I've got something and it's stubborn

**bart2brett** · September 8th, 2010, 09:56 PM

I've got something but I can't put my finger on it. I keep getting these little pop ups that just have an OK button and some garbage text, and selockdir in the header. I see it usually in windows explorer when trying to delete. Also when emptying the recycle bin. I also get a message saying the the Platform service is not running (although I don't see a service called that).

now both of my laptops have the same infection. Malwarebytes reports Rogue.AntiVirusPro. in C:\Documents and Settings\Pete\Application Data\hkey_local_machine.reg

Here's the stuff you need: I have to submit them in sections because they're too big

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:52 PM, on 9/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\acs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\mfsyncsv.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\MImpPRO\MIProHst.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Documents and Settings\Pete\Desktop\dds.com
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=w...98880&id=64855
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKLM\..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
O4 - HKLM\..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
O4 - HKLM\..\Run: [MImpPro] C:\Program Files\MImpPRO\MIProHst.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-1715567821-162531612-1801674531-1003\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - S-1-5-21-1715567821-162531612-1801674531-1003 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User '?')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Add to Link Commander collection - C:\Program Files\Link Commander\Libraries\add_link.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open in Web Archives Viewer - C:\Program Files\WebArchivesViewer\IEContext.htm
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Show Link Commander - {0492EC8E-CBD1-4303-BC8B-74A8EC2CED09} - C:\PROGRA~1\LINKCO~1\LIBRAR~1\LCLaunch.dll
O9 - Extra 'Tools' menuitem: Show Link Commander - {0492EC8E-CBD1-4303-BC8B-74A8EC2CED09} - C:\PROGRA~1\LINKCO~1\LIBRAR~1\LCLaunch.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Add to collection - {4712ACB0-8ABC-4FF1-8485-2FC9E9348542} - C:\PROGRA~1\LINKCO~1\LIBRAR~1\LCAdd.dll
O9 - Extra 'Tools' menuitem: Add to Link Commander collection - {4712ACB0-8ABC-4FF1-8485-2FC9E9348542} - C:\PROGRA~1\LINKCO~1\LIBRAR~1\LCAdd.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.cinemanow.com
O15 - Trusted Zone: *.line6.net
O15 - Trusted Zone: http://*.qflix.com
O15 - Trusted Zone: http://*.roxio.com
O15 - Trusted Zone: http://redirect.sonic.com
O15 - Trusted Zone: http://redirect2.sonic.com
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/dsl_set...zTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1227406791671
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupda...01/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1257564424453
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} (Pure Networks Security Scan) - http://nmreports.linksys.com/nmscan/...ship-WD.V1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} (AxLoaderPassword Class) - http://mobileapps.blackberry.com/dev...e/AxLoader.cab
O16 - DPF: {DE3135A8-D948-49DC-ABBC-B2EFF418E5FD} (AIRJ01FPlayer.Player) - http://www.iradiopop.com/IRD/pages/AIRJ01FPlayer.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5106/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE5A430A-E8B4-4243-BCA6-5C4F2DD6CB53}: NameServer = 10.9.60.1
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: SearchList = sfdc.ittind.com
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: SearchList = sfdc.ittind.com
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: SearchList = sfdc.ittind.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = sfdc.ittind.com
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Fences\FencesMenu.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Firewall (avgfws) - Unknown owner - C:\Program Files\AVG\AVG10\avgfws.exe (file missing)
O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)
O23 - Service: AVG WatchDog (avgwd) - Unknown owner - C:\Program Files\AVG\AVG10\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CBMR Scheduler - Unknown owner - C:\Program Files\Cristie\CBMR\_BSSVC.EXE
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DataMirror Transformation Server Access Server - Unknown owner - C:\Program Files\DataMirror\Transformation Server Access Control\bin\dmaccessserver.exe
O23 - Service: DataMirror Transformation Server Integration Server - Unknown owner - C:\Program Files\DataMirror\Transformation Server Access Control\bin\dmintegrationserver.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MirrorFolder Auto-synchronization Service (mfsyncsv) - Techsoft - C:\WINDOWS\system32\mfsyncsv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: RDI Document Conversion Helper (RDIConverterPrintHelper) - Web Meeting - C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 18032 bytes

