might be infected

[malware destroyer]

i have been told to post a log in this part of the forum and if you got to this topic that i first started you will see what the problem is and here is a gmer log and also here is the link to my post i started http://forums.malwarebytes.org/index.php?showtopic=53923

[Maurice Naggar]

Hello,

I'm willing to volunteer to help you under these terms

a) You use adequate and proper punctuation, like periods (.) at the end of each sentence.

b- You have a problem you wish to get help with and you have to be clear (very clear) and precise to the other person.

c) This is not a informal texting session, like a chat over cell phone.

d) If you can't do that, that's fine but I would be out of here.

If you agree,

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Take out the trash (temporary files & temporary internet files)

Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.

Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

ATF-Cleaner should be run per the above in every user-login account {User Profile}

Step 4

Important! => Open Notepad > Click on Format > Uncheck Word wrap, if checked. Exit Notepad.

Step 5

Using Internet Explorer browser only, go to ESET Online Scanner website:

Vista users should start IE by Start (Vista Orb) >> Internet Explorer >> Right-Click and select Run As Administrator.

• Accept the Terms of Use and press Start button;
  
• Approve the install of the required ActiveX Control, then follow on-screen instructions;
  
• Enable (check) the Remove found threats option, and run the scan.
  
• After the scan completes, the Details tab in the Results window will display what was found and removed.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.
    

  Look at contents of this file using Notepad or Wordpad.

  The Frequently Asked Questions for ESET Online Scanner can be viewed here

  http://www.eset.com/onlinescan/cac4.php?page=faq

  • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
    Otherwise the scan will take twice as long to do:
    everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    
  • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
    (And the prompt re-enabling when finished.)
    
  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    

Step 6

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

• Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  
• In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  
• Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  
• It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  
• Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  
• Exit OTL by clicking the X at top right.
  

Download Security Check by screen317 and save it to your Desktop: here or here

• Run Security Check
  
• Follow the onscreen instructions inside of the command window.
  
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
  

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

• the contents of ESET scan log
  
• the contents of OTL.txt
  
• the contents of Extras.txt
  
• the contents of checkup.txt
  

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

[malware destroyer]

Here is all of the logs in order as requested.

ESETSmartInstaller@High as CAB hook log:

Can not create directory.OnlineScanner.ocx - registred OK

OTL logfile created on: 21/06/2010 02:40:56 - Run 1

OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\jay\Desktop

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18928)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69.65 Gb Total Space | 43.91 Gb Free Space | 63.04% Space Free | Partition Type: NTFS

Drive D: | 69.64 Gb Total Space | 69.55 Gb Free Space | 99.87% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: JAY-PC

Current User Name: jay

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/21 02:36:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe

PRC - [2010/06/20 23:41:08 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Jay\AppData\Local\Temp\RtkBtMnt.exe

PRC - [2010/06/14 00:04:50 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe

PRC - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe

PRC - [2010/06/01 19:00:40 | 002,039,240 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe

PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2010/04/21 14:34:14 | 000,704,432 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

PRC - [2009/12/21 21:59:47 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2009/08/17 23:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/01/19 08:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe

========== Modules (SafeList) ==========

MOD - [2010/06/21 02:36:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe

MOD - [2010/06/01 19:00:52 | 000,278,288 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll

MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

MOD - [2008/01/19 08:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)

SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/04/21 14:34:14 | 000,704,432 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)

SRV - [2010/04/21 14:34:14 | 000,704,432 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)

SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2010/06/09 21:15:55 | 000,224,240 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)

DRV - [2010/06/01 19:00:06 | 000,075,944 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)

DRV - [2010/06/01 19:00:06 | 000,030,112 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)

DRV - [2010/06/01 19:00:04 | 000,016,744 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd)

DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2009/12/21 21:59:48 | 002,152,344 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009/12/21 16:44:33 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)

DRV - [2009/09/29 09:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort)

DRV - [2009/09/29 09:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM)

DRV - [2009/09/29 09:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum)

DRV - [2009/09/08 10:40:14 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)

DRV - [2008/11/19 18:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)

DRV - [2008/11/19 18:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)

DRV - [2008/11/19 18:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)

DRV - [2008/11/17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®

DRV - [2008/07/11 11:20:10 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)

DRV - [2008/03/11 22:02:32 | 000,061,440 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)

DRV - [2008/02/21 10:55:00 | 000,299,008 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)

DRV - [2007/08/24 12:56:36 | 000,057,600 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rdwm1027.sys -- (RDID1027)

DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)

DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 CE 1A 9A 71 81 CA 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/05 17:55:03 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/20 23:40:39 | 000,000,000 | ---D | M]

[2010/05/05 04:41:25 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Mozilla\Extensions

[2010/06/21 01:08:14 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\3gapovgn.default\extensions

[2010/05/12 13:39:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\3gapovgn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/05/05 05:07:08 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\s971i1lt.default\extensions

[2010/05/05 05:07:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\s971i1lt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/05/05 04:40:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/04/01 17:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4 - HKLM..\Run: [iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Reg Error: Key error.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Users\Jay\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Jay\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{bfa96c14-11bb-11df-b14c-f2ac88c1747f}\Shell - "" = AutoRun

O33 - MountPoints2\{bfa96c14-11bb-11df-b14c-f2ac88c1747f}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe -- File not found

O33 - MountPoints2\{ed8551ac-ece0-11de-8715-e9b16f7a2fd5}\Shell - "" = AutoRun

O33 - MountPoints2\{ed8551ac-ece0-11de-8715-e9b16f7a2fd5}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/21 02:36:51 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\jay\Desktop\OTL.exe

[2010/06/21 01:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/06/21 01:26:41 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\jay\Desktop\ATF-Cleaner.exe

[2010/06/10 00:52:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/06/10 00:52:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/06/10 00:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/06/08 21:11:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2010/06/08 21:11:56 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010/06/08 21:11:56 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010/06/08 21:11:55 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2010/06/08 21:11:54 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010/06/08 21:11:54 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010/06/08 21:11:54 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2010/06/08 21:11:54 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010/06/08 21:11:53 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2010/06/08 21:11:53 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2010/06/08 21:11:53 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2010/06/08 21:11:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010/06/08 21:11:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2010/06/08 21:11:52 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2010/06/08 21:11:52 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2010/06/08 21:11:38 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010/06/08 21:11:37 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010/06/08 21:11:30 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll

[2010/06/08 21:11:05 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010/06/07 17:47:06 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\COMODO

[2010/06/07 13:44:53 | 000,000,000 | -H-D | C] -- C:\VritualRoot

[2010/06/07 13:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader

[2010/06/05 23:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo

[2010/06/05 23:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo

[2010/06/01 19:00:52 | 000,278,288 | ---- | C] (COMODO) -- C:\Windows\System32\guard32.dll

[2010/06/01 19:00:06 | 000,075,944 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys

[2010/06/01 19:00:06 | 000,030,112 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys

[2010/06/01 19:00:04 | 000,224,240 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys

[2010/06/01 19:00:04 | 000,016,744 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys

[2010/05/25 18:31:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010/05/24 14:44:47 | 000,000,000 | ---D | C] -- C:\iolo

========== Files - Modified Within 30 Days ==========

[2010/06/21 02:45:48 | 001,572,864 | ---- | M] () -- C:\Users\jay\ntuser.dat

[2010/06/21 02:36:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\jay\Desktop\OTL.exe

[2010/06/21 02:35:37 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat

[2010/06/21 01:40:18 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/06/21 01:40:17 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/06/21 01:26:41 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\jay\Desktop\ATF-Cleaner.exe

[2010/06/21 01:07:33 | 000,002,633 | ---- | M] () -- C:\Users\jay\Desktop\Microsoft Office Outlook 2007.lnk

[2010/06/21 01:05:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/06/20 23:48:06 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/06/20 23:48:06 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/06/20 23:48:06 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/06/20 23:40:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/06/19 02:28:03 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{3d9c93d1-7967-11df-9597-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010/06/19 02:28:03 | 000,065,536 | -HS- | M] () -- C:\Users\jay\ntuser.dat{3d9c93d1-7967-11df-9597-806e6f6e6963}.TM.blf

[2010/06/19 02:27:58 | 002,229,704 | -H-- | M] () -- C:\Users\jay\AppData\Local\IconCache.db

[2010/06/16 21:28:45 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/06/16 18:09:48 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{3d9c93d1-7967-11df-9597-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2010/06/16 17:51:51 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{4ec553f7-786c-11df-b9e8-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010/06/16 17:51:51 | 000,065,536 | -HS- | M] () -- C:\Users\jay\ntuser.dat{4ec553f7-786c-11df-b9e8-806e6f6e6963}.TM.blf

[2010/06/16 17:47:24 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{15f39c40-7960-11df-9841-001d72d31bcd}.TMContainer00000000000000000002.regtrans-ms

