Squamish

Thanks Maniac. Funny thing is TDSKiller and OTL have completely disappeared from my hard drive! Nothing left but the TDSKiller quarantine file! Do you think maybe someone it taking a personal interest in my computer LOL?

I have downloaded and run OTL "Quick Scan" , with "All Users" checked. Report as follows: OTL logfile created on: 20/09/2012 10:56:33 AM - Run 1 OTL by OldTimer - Version 3.2.64.0 Folder = C:\Documents and Settings\User1\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.87 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 65.21% Memory free 3.72 Gb Paging File | 3.25 Gb Available in Paging File | 87.26% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 78.62 Gb Free Space | 52.75% Space Free | Partition Type: NTFS Drive E: | 189.91 Gb Total Space | 30.57 Gb Free Space | 16.10% Space Free | Partition Type: NTFS Computer Name: XPPRO | User Name: User1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/09/20 10:52:51 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User1\Desktop\OTL.exe PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe PRC - [2011/10/08 17:34:24 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe PRC - [2011/08/09 16:40:34 | 000,763,224 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/10/23 10:45:40 | 001,336,632 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe PRC - [2001/08/24 12:18:06 | 000,045,056 | ---- | M] () -- C:\WINDOWS\Gtwatch.exe PRC - [1998/07/23 13:06:26 | 000,067,584 | ---- | M] (IntelliQuest Communications, Inc.) -- C:\Program Files\Corel\Print Office 2000\Register\Remind32.exe ========== Modules (No Company Name) ========== MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009/01/12 14:45:34 | 000,020,886 | ---- | M] () -- C:\WINDOWS\system32\ddmon.dll MOD - [2007/10/23 10:45:40 | 001,336,632 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe MOD - [2001/08/24 12:18:06 | 000,045,056 | ---- | M] () -- C:\WINDOWS\Gtwatch.exe ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011/10/08 17:34:24 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice) SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService) SRV - [2010/01/25 11:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\lautdjxa.sys -- (otkt) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - [2012/09/20 10:30:54 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{745277F5-29E2-4779-9FCA-8AD5A7193441}\MpKsla9b38e7b.sys -- (MpKsla9b38e7b) DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/10/08 17:04:42 | 000,239,472 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor) DRV - [2011/09/20 14:29:32 | 000,016,208 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter) DRV - [2011/09/20 14:29:30 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter) DRV - [2010/12/28 02:44:47 | 000,017,984 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\system32\WinFLdrv.sys -- (WinFLdrv) DRV - [2010/11/16 01:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi) DRV - [2009/09/10 15:58:26 | 000,021,648 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OlyCamComm.sys -- (OlyCamComm) DRV - [2009/07/28 16:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2009/02/12 16:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rsdrv.sys -- (ElRawDisk) DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt) DRV - [2007/07/16 14:29:43 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxfax.sys -- (HPFXFAX) DRV - [2007/07/16 14:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK) DRV - [2007/02/02 13:03:24 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006/07/02 14:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2004/08/13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004/07/06 17:06:46 | 000,188,416 | ---- | M] (Pinnacle Systems GmbH) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\vobIW.sys -- (vobiw) DRV - [2004/06/01 12:41:46 | 000,064,000 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cdrdrv.sys -- (cdrdrv) DRV - [2004/03/10 15:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K) DRV - [2003/08/01 14:47:24 | 000,029,239 | ---- | M] (Pinnacle Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vobid.sys -- (VOBID) DRV - [2001/11/25 02:11:54 | 000,081,924 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB010B.SYS -- (FINEPIX_PCC) DRV - [2001/10/04 11:53:16 | 000,009,728 | ---- | M] (VOB Computersysteme GmbH) [Kernel | Unavailable | Unknown] -- C:\WINDOWS\System32\drivers\vobcom.sys -- (vobcom) DRV - [2001/08/27 11:09:14 | 000,018,120 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt681x.sys -- (GT681x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data] IE - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.search.yahoo.com/web/advanced IE - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\..\SearchScopes,DefaultScope = Yahoo! IE - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\..\SearchScopes\{CF8FD575-3DCE-4A4C-ADF6-D98EC5C1E6DE}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box_im2_test_v2 IE - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\..