**bart2brett** · September 8th, 2010, 09:58 PM

DDS part 1

DDS (Ver_09-09-29.01) - NTFSx86
Run by Pete at 21:01:19.53 on Tue 09/07/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1234498901&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%3Fn%3D808798880&id=64855
uWindow Title = Road Runner High Speed Online
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe
mRun: [nmctxth] c:\program files\common files\pure networks shared\platform\nmctxth.exe
mRun: [nmapp] c:\program files\pure networks\network magic\nmapp.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cfp.exe
mRun: [MImpPro] c:\program files\mimppro\MIProHst.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
IE: Add to Link Commander collection - c:\program files\link commander\libraries\add_link.htm
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Open in Web Archives Viewer - c:\program files\webarchivesviewer\IEContext.htm
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0492EC8E-CBD1-4303-BC8B-74A8EC2CED09} - {0492EC8E-CBD1-4303-BC8B-74A8EC2CED09} - c:\progra~1\linkco~1\librar~1\LCLaunch.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4712ACB0-8ABC-4FF1-8485-2FC9E9348542} - {4712ACB0-8ABC-4FF1-8485-2FC9E9348542} - c:\progra~1\linkco~1\librar~1\LCAdd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: cinemanow.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: line6.net
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/downloads/tgctlcm.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227406791671
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257564424453
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} - hxxp://nmreports.linksys.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {DE3135A8-D948-49DC-ABBC-B2EFF418E5FD} - hxxp://www.iradiopop.com/IRD/pages/AIRJ01FPlayer.CAB
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
TCP: {DE5A430A-E8B4-4243-BCA6-5C4F2DD6CB53} = 10.9.60.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: OPXPGina -
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\fences\FencesMenu.dll
SEH: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - SABShellExecuteHook Class
LSA: Notification Packages = :\WINDOWS scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pete\applic~1\mozilla\firefox\profiles\w8ha1gfu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL -
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\pete\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\pete\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\pete\application data\mozilla\firefox\profiles\w8ha1gfu.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\pete\application data\mozilla\firefox\profiles\w8ha1gfu.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

**bart2brett** · September 8th, 2010, 09:58 PM

DDS part 2

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2010-09-07 20:23 <DIR> --d----- c:\windows\system32\CatRoot2
2010-09-05 23:11 38,848 a------- c:\windows\avastSS.scr
