes Corporation
mcd.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
mdmxsdk.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mf.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mnmdd.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
modem.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mouclass.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mouhid.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
mountmgr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mrxdav.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mrxsmb.sys 12/4/2009 2:5.1 Signed KB978251.cat Microsoft Windows Component Publisher
msfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
msgpc.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mskssrv.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mspclock.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mspqm.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mssmbios.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mstee.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mtlmnt5.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mtlstrm.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mtxparhm.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mup.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mutohpen.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
nabtsfec.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndis.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndisip.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndistapi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndisuio.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndiswan.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndproxy.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
netbios.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
netbt.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
netwlan5.img 7/17/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
nic1394.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
nikedrv.sys 8/23/2001 2:5.1 Signed nt5inf.cat Microsoft Windows Component Publisher
nmnt.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
npfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ntfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ntmtlfax.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
null.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nv4_mini.sys 5/16/2008 2:5.00,2:5.1 Signed oem32.CAT Microsoft Windows Hardware Compatibility Publisher
nvata.sys 8/21/2006 2:5.00,2:5.1 Signed oem5.CAT Microsoft Windows Hardware Compatibility Publisher
nvenetfd.sys 9/11/2006 2:5.00,2:5.1 Signed oem4.CAT Microsoft Windows Hardware Compatibility Publisher
nvnetbus.sys 9/11/2006 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
nvnrm.sys 9/11/2006 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
nvphy.bin 8/14/2006 None Not Signed N/A
nvsnpu.sys 9/11/2006 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
nvtcp.sys 9/11/2006 2:5.00,2:5.1 Signed oem3.CAT Microsoft Windows Hardware Compatibility Publisher
nwlnkflt.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nwlnkfwd.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nwlnkipx.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
nwlnknb.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nwlnkspx.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ohci1394.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
oprghdlr.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
p3.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
parport.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
partmgr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
parvdm.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
pci.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
pciide.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
pciidex.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
pcmcia.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
pcouffin.sys 5/16/2008 1.37.0.0 Not Signed N/A
portcls.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
processr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
psched.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ptilink.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
pxhelp20.sys 11/2/2006 3.0.43.9 Not Signed N/A
rasacd.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rasl2tp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
raspppoe.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
raspptp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
raspti.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rawwan.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rdbss.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rdpcdd.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rdpdr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rdpwd.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
recagent.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
redbook.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rfcomm.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rio8drv.sys 8/23/2001 2:5.1 Signed nt5inf.cat Microsoft Windows Component Publisher
riodrv.sys 8/23/2001 2:5.1 Signed nt5inf.cat Microsoft Windows Component Publisher
rmcast.sys 5/8/2008 2:5.1 Signed KB950762.cat Microsoft Windows Component Publisher
rndismp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rndismpx.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rootmdm.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rtl8187.sys 9/5/2006 2:5.00,2:5.1 Signed oem8.CAT Microsoft Windows Hardware Compatibility Publisher
s3gnbm.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
scsiport.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sdbus.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
secdrv.sys 11/13/2007 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
serenum.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
serial.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
serscan.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
sffdisk.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sffp_mmc.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sffp_sd.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sfloppy.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sfmanm.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
si3132.sys 1/20/2005 2:5.00,2:5.1,2:5.2 Signed oem1.CAT Microsoft Windows Hardware Compatibility Publisher
si3132_2.sys 1/20/2005 2:5.00,2:5.1,2:5.2 Signed oem1.CAT Microsoft Windows Hardware Compatibility Publisher
siint5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sisagp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
siwinacc.sys 11/2/2004 2:5.00,2:5.1,2:5.2 Signed oem1.CAT Microsoft Windows Hardware Compatibility Publisher
sl3.sys 2/16/2009 1.2.5.0 Not Signed N/A
slip.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
slnt7554.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
slntamr.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
slnthal.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
slwdmsup.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
smbali.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
smclib.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
sonydcam.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sonypvu1.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
splitter.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
srv.sys 12/31/2009 2:5.1 Signed KB971468.cat Microsoft Windows Component Publisher
stream.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
streamip.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
swenum.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
swmidi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sysaudio.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tape.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tcpip.sys 6/20/2008 2:5.1 Signed KB951748.cat Microsoft Windows Component Publisher
tcpip6.sys 6/20/2008 2:5.1 Signed KB951748.cat Microsoft Windows Component Publisher
tdi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tdpipe.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tdtcp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
termdd.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tosdvd.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
tsbvcap.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
tunmp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
uagp35.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
udfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
upatc.sys 5/30/2000 4.2.3.3 Not Signed N/A
update.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usb11ldr.sys 8/16/2006 0.2.22.0 Not Signed N/A
usb8023.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usb8023x.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbaapl.sys 8/28/2009 2:5.1,2:6.0,2:6.1 Signed oem37.CAT Microsoft Windows Hardware Compatibility Publisher
usbaudio.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbcamd.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbcamd2.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbccgp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbd.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
usbehci.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbhub.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbintel.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbmm1x1.sys 8/16/2006 0.4.2.3 Not Signed N/A
usbmn1x1.sys 8/16/2006 0.4.2.3 Not Signed N/A
usbohci.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbport.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbprint.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbscan.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbstor.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbvideo.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
vchnt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
vdmindvd.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
vga.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
viaagp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
videoprt.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
volsnap.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wacompen.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wadv07nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wadv08nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wadv09nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wadv11nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wanarp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
watv06nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
watv10nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wceusbsh.sys 1/7/2008 3.7.1.3244 Not Signed N/A
wdmaud.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wmilib.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
wpdusb.sys 10/18/2006 2:5.1 Signed WMFDist11.cat Microsoft Windows Component Publisher
ws2ifsl.sys 8/23/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
wstcodec.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wudfpf.sys 9/28/2006 2:5.1,2:5.2 Signed Wudf01000.cat Microsoft Windows
wudfrd.sys 9/28/2006 2:5.1,2:5.2 Signed Wudf01000.cat Microsoft Windows
 
Hi,

Did you run GMER with those instructions I posted, yet?
 