\SearchScopes\Yahoo!: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iobit-trans IE - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://ca.search.yahoo.com/web/advanced" FF - prefs.js..extensions.enabledAddons: en-CA@dictionaries.addons.mozilla.org:2.0.5 FF - prefs.js..extensions.enabledAddons: {ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}:1.6.5 FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8 FF - prefs.js..extensions.enabledItems: {ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}:1.6.5 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: en-CA@dictionaries.addons.mozilla.org:2.0.3 FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/04/09 23:46:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/08 15:26:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/08 15:26:01 | 000,000,000 | ---D | M] [2009/10/04 17:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User1\Application Data\Mozilla\Extensions [2012/09/15 23:26:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\le6pj937.default\extensions [2010/10/21 09:11:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\le6pj937.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/10/16 10:05:37 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\le6pj937.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}(2) [2012/09/15 23:26:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\le6pj937.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/02/17 21:19:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\le6pj937.default\extensions\{ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d} [2009/10/08 23:18:16 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\le6pj937.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} [2009/11/09 22:47:41 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\le6pj937.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(2) [2012/07/25 20:41:37 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\le6pj937.default\extensions\en-CA@dictionaries.addons.mozilla.org [2009/10/13 10:57:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\sus4ts1i.default\extensions [2009/10/13 10:57:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\sus4ts1i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009/10/13 10:57:39 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\sus4ts1i.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} [2009/10/08 23:13:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User1\Application Data\Mozilla\sus4ts1i.default\extensions [2009/10/08 23:13:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User1\Application Data\Mozilla\sus4ts1i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009/10/08 23:13:33 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\User1\Application Data\Mozilla\sus4ts1i.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} [2010/05/04 20:31:43 | 000,002,149 | ---- | M] () -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\le6pj937.default\searchplugins\MyStart Search.xml [2012/09/06 17:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2009/10/05 12:11:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012/09/06 17:44:51 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/07/19 19:15:29 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2012/08/29 21:55:55 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/07/19 19:15:29 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2012/07/19 19:15:29 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2012/08/29 21:55:55 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [2012/07/19 19:15:29 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2011/06/20 15:44:34 | 000,434,415 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14977 more lines... O3 - HKLM\..\Toolbar: (no name) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Gtwatch] C:\WINDOWS\Gtwatch.exe () O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [updatePDRShortCut] C:\Program Files\CyberLink\PowerDirector10\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-1614895754-2111687655-725345543-1003..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit) O4 - HKU\S-1-5-21-1614895754-2111687655-725345543-1003..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk = File not found O4 - Startup: C:\Documents and Settings\User1\Start Menu\Programs\Startup\Corel Print Office Registration.lnk = C:\Program Files\Corel\Print Office 2000\Register\Remind32.exe (IntelliQuest Communications, Inc.) O4 - Startup: C:\Documents and Settings\User1\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\Print Office 2000\CorelCENTRAL\Programs\alarm.exe (Corel Corporation Limited) O4 - Startup: C:\Documents and Settings\User1\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\Documents and Settings\User1\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-21-1614895754-2111687655-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1256147026765 (MUCatalogWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260896473687 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - Reg Error: Value error. File not found O18 - Protocol\Handler\intu-qt2009 - No CLSID value found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/10/01 06:24:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/09/20 10:52:47 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User1\Desktop\OTL.exe [2012/09/20 10:27:22 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User1\Desktop\tdsskiller.exe [2012/09/20 