2010-09-05 22:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-09-05 22:23 29,512 a------- c:\windows\system32\TURegOpt.exe
2010-09-05 22:23 30,024 a------- c:\windows\system32\uxtuneup.dll
2010-09-05 22:22 <DIR> --d----- c:\program files\TuneUp Utilities 2010
2010-09-02 22:32 <DIR> --d----- c:\docume~1\pete\applic~1\DataMirror
2010-09-01 17:47 <DIR> --d----- c:\docume~1\pete\applic~1\AVG10
2010-09-01 17:45 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\Common Files
2010-09-01 17:43 <DIR> --d----- c:\windows\system32\drivers\AVG
2010-09-01 17:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG10
2010-09-01 17:43 <DIR> --d----- c:\program files\AVG
2010-08-30 19:33 72,520 a------- c:\windows\system32\drivers\ftser2k.sys
2010-08-30 19:33 206,144 a------- c:\windows\system32\ftd2xx.dll
2010-08-30 19:33 120,136 a------- c:\windows\system32\ftbusui.dll
2010-08-30 19:33 57,672 a------- c:\windows\system32\drivers\ftdibus.sys
2010-08-30 19:33 <DIR> --d----- c:\program files\National Consumer Panel
2010-08-28 12:31 <DIR> --d----- c:\program files\Spirits of Metropolis v1.10
2010-08-28 12:05 116,736 a------- c:\windows\system32\drivers\mcdbus.sys
2010-08-28 12:05 <DIR> --d----- c:\program files\MagicDisc
2010-08-28 11:43 <DIR> --d----- c:\docume~1\pete\applic~1\Verizon Wireless
2010-08-27 01:07 <DIR> --d----- c:\windows\system32\wbem\Repository
2010-08-26 22:31 16 ----h--- c:\windows\lockdirs.dat
2010-08-26 22:27 0 a------- C:\_tmp_file
2010-08-25 22:50 <DIR> --d----- c:\program files\PolderbitS
2010-08-25 22:41 51,200 a------- c:\windows\system32\MirFolder.cfg
2010-08-25 22:39 131,072 a------- c:\windows\system32\mkdw48.acy
2010-08-25 22:39 131,072 a------- c:\windows\system32\MirDisk.cfg
2010-08-25 15:39 21,464 a------- c:\windows\system32\NaBootMir.exe
2010-08-25 15:39 512 a------- c:\windows\MirDetected.bin
2010-08-25 15:39 37,016 a------- c:\windows\system32\drivers\FolderHK.sys
2010-08-25 15:39 33,896 a------- c:\windows\system32\drivers\HKDirFlt.sys
2010-08-25 15:39 28,648 a------- c:\windows\system32\drivers\MirDisk.sys
2010-08-23 13:27 27,064 a------- c:\windows\system32\drivers\revoflt.sys
2010-08-23 13:27 <DIR> --d----- c:\program files\VS Revo Group
2010-08-23 11:13 <DIR> --d----- c:\program files\JPG2PDF
2010-08-20 14:09 298,320 a------- c:\windows\system32\drivers\avgtdix.sys
2010-08-20 14:09 249,296 a------- c:\windows\system32\drivers\avgldx86.sys
2010-08-20 14:09 26,064 a------- c:\windows\system32\drivers\avgrkx86.sys
2010-08-17 08:30 16,640 a------- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2010-08-17 08:30 <DIR> --d----- c:\program files\Daniusoft
2010-08-15 21:51 129,024 a------- c:\windows\system32\AVERM.dll
2010-08-15 21:51 28,672 a------- c:\windows\system32\AVEQT.dll
2010-08-15 21:51 <DIR> --d----- c:\program files\Allok 3GP PSP MP4 iPod Video Converter
2010-08-14 12:42 <DIR> --d----- c:\documents and settings\pete\Downloads
2010-08-14 12:21 <DIR> --d----- c:\program files\RapidShareManager