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-20 11:33:16
Windows 5.1.2600 Service Pack 3
Running: t5d7kh4w.exe; Driver: C:\DOCUME~1\DJ\LOCALS~1\Temp\fwliiaow.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b107a295
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b107a295@00248348957c 0x1C 0x8A 0xA8 0x81 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b107a295 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b107a295@00248348957c 0x1C 0x8A 0xA8 0x81 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@D:\Pinnacle\MotionTitles\-Looks\Standard\01 \x2013 Soft Shadow Looks.ixLook 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----
 
Hi,

Please download a fresh copy of ComboFix and rename ComboFix.exe file -> Sneaky.exe and try to run it with protection software disabled.
 
I am still unable to get through the Combofix process. it usually stalls around 6a, however, it did make it as far as stage 8 once or twice.
 
Hi,

Please try the following:
1. Update Malwarebytes Anti-Malware definitions.
2. Run a quick scan and let it remove its findings. If reboot is needed make sure system boots into safe mode.
3. Run ComboFix right after MBAM run if reboot wasn't needed or in safe mode.
 
I am attaching my malwarebytes logs, however, I'm still not able to get past phase 8 of ComboFix. it usually gets stuck around 6a.

Malwarebytes' Anti-Malware 1.44
Database version: 3902
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/22/2010 6:21:17 PM
mbam-log-2010-03-22 (18-21-17).txt

Scan type: Quick Scan
Objects scanned: 142470
Time elapsed: 4 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getdo (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mem32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\DJ\Application Data\Adobe\Update\flacor.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Adobe\Update\flacor.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\msacm32.drv (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\wuasirvy.dll (Trojan.Banker) -> Quarantined and deleted successfully.
C:\WINDOWS\rasqervy.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\sdfinacs.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\sdfixwcs.dll (Malware.Trace) -> Quarantined and deleted successfully.
 
Hi,

Could you download DDS here to your desktop and rename dds.scr to dds.com before running attempt? If that works save and post two logs it creates (dds.txt and attach.txt).
 
The renamed DDS script still does not run. It shows up as between 7 and 15 colons on the screen, then it does a hard return and the cursor just sits there and flashes. I usually end task at about 1 hour.

I have begun the process of backing up all of my important documents and settings. Unless you think there is a miracle cure out there that we can still try, I think it might be better at this point to just format the whole hard drive and start from scratch. Any recommendations?
 
Hi again,

Let's take one extra attempt. If it fails then it's likely safest to backup important stuff and then reformat.


1. Place fresh copy of renamed ComboFix file (hondasptbk.exe) from your desktop to root of C: drive (C:\). That way we can access it on every account.

2. Try running ComboFix thru in safe mode with command prompt. Here are steps to follow (print/save these since you won't be able to access them while in safe mode):
Press F8 before Windows' loading screen and select safe mode with command prompt -option.
Then type the following commands (I assume you moved hondasptbk.exe to C: root):
  • cd\
  • hondasptbk.exe

When ComboFix reboots select safe mode with command prompt again so that ComboFix will finish there.
 
GREAT NEWS! Running MBAM and going into safemode w/cmd prompt on restart did allow me to follow your instructions and run a full Combofix script!

Unfortunately, after everything restarted, I ran MBAM again and still found 2 infections. I am posting both logs, the Combofix log, and the subsequent MBAM log.

Due to the file size, I've had to zip these two logs and attach them.
 
Great :laugh:

Now we may have better changes to progress in this case.

While in normal mode:

Open notepad and copy/paste the text in the quotebox below into it:

Code:
http://forums.spybot.info/showthread.php?t=55348&page=4
Collect::
c:\documents and settings\DJ\Application Data\Helper\bin\liveu.exe
c:\documents and settings\DJ\Application Data\Adobe\Update\flacor.dat
DirLook::
c:\documents and settings\DJ\Application Data\Helper
c:\documents and settings\DJ\Application Data\Adobe\Update
Folder::
C:\sneaky4057s
C:\sneaky10451s
C:\sneaky31519s
C:\sneaky
c:\documents and settings\DJ\Application Data\uTorrent
c:\documents and settings\DJ\Application Data\LimeWire
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Helper"=-
"Getdo"=-


Save this as c:\CFScript.txt

Reboot into safe mode with command prompt.

There type following commands (I assume you placed CFScript.txt file into c: root as instructed above):
cd\
hondasptbk.exe c:\CFScript.txt



Let ComboFix process (if asked for a reboot, do so and let ComboFix finish in safe mode with command prompt again). Post back ComboFix log and MBAM report (update MBAM before running it).
 
Back
Top