07:27:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Desktop\RK_Quarantine [2012/09/17 21:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Video Related Programs [2012/09/17 21:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Graphics Related Programs [2012/09/17 21:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Start Menu\Programs\NCH Software Suite [2012/09/17 21:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audio Related Programs [2012/09/17 21:11:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Application Data\NCH Software [2012/09/17 21:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Utilities [2012/09/17 21:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite [2012/09/17 21:10:41 | 000,734,344 | ---- | C] (NCH Software) -- C:\Documents and Settings\User1\Desktop\doxillionsetup.exe [2012/09/17 21:02:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\My Documents\AGM2012 English w_files [2012/09/13 19:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2012/09/13 19:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/09/13 19:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012/09/08 15:28:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NewBlue [2012/09/08 15:25:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime [2012/09/08 15:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012/09/08 15:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Start Menu\Programs\CyberLink PowerDirector 10 [2012/09/08 14:16:31 | 000,583,544 | ---- | C] (CyberLink) -- C:\Program Files\CyberLink_PowerDirector_Downloader.exe [2012/09/08 13:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Application Data\Sony [2012/09/06 17:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012/08/28 20:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\My Documents\Suite Walter's [2012/08/26 12:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Desktop\Vintage JAPAN [2012/08/22 12:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\My Documents\Suite Walter's Resized [2012/08/22 11:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Application Data\Blackberry Desktop [2012/08/22 11:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Start Menu\Programs\BlackBerry [2012/07/24 23:02:55 | 010,288,512 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mseinstall.exe [2012/03/23 12:59:49 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MicrosoftFixit.ProgramInstallUninstall.FISC.1255963545161770.1.1.Run.exe [2012/03/23 12:47:54 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MicrosoftFixit.ProgramInstallUninstall.RNP.1255962862156279.1.1.Run.exe [2012/03/23 12:40:43 | 000,463,080 | ---- | C] (CNET Download.com) -- C:\Program Files\cnet_RI11demosetup_exe.exe [2012/03/23 12:18:33 | 000,463,080 | ---- | C] (CNET Download.com) -- C:\Program Files\cnet_InstSocr_exe.exe [2010/10/24 20:29:35 | 004,285,496 | ---- | C] (Auction Sentry ) -- C:\Program Files\ASDsetup.exe [2010/09/09 21:05:00 | 641,476,032 | ---- | C] (Corel ) -- C:\Program Files\VSX3_Pro_TBYB.exe [2009/01/07 03:21:05 | 011,817,800 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\GoogleEarth.exe [2008/05/02 10:41:48 | 003,493,888 | ---- | C] (SanDisk Corporation) -- C:\Program Files\Launchpad Removal.exe [2007/12/09 16:00:48 | 000,593,920 | ---- | C] (SanDisk) -- C:\Program Files\PelicanExtension.dll [2007/10/23 10:33:16 | 002,129,920 | ---- | C] (U3) -- C:\Program Files\LPSecurityExtension.dll [2007/10/23 10:32:10 | 000,544,768 | ---- | C] (TODO: <Company name>) -- C:\Program Files\SanDiskFormatExtension.dll [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/09/20 10:52:51 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User1\Desktop\OTL.exe [2012/09/20 10:40:14 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/09/20 10:33:03 | 000,002,661 | ---- | M] () -- C:\Documents and Settings\User1\Start Menu\Programs\Startup\LaunchU3.exe.lnk [2012/09/20 10:30:34 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/09/20 10:30:24 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job [2012/09/20 10:30:23 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-2111687655-725345543-500.job [2012/09/20 10:30:23 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-2111687655-725345543-1003.job [2012/09/20 10:30:19 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/09/20 10:29:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/09/20 10:27:29 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User1\Desktop\tdsskiller.exe [2012/09/20 10:27:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/09/20 09:05:21 | 000,005,157 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\Deer.wpd [2012/09/20 08:31:33 | 000,003,622 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\Rootkit & Trojans.wpd [2012/09/20 08:01:41 | 000,000,914 | ---- | M] () -- C:\Documents and Settings\User1\Start Menu\Programs\Startup\Corel Print Office Registration.lnk [2012/09/20 07:51:29 | 000,000,328 | RHS- | M] () -- C:\boot.ini [2012/09/20 07:37:28 | 000,000,083 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\Rootkit infection RogueKiller Report... - Malwarebytes Forum.URL [2012/09/20 07:27:13 | 001,382,912 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\RogueKiller.exe [2012/09/17 