==================== Find3M ====================

2010-08-04 20:25 23,456 a------- c:\windows\system32\drivers\DrvAgent32.sys
2010-07-15 18:23 26,192 a------- c:\windows\system32\drivers\AVGIDSShim.sys
2010-07-15 18:23 123,472 a------- c:\windows\system32\drivers\AVGIDSDriver.sys
2010-07-15 18:23 30,288 a------- c:\windows\system32\drivers\AVGIDSFilter.sys
2010-07-15 18:23 25,680 a------- c:\windows\system32\drivers\AVGIDSEH.sys
2010-07-12 04:33 51,040 a------- c:\windows\system32\avgfwdx.dll
2010-07-12 04:33 30,432 a------- c:\windows\system32\drivers\avgfwdx.sys
2010-07-11 20:21 2,286,080 a------- c:\windows\system32\TUKernel.exe
2010-06-30 08:31 149,504 a------- c:\windows\system32\schannel.dll
2010-06-24 08:15 832,512 a------- c:\windows\system32\wininet.dll
2010-06-24 08:15 78,336 a------- c:\windows\system32\ieencode.dll
2010-06-24 08:15 17,408 a------- c:\windows\system32\corpol.dll
2010-06-23 09:44 1,851,904 a------- c:\windows\system32\win32k.sys
2010-06-17 10:03 80,384 a------- c:\windows\system32\iccvid.dll
2010-06-14 10:31 744,448 a------- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 03:41 1,172,480 a------- c:\windows\system32\msxml3.dll
2010-05-21 21:13 256 a------- c:\documents and settings\pete\pool.bin
2010-04-26 20:39 49,152 ac-sh--- c:\program files\Thumbs.db
2010-01-06 21:35 94,208 a------- c:\docume~1\pete\applic~1\ezplay.sys
2010-01-06 21:35 87,608 a------- c:\docume~1\pete\applic~1\inst.exe
2009-09-24 23:07 352,256 ac------ c:\program files\USBExtreme.exe
2009-07-23 14:49 72,569,774 ac------ c:\program files\3D_Driving-School_v3.1.exe
2009-02-03 18:08 13,227,453 -c------ c:\program files\PROCESSLIST.DB
2009-02-03 18:08 1,118,656 -c------ c:\program files\PROCESSLISTRELATED.DB
2008-12-14 19:47 47,360 -c------ c:\docume~1\pete\applic~1\pcouffin.sys
2008-11-30 20:44 81,920 ac------ c:\program files\sherlock.exe
2008-11-09 20:07 6,106,480 ac------ c:\program files\RiffMaster Pro 3.0.exe
2007-03-04 14:30 39,060 ac------ c:\program files\Buffering2.jpg
2007-03-04 14:30 39,047 ac------ c:\program files\Buffering5.jpg
2007-03-04 14:30 39,040 ac------ c:\program files\Buffering1.jpg
2007-03-04 14:30 39,038 ac------ c:\program files\Buffering6.jpg
2007-03-04 14:30 39,035 ac------ c:\program files\Buffering4.jpg
2007-03-04 14:30 39,033 ac------ c:\program files\Buffering3.jpg
2007-03-04 14:30 39,020 ac------ c:\program files\Buffering7.jpg
2006-03-23 15:17 114,688 -------- c:\program files\igfxzoom.exe
2004-05-24 23:05 536,631 -------- c:\program files\procexp.exe
2003-04-29 05:33 1,328,198 -c------ c:\program files\TuMeDrum.exe
2000-11-12 16:48 220,160 -c------ c:\program files\acpu.exe
2006-05-03 06:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 07:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 09:30 216,064 ---shr-- c:\windows\system32\nbDX.dll
2009-02-08 00:57 32,768 -c-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020720090208\index.dat
2009-02-08 01:25 32,768 -c-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020820090209\index.dat
2009-09-19 10:17 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 21:02:35.96 ===============

**bart2brett** · September 8th, 2010, 09:59 PM

ATTACH

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

==== Disk Partitions =========================

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

5.0
Aaron's WebVacuum 2
Absolute Fretboard Trainer PRO
Absolute MP3 Splitter version 2.8.7
ACDSee Pro 3
Adobe Audition 3.0
Adobe Audition 3.0.1 Patch
Adobe Flash Player 10 Plugin
Adobe Photoshop CS4
Adobe Shockwave Player 11.5
AI RoboForm (All Users)
Alchemy Deluxe
ALi USB2.0 Driver
Allok 3GP PSP MP4 iPod Video Converter 6.2.0603
Allstate Home Inventory 3.08
Amazing Adventures: The Lost Tomb
Amazon MP3 Downloader 1.0.5
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3
AstroPop Deluxe
Atari: The 80 Classic Games
Atmosphere Deluxe v7.0
Atomica Deluxe
AudibleManager
Avi2Dvd 0.5
Avidemux 2.4
AviSynth 2.5
Bejeweled 2 Deluxe 1.1
Bejeweled Deluxe
Bejeweled Twist 1.0.3.7482
Beyond Compare Version 2.5.3
Big Kahuna Reef
Big Money Deluxe
Bing Maps 3D
BitTorrent
BlackBerry Desktop Software 5.0.1
BlackBerry USB Drivers
BlindWrite 6
Bonjour
Bonnie's Bookstore Deluxe
Bookworm Adventures Deluxe
Bookworm Deluxe
Broadcom Gigabit Integrated Controller
Calculator Powertoy for Windows XP
Canopus Codec Option
CBMR 5.0.1
Channel Master
Chuzzle Deluxe
CinemaNow Media Manager
Cisco Network Magic
ClocX (1.5b2)
Collectorz.com Movie Collector
Combined Community Codec Pack 2007-07-22
COMODO Internet Security
ConvertXtoDVD 3.3.2.100
Cool MP3 Splitter 2.2
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - VSTA
Coupon Printer for Windows
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
D'Accord Guitar Chord Dictionary 3.0
D-Link DWA-652 Xtreme N Notebook Adapter
Daniusoft Digital Music Converter(Build 2.4.3.0)
DataMirror Enterprise Administrator
DataMirror Transformation Server Access Control
DataMirror Transformation Server Management Console
Dell Driver Download Manager
Dell Driver Reset Tool
Dell Resource CD
Dell Wireless WLAN Card
Diner Dash 2
DirectX 9 Runtime
Disk Investigator 1.4
DivX Codec
Driver Magician 3.5
DriverAgent by eSupport.com
Duplicate File Remover
DVD Decrypter (Remove Only)
DVD Flick 1.3.0.7
DVD Shrink 3.2
DVD to iPod Converter 4
DVDFab 6.0.6.0 (04/09/2009)
dvdSanta 4.50
Dynomite Deluxe
EA SPORTS online 2006
Easy File & Folder Protector v4.2
ebgcInfra
ebgcRes
ebgcSDK
emlOpenView 1.6
eWallet 6.1 for BlackBerry
EZ Guitar Tabs
Family Feud
Feeding Frenzy 2 Deluxe
Feeding Frenzy Deluxe
Fences
ffdshow [rev 2583] [2009-01-05]
FileZilla Client 3.2.7.1
Finale NotePad 2004
Firebird SQL Server - MAGIX Edition
FLV Converter 2.5
Folder Marker Home v 3.0
Foxit PDF Editor
Foxit PDF IFilter
Foxit Phantom
Foxit Reader
FranklinCovey PlanPlus for Windows
Garmin City Navigator North America NT 2010.10 Update
Garmin City Navigator North America NT 2010.30
Garmin City Navigator North America NT 2010.40
Garmin City Navigator North America NT 2011.10 Update
Garmin Communicator Plugin
Garmin MapSource
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
GCH Guitar academy
Giganews Accelerator
Google Chrome
Google Earth
Google Talk (remove only)
Google Update Helper
GSM 1.1.4.2
GST 2.3.8.4
Guitar Chord Buster Pro 4.4.0
Guitar FX BOX 2.6
Guitar Pro 5.2
GuitarCourses.ws Fretboard Trainer 1.0
Haali Media Splitter
Hammer Heads Deluxe
Hauppauge WinTV 7
Heavy Weapon Deluxe
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB960043)
Hotfix for Windows XP (KB954550-v5)
Hoyle Card Games 2010 (remove only)
IBM iSeries Access for Windows
Iggle Pop Deluxe
ImagXpress
Inpaint
Insaniquarium Deluxe
Intel(R) Graphics Media Accelerator Driver
Intel(R) IPP Run-Time Installer 5.2 for Windows* on IA-32
InterCall Web Meeting
Internet Transporter - NCP Link
Inzomia Viewer 3.11
IrfanView (remove only)
ISO Recorder
IsoBuster 2.5.5
iTunes
J2SE Runtime Environment 5.0 Update 21
Java Auto Updater
Java(TM) 6 Update 20
JPG2PDF 2.2
Junk Mail filter update
Kate's Video Converter
LekuSoft Blu ray Ripper 5.50
LightZone 3.7
Line 6 Edit (remove only)
Line 6 Uninstaller
Link Commander
Logitech MouseWare 9.79
Madden NFL 06