21:13:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\DoxillionReminder.job [2012/09/17 21:12:12 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\prismShakeIcon.job [2012/09/17 21:12:12 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\prismSevenDays.job [2012/09/17 21:12:09 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Prism Video File Converter.lnk [2012/09/17 21:11:53 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\PixillionSevenDays.job [2012/09/17 21:11:52 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\PixillionReminder.job [2012/09/17 21:11:46 | 000,001,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pixillion Image Converter.lnk [2012/09/17 21:11:42 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\SwitchSevenDays.job [2012/09/17 21:11:38 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Switch Sound File Converter.lnk [2012/09/17 21:11:02 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Doxillion Document Converter.lnk [2012/09/17 21:10:43 | 000,734,344 | ---- | M] (NCH Software) -- C:\Documents and Settings\User1\Desktop\doxillionsetup.exe [2012/09/17 21:02:59 | 000,166,320 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\AGM2012 English w.htm [2012/09/17 20:55:09 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2012/09/17 20:41:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-2111687655-725345543-1003.job [2012/09/16 21:19:07 | 000,203,264 | ---- | M] () -- C:\Documents and Settings\User1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/09/14 19:29:10 | 000,095,220 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat [2012/09/14 08:50:03 | 000,000,065 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\RSOE EDIS - Emergency and Disaster Information Service.URL [2012/09/13 19:06:12 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2012/09/13 15:57:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/13 07:13:27 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\Weather Forecast Victoria.URL [2012/09/11 20:52:33 | 000,007,528 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\M41 Address.wpd [2012/09/10 11:22:38 | 000,021,007 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\Large Vertical Propane Tank.jpg [2012/09/09 09:44:29 | 000,001,082 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\CyberLink PowerDirector 10.lnk [2012/09/09 09:42:29 | 000,420,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/09/08 15:25:49 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2012/09/08 14:31:15 | 592,056,056 | ---- | M] () -- C:\Program Files\CyberLink.1703_GM5_Trial_VDE120314-02.exe [2012/09/08 14:16:33 | 000,583,544 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink_PowerDirector_Downloader.exe [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/09/06 21:18:07 | 000,001,070 | ---- | M] () -- C:\WINDOWS\checkip.dat [2012/09/06 21:09:27 | 000,001,211 | ---- | M] () -- C:\WINDOWS\ipconfig.dat [2012/09/06 18:50:44 | 000,017,711 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\boiled Linseed Oil.jpg [2012/09/06 18:49:17 | 000,037,781 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\Boiled Linseed Oil.php [2012/09/05 22:32:25 | 000,005,293 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\Inventory of Ammunition and Shooting Accessories Received.wpd [2012/09/01 22:22:07 | 000,007,648 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\Akro Bin.jpg [2012/08/31 16:36:34 | 001,012,050 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\IMG-20120831-00164.jpg [2012/08/31 16:35:58 | 001,006,720 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\IMG-20120831-00163.jpg [2012/08/31 16:35:44 | 001,261,195 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\IMG-20120831-00162.jpg [2012/08/26 06:37:35 | 000,053,929 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\Oil Pump AP 1.jpg [2012/08/26 06:37:16 | 000,096,294 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\Oil Pump AP.jpg [2012/08/25 11:55:18 | 000,000,054 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\Skin Deep® Cosmetics Database Environmental Working Group.URL [2012/08/22 14:34:23 | 000,002,025 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\DFAIT.wpd [2012/08/22 12:20:22 | 000,002,052 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\BlackBerry Desktop Software.lnk [2012/08/22 11:06:06 | 113,258,446 | ---- | M] () -- C:\Documents and Settings\User1\My Documents\601_b015.zip [2012/08/22 09:00:34 | 047,735,320 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\421_b017_english.exe [2012/08/22 07:22:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-2111687655-725345543-500.job [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/09/20 08:31:33 | 000,003,622 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\Rootkit & Trojans.wpd [2012/09/20 07:51:26 | 000,002,661 | ---- | C] () -- C:\Documents and Settings\User1\Start Menu\Programs\Startup\LaunchU3.exe.lnk [2012/09/20 07:51:26 | 000,002,539 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk [2012/09/20 07:51:26 | 000,002,046 | ---- | C] () -- C:\Documents and Settings\User1\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK [2012/09/20 07:51:26 | 000,000,914 | ---- | C] () -- C:\Documents and Settings\User1\Start Menu\Programs\Startup\Corel