Magic Match
MagicDisc 2.7.106
MAGIX Music Maker 15 Premium Download version 15.0.1.8 (US)
MAGIX Screenshare 4.3.6.1987 (US)
Mahjong Escape: Ancient Japan
Malwarebytes' Anti-Malware
MediaSPace
MessageViewer Pro 3.1.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Chinese TTS 5.1
Microsoft Choice Guard
Microsoft Conferencing Add-in for Microsoft Office Outlook
Microsoft English TTS Engine
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007 R2
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets & Trips 2010
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Virtual PC 2007 SP1
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable Package
MirrorFolder 4.1.194.18 (Retail)
Mobile Broadband Generic Drivers
Move Media Player
Mozilla Firefox (3.6.8)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Mummy Maze Deluxe
MusicLab RealGuitar 2.0
Mystery Case Files: Huntsville
Mystery PI
Mystery Solitaire: Secret Island
n-Track Studio 6
NCP Internet Transporter
Nero 7 Ultra Edition
Nero ControlCenter
neroxml
Network Magic
Nevo Audio Splitter 2.1
NewsLeecher v3.9 Final
NingPo MahJong Deluxe
Noah's Ark Deluxe
O2Micro Flash Memory Card Reader Driver (x86)
OGA Notifier 2.0.0048.0
OmniPass 7.00.08
Opera 9.64
OZ776 SCR Driver V1.1.4.204
Pacific Fighters
Paragon Drive Copy™ 9.5 Personal
PartitionMagic
PayPal Plug-In
Pcsx2 0.9.6
Peggle Deluxe
PerfectDisk 10 Professional
PFConfig 1.0.278
PFPortChecker 1.0.32
Photo DVD Maker Professional 8.08
Photo Stamp Remover 2.0
PictureToTV 1.20
Pinnacle Studio LINX
Pixelus Deluxe
PizzaFrenzy
Platypus
PlayStation(R)Network Downloader
PlayStation(R)Store
PolderbitS Sound Recorder and Editor
PowerDVD
PowerDVD Ultra
PowerQuest PartitionMagic 8.0
Privacy Eraser Pro
ProCoder 3
Product Key Explorer 2.4.3
Pure Networks Platform
QBeez 2
QFolder
QuickTime
Radioshack USB-to-Serial cable
RapidShare Manager
RealPlayer
RealUpgrade 1.0
Registry Mechanic 8.0
Replay Media Catcher 3.02
ResumeMaker Ultimate
Revo Uninstaller Pro 2.1.5
Road Runner Install
Road Runner Medic 6.1
Robot/CONSOLE 5
Robot/NETWORK 10
Robot/SCHEDULE 10
Rocket Mania Deluxe
Rollcage
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Burn Manager
Roxio Burn Manager CDB
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2010 Pro
Roxio Disaster Recovery
Roxio File Backup
Roxio Venue
Roxio Video Capture USB
RSA SecurID Software Token
Sandlot Games Client Services 1.2.2
SAPI Wrapper
Satellite TV PC Master v6.0
Save Flash 4.1
Security Task Manager 1.7f
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Segoe UI
Setup
Seven Seas Deluxe
SharePort Network USB Utility
SigmaTel Audio
SmartSound Quicktracks Plugin
SmartSound Sonicfire Pro 5
SnagIt 8
Sony Media Manager for PSP 3.0
Sony Noise Reduction Plug-In 2.0h
SopCast 3.0.3
SpeakText v20090219
Speed Meter Pro
SpeedFan (remove only)
Spirits of Metropolis v1.10
Spotmau 5.1.2.6407
SRS Audio Sandbox
Studio 8
SUPER © Version 2010.bld.37 (Jan 2, 2010)
Super Collapse 3
Super Internet TV v8.0 (Premium Edition)
SUPERAntiSpyware Professional
System Explorer 1.5
Talismania Deluxe
TeamViewer 5
Text-To-Speech-Runtime
The KMPlayer (remove only)
TipTop Deluxe
Tradewinds Legends
TTS Wrapper
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
Turbo Tax Audit Support Center 2.0
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnyiper
TurboTax 2009 wrapper
TVUPlayer 2.4.9.1
TWC Customer Controls
Typer Shark Deluxe
U3Launcher
Ubee USB RNDIS and NDIS Driver
UltraISO Premium V9.31
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Veetle TV 0.9.16
Venice Deluxe
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 0.9.4
VPN Client
Water Bugs
WD SmartWare
WebArchivesViewer
WebEx Support Manager for Internet Explorer
WebFldrs XP
WinDirStat 1.1.2
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Support Tools
Windows XP Service Pack 3
WinPcap 4.0
WinRAR archiver
WinX HD Video Converter Deluxe 3.7
WM Recorder 12.1
Wondershare Time Freeze
Word Harmony Deluxe
Xilisoft Video Converter Ultimate 6
Xilisoft Video Cutter
Xvid 1.2.1 final uninstall
Zinio Reader
Zuma Deluxe

==== End Of File ===========================

**bart2brett** · September 8th, 2010, 10:01 PM

I've got the ARK.TXT file, but it's huge

**Broni** · September 8th, 2010, 11:31 PM

I need to see Malwarebytes log.

Regarding GMER...

Upload the file(s) here: http://www.filedropper.com/
Post download link (copy URL: link).

**bart2brett** · September 9th, 2010, 08:24 AM

Thanks, I'll get the log to you this evening.

**Broni** · September 9th, 2010, 07:11 PM

OK

**bart2brett** · September 10th, 2010, 11:03 AM

I ran the Malwarebytes scan again and it found nothing. But I will upload a couple of earlier ones.

**bart2brett** · September 10th, 2010, 11:22 AM

http://www.filedropper.com/mbam-log-2010-08-2714-22-41
http://www.filedropper.com/mbam-log-2010-08-2716-11-53
http://www.filedropper.com/mbam-log-2010-09-0706-46-09
http://www.filedropper.com/mbam-log-2010-09-0821-07-17

**Broni** · September 10th, 2010, 05:29 PM

I still need GMER log.

**bart2brett** · September 10th, 2010, 09:07 PM

http://www.filedropper.com/dds
http://www.filedropper.com/ark
http://www.filedropper.com/attach_1
http://www.filedropper.com/combofix_1

**Broni** · September 10th, 2010, 09:14 PM

Make sure to paste all future logs into your reply.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

===============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**bart2brett** · September 10th, 2010, 09:29 PM

Combofix.txt was uploaded to filedropper.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000041c

Kernel Drivers (total 182):
0x804D7000 \WINDOWS\system32\TUKERNEL.EXE
0x80721000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7707000 usbccgp.sys
0xF798B000 \WINDOWS\system32\DRIVERS\USBD.SYS
0xF770F000 usbehci.sys
0xF74D3000 \WINDOWS\system32\DRIVERS\USBPORT.SYS
0xF7717000 usbuhci.sys
0xF7607000 usbhub.sys
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF771F000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74B5000 pcmcia.sys
0xF7617000 MountMgr.sys
0xF7496000 ftdisk.sys
0xF7727000 PartMgr.sys
0xF772F000 MirDisk.sys
0xF7627000 VolSnap.sys
0xF747E000 atapi.sys
0xF798D000 d346prt.sys
0xF7466000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7737000 cercsr6.sys
0xF7637000 disk.sys
0xF7647000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7446000 fltmgr.sys
0xF7434000 sr.sys
0xF7423000 mrfoldr.sys
0xF773F000 HKDirFlt.sys
0xF7657000 PxHelp20.sys
0xF740C000 KSecDD.sys
0xF7884000 WudfPf.sys
0xF7B52000 Ntfs.sys
0xF7870000 inspect.sys
0xF7843000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xF7747000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xF798F000 speedfan.sys
0xF774F000 SaibIa32.sys
0xF7667000 SahdIa32.sys
0xBA7E6000 Mup.sys
0xF7757000 hotcore3.sys
0xF7A50000 giveio.sys
0xF775F000 avgrkx86.sys
0xF7677000 AVGIDSEH.Sys
0xBA7D6000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9434000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB9430000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB8E30000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB8E1C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8DF4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8D60000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xB942C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA7C6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB93D3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA7B6000 \SystemRoot\System32\Drivers\oz776.sys
0xB9428000 \SystemRoot\System32\Drivers\SMCLIB.SYS
0xBA796000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA786000 \SystemRoot\system32\DRIVERS\L8042pr2.Sys
0xBA776000 \SystemRoot\system32\DRIVERS\LMouFlt2.Sys
0xB93BB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB93B3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA766000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA716000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA756000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA712000 \??\C:\WINDOWS\system32\drivers\pfc.sys
0xBA746000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8D07000 \SystemRoot\system32\DRIVERS\ks.sys
0xB9835000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB8CF6000 \SystemRoot\system32\DRIVERS\VMNetSrv.sys
0xB8CD8000 \SystemRoot\system32\DRIVERS\dne2000.sys
0xB8CC1000 \SystemRoot\System32\Drivers\ezplay.sys
0xF7797000 \SystemRoot\system32\DRIVERS\avgfwdx.sys
0xB8CAE000 \SystemRoot\System32\Drivers\DlinkUDSMBus.sys
0xB9825000 \SystemRoot\system32\drivers\srs_sscfilter_i386.sys
0xF779F000 \SystemRoot\system32\drivers\wowhd_kern_i386.sys
0xB9815000 \SystemRoot\system32\drivers\csiidecoder_kern_i386.sys
0xB9805000 \SystemRoot\system32\drivers\surroundhp_kern_i386.sys
0xB97F5000 \SystemRoot\system32\drivers\tshd4_kern_i386.sys
0xF77A7000 \SystemRoot\system32\drivers\WsAudio_DeviceS(1).sys
0xB8C8A000 \SystemRoot\system32\drivers\portcls.sys
0xB97E5000 \SystemRoot\system32\drivers\drmk.sys
0xF7ABA000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF79E1000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF77AF000 \SystemRoot\System32\Drivers\Modem.SYS
0xB97D5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA702000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8BD3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB97C5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB97B5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8BC2000 \SystemRoot\system32\DRIVERS\psched.sys
0xB97A5000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77BF000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF76B7000 \SystemRoot\System32\Drivers\pcouffin.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xB8B92000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8B75000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0xF79E3000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8B17000 \SystemRoot\system32\DRIVERS\update.sys
0xBA6E6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8ADC000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\wsimd.sys
0xBA6DE000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA6DA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF76E7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA85A2000 \SystemRoot\system32\drivers\sthda.sys