Print Office Registration.lnk [2012/09/20 07:37:28 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\Rootkit infection RogueKiller Report... - Malwarebytes Forum.URL [2012/09/20 07:27:10 | 001,382,912 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\RogueKiller.exe [2012/09/17 21:13:02 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\DoxillionReminder.job [2012/09/17 21:12:11 | 000,000,268 | ---- | C] () -- C:\WINDOWS\tasks\prismShakeIcon.job [2012/09/17 21:12:11 | 000,000,268 | ---- | C] () -- C:\WINDOWS\tasks\prismSevenDays.job [2012/09/17 21:12:09 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Prism Video File Converter.lnk [2012/09/17 21:12:09 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Prism Video File Converter.lnk [2012/09/17 21:11:52 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\PixillionSevenDays.job [2012/09/17 21:11:50 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\PixillionReminder.job [2012/09/17 21:11:46 | 000,001,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pixillion Image Converter.lnk [2012/09/17 21:11:46 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Pixillion Image Converter.lnk [2012/09/17 21:11:42 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\SwitchSevenDays.job [2012/09/17 21:11:38 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Switch Sound File Converter.lnk [2012/09/17 21:11:38 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Switch Sound File Converter.lnk [2012/09/17 21:11:02 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Doxillion Document Converter.lnk [2012/09/17 21:11:02 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Doxillion Document Converter.lnk [2012/09/17 21:02:45 | 000,166,320 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\AGM2012 English w.htm [2012/09/14 08:50:03 | 000,000,065 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\RSOE EDIS - Emergency and Disaster Information Service.URL [2012/09/13 19:06:12 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2012/09/13 07:13:27 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\Weather Forecast Victoria.URL [2012/09/11 20:52:33 | 000,007,528 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\M41 Address.wpd [2012/09/10 11:22:36 | 000,021,007 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\Large Vertical Propane Tank.jpg [2012/09/08 15:25:49 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2012/09/08 15:23:49 | 000,001,082 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\CyberLink PowerDirector 10.lnk [2012/09/08 14:16:59 | 592,056,056 | ---- | C] () -- C:\Program Files\CyberLink.1703_GM5_Trial_VDE120314-02.exe [2012/09/06 21:10:06 | 000,001,070 | ---- | C] () -- C:\WINDOWS\checkip.dat [2012/09/06 21:09:27 | 000,001,211 | ---- | C] () -- C:\WINDOWS\ipconfig.dat [2012/09/06 18:50:43 | 000,017,711 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\boiled Linseed Oil.jpg [2012/09/06 18:48:00 | 000,037,781 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\Boiled Linseed Oil.php [2012/09/05 22:10:37 | 000,005,293 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\Inventory of Ammunition and Shooting Accessories Received.wpd [2012/09/01 22:22:06 | 000,007,648 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\Akro Bin.jpg [2012/08/31 17:02:52 | 001,012,050 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\IMG-20120831-00164.jpg [2012/08/31 17:02:46 | 001,006,720 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\IMG-20120831-00163.jpg [2012/08/31 17:02:38 | 001,261,195 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\IMG-20120831-00162.jpg [2012/08/26 06:35:51 | 000,053,929 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\Oil Pump AP 1.jpg [2012/08/26 06:35:37 | 000,096,294 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\Oil Pump AP.jpg [2012/08/25 11:55:18 | 000,000,054 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\Skin Deep® Cosmetics Database Environmental Working Group.URL [2012/08/22 14:34:23 | 000,002,025 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\DFAIT.wpd [2012/08/22 11:46:20 | 000,002,052 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\BlackBerry Desktop Software.lnk [2012/08/22 11:03:37 | 113,258,446 | ---- | C] () -- C:\Documents and Settings\User1\My Documents\601_b015.zip [2012/08/22 08:54:58 | 047,735,320 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\421_b017_english.exe [2012/08/17 10:28:24 | 000,000,037 | ---- | C] () -- C:\Documents and Settings\User1\eMailTrackerPro-Path [2012/07/11 11:42:18 | 116,064,632 | ---- | C] () -- C:\Program Files\700_b060_multilanguage.exe [2012/06/28 00:03:00 | 000,000,400 | ---- | C] () -- C:\WINDOWS\g_iclink294.ini [2012/06/28 00:03:00 | 000,000,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\bcompbg691.dat [2012/06/27 23:53:44 | 133,949,709 | ---- | C] () -- C:\Program Files\rh40eval_en_20110309.exe [2012/06/13 18:49:20 | 000,095,220 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2012/06/06 01:36:48 | 002,333,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012/04/24 21:59:15 | 000,020,886 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll [2012/04/12 12:14:36 | 001,919,299 | ---- | C] () -- C:\Program Files\FSCaptureSetup70.exe [2012/02/26 20:28:05 | 