0xF7577000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xA84CC000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xBA69D000 \SystemRoot\System32\Drivers\cdrbsvsd.SYS
0xF79F5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A8C000 \SystemRoot\System32\Drivers\Null.SYS
0xF79F7000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77F7000 \SystemRoot\System32\drivers\vga.sys
0xF79F9000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79FB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77FF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7807000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9C48000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA843F000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA83E6000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF7547000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA83C0000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF780F000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xA8378000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xA8328000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7537000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA8306000 \SystemRoot\System32\drivers\afd.sys
0xF7527000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7517000 \SystemRoot\System32\Drivers\SaibVd32.sys
0xA82CB000 \??\C:\WINDOWS\system32\Drivers\vmm.sys
0xA82A9000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF7817000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA827E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB95C5000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0xA820E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA81F8000 \??\C:\Program Files\UltraISO\drivers\ISODrive.sys
0xF7507000 \SystemRoot\System32\Drivers\Fips.SYS
0xA81BC000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xA803B000 \SystemRoot\System32\Drivers\aswSP.SYS
0xA8370000 \SystemRoot\System32\drivers\aspi32.sys
0xB9C4C000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xA8572000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA8023000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79A5000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB8AC8000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77DF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7AC0000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1D8000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA7F57000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xA7F53000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA7ECE000 \SystemRoot\System32\Drivers\DefragFS.SYS
0xA806A000 \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
0xA7EB6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8062000 \SystemRoot\system32\DRIVERS\pnarp.sys
0xB9C8C000 \SystemRoot\system32\DRIVERS\pnpcap.sys
0xF781F000 \SystemRoot\system32\DRIVERS\purendis.sys
0xA7C37000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA79EF000 \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
0xA7855000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xA7831000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA7AA7000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xA77B2000 \SystemRoot\system32\DRIVERS\srv.sys
0xA762F000 \??\C:\WINDOWS\system32\drivers\supersafer.sys
0xF7995000 \??\C:\Program Files\CyberLink\PowerDVD\000.fcl
0xA748A000 \SystemRoot\system32\drivers\wdmaud.sys
0xA7F93000 \SystemRoot\system32\drivers\sysaudio.sys
0xB9C74000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xB9C54000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 46):
0 System Idle Process
4 System
1828 C:\WINDOWS\system32\smss.exe
1796 csrss.exe
256 C:\WINDOWS\system32\winlogon.exe
476 C:\WINDOWS\system32\services.exe
492 C:\WINDOWS\system32\lsass.exe
864 C:\Program Files\Softex\OmniPass\OmniServ.exe
876 C:\WINDOWS\system32\svchost.exe
1108 svchost.exe
1148 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1172 C:\WINDOWS\system32\svchost.exe
1404 C:\WINDOWS\system32\svchost.exe
1976 svchost.exe
2008 svchost.exe
628 C:\WINDOWS\system32\WLTRYSVC.EXE
632 C:\WINDOWS\system32\BCMWLTRY.EXE
776 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1696 C:\WINDOWS\system32\spoolsv.exe
1852 scardsvr.exe
1880 C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\acs.exe
1916 C:\WINDOWS\system32\CTSVCCDA.EXE
1932 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
332 C:\Program Files\Google\Update\GoogleUpdate.exe
1084 C:\Program Files\Java\jre6\bin\jqs.exe
1744 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
1736 C:\WINDOWS\system32\mfsyncsv.exe
1836 C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
1448 C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
604 C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
804 C:\WINDOWS\system32\svchost.exe
856 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
1524 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
2124 C:\Program Files\TeamViewer\Version5\TeamViewer.exe
2156 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
384 alg.exe
308 C:\WINDOWS\explorer.exe
3864 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
2980 C:\Program Files\Pure Networks\Network Magic\nmapp.exe
3220 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
3480 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2824 C:\Program Files\MImpPRO\MIProHst.exe
3732 C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\wirelesscm.exe
2936 C:\Program Files\Mozilla Firefox\firefox.exe
2752 C:\WINDOWS\system32\notepad.exe
3400 C:\Documents and Settings\Pete\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS721080G9SA00, Rev: MC4OC10H

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Legit MBR code detected
SHA1: 397480E03F82925B9B94EA2A54A75A78E81FD00F

Done!

**Broni** · September 10th, 2010, 09:48 PM

Make sure to paste all future logs into your reply.

...

Thread: I've got something and it's stubborn

Thread Tools

Search Thread

Display

I've got something and it's stubborn

Thread Information

Users Browsing this Thread

Posting Permissions