000,177,345 | ---- | C] () -- C:\WINDOWS\hppins12.dat.temp [2012/02/26 20:28:05 | 000,007,855 | ---- | C] () -- C:\WINDOWS\hppmdl12.dat.temp [2012/02/26 20:27:47 | 000,000,346 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini [2012/02/15 08:44:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/18 13:25:41 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc [2011/12/28 19:06:48 | 001,393,664 | ---- | C] () -- C:\Program Files\epson10479.exe [2011/12/28 18:54:25 | 006,278,656 | ---- | C] () -- C:\Program Files\epson10609.exe [2011/09/27 18:03:53 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll [2011/06/21 09:50:19 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2011/06/20 14:41:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/06/20 14:41:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/06/20 14:41:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/06/20 14:41:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/06/20 14:41:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/06/18 19:33:52 | 000,017,816 | -HS- | C] () -- C:\Documents and Settings\User1\Local Settings\Application Data\6a1d6xm04q533d3mwwdve2hq [2011/06/18 19:33:52 | 000,017,816 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6a1d6xm04q533d3mwwdve2hq [2011/06/18 11:48:13 | 000,017,004 | -HS- | C] () -- C:\Documents and Settings\User1\Local Settings\Application Data\i6240nq2ooi8p2eb4a6ln2x8ol5t8u41x34rs184ji6e2iq [2011/06/18 11:48:13 | 000,017,004 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\i6240nq2ooi8p2eb4a6ln2x8ol5t8u41x34rs184ji6e2iq [2011/06/18 11:48:05 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Fcogerezu.dat [2011/06/18 11:48:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ijebite.bin [2011/05/05 16:29:52 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys [2011/05/05 16:26:52 | 000,000,665 | ---- | C] () -- C:\WINDOWS\System32\hppapr12.dat [2011/05/05 16:24:22 | 000,176,773 | ---- | C] () -- C:\WINDOWS\hppins12.dat [2011/05/05 16:24:22 | 000,007,855 | ---- | C] () -- C:\WINDOWS\hppmdl12.dat [2011/02/19 11:55:59 | 000,018,120 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\gt681x.sys [2011/02/19 11:52:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI [2011/02/19 11:35:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\Gtwatch.exe [2010/12/28 02:44:52 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\WinVd32.sys [2010/12/28 02:44:47 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\WinFLsrv.exe [2010/11/28 13:49:20 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\User1\pool.bin [2010/11/24 16:35:37 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2010/11/24 16:35:37 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2010/03/26 22:14:04 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat [2009/12/15 13:38:41 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe [2009/10/03 08:29:45 | 000,203,264 | ---- | C] () -- C:\Documents and Settings\User1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/05/06 15:10:10 | 000,000,009 | ---- | C] () -- C:\Program Files\version.dat [2008/05/04 16:02:26 | 004,603,904 | ---- | C] () -- C:\Program Files\LaunchPad.exe [2007/12/09 16:03:08 | 000,001,901 | ---- | C] () -- C:\Program Files\PelicanExtension.dll.sig [2007/10/23 10:33:18 | 000,001,901 | ---- | C] () -- C:\Program Files\LPSecurityExtension.dll.sig [2007/10/23 10:32:12 | 000,001,901 | ---- | C] () -- C:\Program Files\SanDiskFormatExtension.dll.sig [2007/10/23 09:27:20 | 000,110,592 | ---- | C] () -- C:\Program Files\cleanup.exe [2007/10/23 09:23:10 | 000,109,621 | R--- | C] () -- C:\Program Files\LPHelp-en.chm [2007/10/23 09:23:10 | 000,098,339 | R--- | C] () -- C:\Program Files\LPHelp-de.chm [2007/10/23 09:23:10 | 000,095,968 | R--- | C] () -- C:\Program Files\LPHelp-fr.chm [2007/10/23 09:23:10 | 000,094,331 | R--- | C] () -- C:\Program Files\LPHelp-it.chm [2007/10/23 09:23:10 | 000,094,194 | R--- | C] () -- C:\Program Files\LPHelp-es.chm [2007/10/23 09:23:10 | 000,090,017 | R--- | C] () -- C:\Program Files\LPHelp-jp.chm [2007/10/23 09:23:10 | 000,088,034 | R--- | C] () -- C:\Program Files\LPHelp-tw.chm [2007/10/23 09:23:10 | 000,078,576 | R--- | C] () -- C:\Program Files\LPHelp-ch.chm [2007/10/23 09:22:58 | 000,058,842 | R--- | C] () -- C:\Program Files\Loading.gif [2007/10/23 09:22:58 | 000,000,328 | R--- | C] () -- C:\Program Files\Loading.htm [2007/10/23 09:22:22 | 000,035,070 | ---- | C] () -- C:\Program Files\PelicanBusy.gif [2007/10/23 09:22:22 | 000,000,082 | ---- | C] () -- C:\Program Files\PelicanBusyPage.htm ========== ZeroAccess Check ========== [2012/07/24 07:55:17 | 000,000,804 | ---- | M] () -- C:\WINDOWS\Installer\{cdb25c9d-eb84-2cef-321c-6695fcdc3328}\L\00000004.@ [2009/10/20 18:54:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini ========== LOP Check ========== [2011/12/29 16:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit [2011/06/26 14:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Qualcomm [2011/12/29 17:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems [2012/09/13 19:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2011/06/25 19:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aN28601McCcD28601 [2011/06/21 16:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2009/10/13 11:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland [2009/10/04 17:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon [2011/01/18 16:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2009/10/05 13:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure [2011/01/18 16:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure [2009/10/04 02:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg [2010/05/04 20:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM [2010/05/04 20:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail [2011/11/22 23:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit [2012/01/22 13:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LoanSpread [2012/06/28 00:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McNeel [2011/09/19 16:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS [2012/01/10 19:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2010/11/24 16:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS [2010/04/07 15:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle [2012/01/10 19:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PLAV [2012/08/22 12:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion [2009/10/04 04:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT [2011/12/21 12:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc [2012/09/08 14:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/04/10 01:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2012/06/05 09:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012/04/28 13:36:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{4F6F9106-1191-447A-967C-32A982C7AE01} [2011/11/14 11:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\PhotoParade [2012/01/18 13:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\AuctionSentry [2012/08/22 11:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Blackberry Desktop [2009/10/05 13:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Blitware [2011/03/21 18:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\CoffeeCup Software [2012/04/28 14:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\deskPDF [2012/09/17 20:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\deskUNPDF [2009/10/05 13:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\DriverCure [2012/03/23 12:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\ElevatedDiagnostics [2012/01/21 14:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Felitec [2009/10/17 11:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\FUJIFILM [2010/12/16 18:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\GetRightToGo [2012/01/08 16:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\ImgBurn [2011/10/20 15:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\IObit [2010/11/24 00:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\ParetoLogic [2009/10/03 06:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Qualcomm [2012/07/11 11:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Research In Motion [2012/09/08 13:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Sony [2010/03/26 22:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\yoclient ========== Purity Check ========== ========== Files - Unicode (All) ========== [2012/02/23 23:39:29 | 000,000,071 | ---- | M] ()(C:\Documents and Settings\User1\Desktop\???????:???.URL) -- C:\Documents and Settings\User1\Desktop\テレビジャパン：番組表.URL [2012/02/23 23:39:29 | 000,000,071 | ---- | C] ()(C:\Documents and Settings\User1\Desktop\???????:???.URL) -- C:\Documents and Settings\User1\Desktop\テレビジャパン：番組表.URL [2011/05/16 20:17:10 | 000,000,066 | ---- | M] ()(C:\Documents and Settings\User1\Desktop\????????~??????????~.URL) -- C:\Documents and Settings\User1\Desktop\てくてく世界旅。～世界一周できるかなぁ～.URL [2011/05/16 20:17:10 | 000,000,066 | ---- | C] ()(C:\Documents and Settings\User1\Desktop\????????~??????????~.URL) -- C:\Documents and Settings\User1\Desktop\てくてく世界旅。～世界一周できるかなぁ～.URL ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\WINDOWS\$NtUninstallKB11231$] -> Error: Cannot create file handle -> Unknown point type ========== Alternate Data Streams ========== @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2E1DEC < End of report >

Maniac, thank you for the quick reply. I have downloaded TDSSKiller from your link and checked all boxes, rebooted and run the program. "Cure" was not available as an action so I selected "Skip" for all problems found. The following is the report generated. It's huge, so I hope this is what you wanted me to post!? Should I proceed with the second step now, or is further work with TDSSKiller required before proceeding? Thank you! Whoops! I can't post the report; I get an error message "post_too_long", so I've cut out most of it. 10:32:14.0000 3796 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 10:32:16.0000 3796 ============================================================ 10:32:16.0000 3796 Current date / time: 2012/09/20 10:32:16.0000 10:32:16.0000 3796 SystemInfo: 10:32:16.0000 3796 10:32:16.0000 3796 OS Version: 5.1.2600 ServicePack: 3.0 10:32:16.0000 3796 Product type: Workstation 10:32:18.0343 3796 ComputerName: XPPRO 10:32:18.0343 3796 UserName: User1 10:32:18.0343 3796 Windows directory: C:\WINDOWS 10:32:18.0343 3796 System windows directory: C:\WINDOWS 10:32:18.0343 3796 Processor architecture: Intel x86 10:32:18.0343 3796 Number of processors: 2 10:32:18.0343 3796 Page size: 0x1000 10:32:18.0343 3796 Boot type: Normal boot 10:32:18.0343 3796 ============================================================ .... 10:39:18.0968 2508 ============================================================ 10:39:18.0968 2508 Scan finished 10:39:18.0968 2508 ============================================================ 10:39:19.0078 2500 Detected object count: 14 10:39:19.0078 2500 Actual detected object count: 14 10:40:16.0265 2500 ASAPIW2K ( UnsignedFile.Multi.Generic ) - skipped by user 10:40:16.0265 2500 ASAPIW2K ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:40:16.0265 2500 BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user 10:40:16.0265 2500 BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:40:16.0265 2500 cdrdrv ( UnsignedFile.Multi.Generic ) - skipped by user 10:40:16.0265 2500 cdrdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:40:16.0265 2500 GT681x ( UnsignedFile.Multi.Generic ) - skipped by user 10:40:16.0265 2500 GT681x ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:40:16.0281 2500 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user 10:40:16.0281 2500 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:40:16.0281 2500 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user 10:40:16.0281 2500 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:40:16.0281 2500 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 10:40:16.0281 2500 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:40:16.0296 2500 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 10:40:16.0296 2500 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:40:16.0296 2500 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 10:40:16.0296 2500 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:40:16.0296 2500 vobcom ( UnsignedFile.Multi.Generic ) - skipped by user 10:40:16.0296 2500 vobcom ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:40:16.0296 2500 VOBID ( UnsignedFile.Multi.Generic ) - skipped by user 10:40:16.0296 2500 VOBID ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:40:16.0296 2500 vobiw ( UnsignedFile.Multi.Generic ) - skipped by user 10:40:16.0296 2500 vobiw ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:40:16.0296 2500 WinFLdrv ( HiddenFile.Multi.Generic ) - skipped by user 10:40:16.0296 2500 WinFLdrv ( HiddenFile.Multi.Generic ) - User select action: Skip 10:40:16.0312 2500 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 10:40:16.0312 2500 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Another program just found a trojan on my system: Win32/Sirefef!cfg Went to check MWB and found "Malicious Website Blocking" was not enabled and would not enable! Followed the instructions here, (same problem with website blocking) http://forums.malwarebytes.org/index.php?showtopic=116008&hl=enable+malicious+website+blocking&fromsearch=1 Downloaded RogueKiller and this is the report; any help appreciated! Thanks in advance. RogueKiller V8.0.4 [09/19/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : User1 [Admin rights] Mode : Scan -- Date : 09/20/2012 07:29:13 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND [services][ROGUE ST] HKLM\[...]\ControlSet003\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [Tr.Karagany][FOLDER] plugs : C:\Documents and Settings\User1\Application Data\Adobe\plugs --> FOUND [Tr.Karagany][FOLDER] shed : C:\Documents and Settings\User1\Application Data\Adobe\shed --> FOUND [ZeroAccess][FOLDER] U : C:\WINDOWS\Installer\{cdb25c9d-eb84-2cef-321c-6695fcdc3328}\U --> FOUND [ZeroAccess][FOLDER] L : C:\WINDOWS\Installer\{cdb25c9d-eb84-2cef-321c-6695fcdc3328}\L --> FOUND [ZeroAccess][FOLDER] U : C:\Documents and Settings\User1\Local Settings\Application Data\{cdb25c9d-eb84-2cef-321c-6695fcdc3328}\U --> FOUND [ZeroAccess][FOLDER] L : C:\Documents and Settings\User1\Local Settings\Application Data\{cdb25c9d-eb84-2cef-321c-6695fcdc3328}\L --> FOUND ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3160815AS +++++ --- User --- [MBR] 76ca9fdc5bea1d66eb6070cba2ced0f2 [bSP] e1415b92bd20d3d312f30e0dd5f81af0 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Maxtor 6L200S0 +++++ --- User --- [MBR] 3dc1645f88e0ccf1c5fa566d2cabc716 [bSP] 1f06f7ef8d5f64f42062d3ce8a8819bf : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 194466 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt

I thought I-bin-bit was a great package when I first found it. Sure, they copied Hijack this and Index.dat Suite and who knows what else, but it was nice get all that in one package. If I'd known they were based in China I would never have downloaded the software though, or anything else. As for the poor suckers who would share their names, addresses and credit card or paypal info with a company in China....you've got to wonder about some people's judgement! One thing I always wondered was why you had to keep downloading new versions and replacing the whole folder instead of just updates like other software has. Does anyone know? Couldn't help wondering if something else was being downloaded as well. The real question of course is why no one in the West put together that kind of package?