[2010/06/16 17:47:24 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{15f39c40-7960-11df-9841-001d72d31bcd}.TMContainer00000000000000000001.regtrans-ms

[2010/06/16 17:47:24 | 000,065,536 | -HS- | M] () -- C:\Users\jay\ntuser.dat{15f39c40-7960-11df-9841-001d72d31bcd}.TM.blf

[2010/06/16 17:34:34 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{cca80f31-795f-11df-9bce-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2010/06/16 17:34:34 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{cca80f31-795f-11df-9bce-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010/06/16 17:34:34 | 000,065,536 | -HS- | M] () -- C:\Users\jay\ntuser.dat{cca80f31-795f-11df-9bce-806e6f6e6963}.TM.blf

[2010/06/15 12:12:44 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{4ec553f7-786c-11df-b9e8-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2010/06/15 11:55:33 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{2df66a6f-7325-11df-8861-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010/06/15 11:55:33 | 000,065,536 | -HS- | M] () -- C:\Users\jay\ntuser.dat{2df66a6f-7325-11df-8861-806e6f6e6963}.TM.blf

[2010/06/11 07:17:23 | 000,000,386 | ---- | M] () -- C:\Windows\System32\ioloBootDefrag.cfg

[2010/06/11 01:56:35 | 000,000,271 | ---- | M] () -- C:\Windows\SysMech.INI

[2010/06/09 22:13:16 | 000,002,627 | ---- | M] () -- C:\Users\jay\Desktop\Microsoft Office Word 2007.lnk

[2010/06/09 21:15:55 | 000,224,240 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys

[2010/06/08 21:33:22 | 000,371,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/06/08 21:31:18 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{2df66a6f-7325-11df-8861-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2010/06/08 18:43:54 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{b52fe7ef-72fd-11df-99ee-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010/06/08 18:43:54 | 000,065,536 | -HS- | M] () -- C:\Users\jay\ntuser.dat{b52fe7ef-72fd-11df-99ee-806e6f6e6963}.TM.blf

[2010/06/08 18:41:42 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{b52fe7ef-72fd-11df-99ee-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2010/06/08 14:01:24 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{eeaf176f-7259-11df-a3b2-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010/06/08 14:01:24 | 000,065,536 | -HS- | M] () -- C:\Users\jay\ntuser.dat{eeaf176f-7259-11df-a3b2-806e6f6e6963}.TM.blf

[2010/06/08 03:10:03 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{eeaf176f-7259-11df-a3b2-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2010/06/07 18:29:03 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{4b999b33-722e-11df-8de0-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010/06/07 18:29:03 | 000,065,536 | -HS- | M] () -- C:\Users\jay\ntuser.dat{4b999b33-722e-11df-8de0-806e6f6e6963}.TM.blf

[2010/06/07 13:41:26 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk

[2010/06/07 13:30:54 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{4b999b33-722e-11df-8de0-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2010/06/07 13:16:45 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{5215cb79-6b5b-11df-81fb-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010/06/07 13:16:45 | 000,065,536 | -HS- | M] () -- C:\Users\jay\ntuser.dat{5215cb79-6b5b-11df-81fb-806e6f6e6963}.TM.blf

[2010/06/05 23:48:09 | 000,524,288 | -HS- | M] () -- C:\ProgramData\NTUSER.dat{f0fb24e9-70f1-11df-94db-001d72d31bcd}.TMContainer00000000000000000002.regtrans-ms

[2010/06/05 23:48:09 | 000,524,288 | -HS- | M] () -- C:\ProgramData\NTUSER.dat{f0fb24e9-70f1-11df-94db-001d72d31bcd}.TMContainer00000000000000000001.regtrans-ms

[2010/06/05 23:48:09 | 000,065,536 | -HS- | M] () -- C:\ProgramData\NTUSER.dat{f0fb24e9-70f1-11df-94db-001d72d31bcd}.TM.blf

[2010/06/05 23:48:08 | 000,262,144 | ---- | M] () -- C:\ProgramData\NTUSER.dat

[2010/06/05 14:07:08 | 000,001,356 | ---- | M] () -- C:\Users\jay\AppData\Local\d3d9caps.dat

[2010/06/01 19:00:52 | 000,278,288 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll

[2010/06/01 19:00:06 | 000,075,944 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys

[2010/06/01 19:00:06 | 000,030,112 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys

[2010/06/01 19:00:04 | 000,016,744 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys

[2010/05/29 20:52:52 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{5215cb79-6b5b-11df-81fb-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2010/05/29 20:51:29 | 000,065,536 | -HS- | M] () -- C:\Users\jay\ntuser.dat{e3a48733-6821-11df-8508-806e6f6e6963}.TM.blf

[2010/05/29 20:51:28 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{e3a48733-6821-11df-8508-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010/05/26 18:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010/05/26 15:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010/05/25 18:23:58 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{e3a48733-6821-11df-8508-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2010/05/25 18:22:46 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{3ca44d14-674c-11df-a060-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010/05/25 18:22:46 | 000,065,536 | -HS- | M] () -- C:\Users\jay\ntuser.dat{3ca44d14-674c-11df-a060-806e6f6e6963}.TM.blf

[2010/05/25 02:51:33 | 000,014,848 | ---- | M] () -- C:\Users\jay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/24 16:55:18 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{3ca44d14-674c-11df-a060-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2010/05/24 16:53:45 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{4aa5f1f5-66ae-11df-aac5-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010/05/24 16:53:45 | 000,065,536 | -HS- | M] () -- C:\Users\jay\ntuser.dat{4aa5f1f5-66ae-11df-aac5-806e6f6e6963}.TM.blf

[2010/05/23 22:04:33 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{4aa5f1f5-66ae-11df-aac5-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2010/05/23 22:02:58 | 000,065,536 | -HS- | M] () -- C:\Users\jay\ntuser.dat{a6f2ac52-6393-11df-a2e2-806e6f6e6963}.TM.blf

[2010/05/23 22:02:57 | 000,524,288 | -HS- | M] () -- C:\Users\jay\ntuser.dat{a6f2ac52-6393-11df-a2e2-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

========== Files Created - No Company Name ==========

[2010/06/16 21:28:45 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/06/16 17:56:51 | 000,524,288 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{3d9c93d1-7967-11df-9597-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2010/06/16 17:56:51 | 000,524,288 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{3d9c93d1-7967-11df-9597-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010/06/16 17:56:51 | 000,065,536 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{3d9c93d1-7967-11df-9597-806e6f6e6963}.TM.blf

[2010/06/16 17:39:24 | 000,524,288 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{15f39c40-7960-11df-9841-001d72d31bcd}.TMContainer00000000000000000002.regtrans-ms

[2010/06/16 17:39:24 | 000,524,288 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{15f39c40-7960-11df-9841-001d72d31bcd}.TMContainer00000000000000000001.regtrans-ms

[2010/06/16 17:39:24 | 000,065,536 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{15f39c40-7960-11df-9841-001d72d31bcd}.TM.blf

[2010/06/16 16:59:45 | 000,524,288 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{cca80f31-795f-11df-9bce-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2010/06/16 16:59:45 | 000,524,288 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{cca80f31-795f-11df-9bce-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010/06/16 16:59:45 | 000,065,536 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{cca80f31-795f-11df-9bce-806e6f6e6963}.TM.blf

[2010/06/15 11:56:32 | 000,524,288 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{4ec553f7-786c-11df-b9e8-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2010/06/15 11:56:32 | 000,524,288 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{4ec553f7-786c-11df-b9e8-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010/06/15 11:56:32 | 000,065,536 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{4ec553f7-786c-11df-b9e8-806e6f6e6963}.TM.blf

[2010/06/08 20:49:11 | 000,524,288 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{2df66a6f-7325-11df-8861-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2010/06/08 20:49:11 | 000,524,288 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{2df66a6f-7325-11df-8861-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010/06/08 20:49:11 | 000,065,536 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{2df66a6f-7325-11df-8861-806e6f6e6963}.TM.blf

[2010/06/08 14:02:25 | 000,524,288 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{b52fe7ef-72fd-11df-99ee-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2010/06/08 14:02:25 | 000,524,288 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{b52fe7ef-72fd-11df-99ee-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010/06/08 14:02:25 | 000,065,536 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{b52fe7ef-72fd-11df-99ee-806e6f6e6963}.TM.blf

[2010/06/07 19:09:15 | 000,524,288 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{eeaf176f-7259-11df-a3b2-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2010/06/07 19:09:15 | 000,524,288 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{eeaf176f-7259-11df-a3b2-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010/06/07 19:09:15 | 000,065,536 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{eeaf176f-7259-11df-a3b2-806e6f6e6963}.TM.blf

[2010/06/07 13:44:03 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat

[2010/06/07 13:41:26 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk

[2010/06/07 13:18:18 | 000,524,288 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{4b999b33-722e-11df-8de0-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2010/06/07 13:18:18 | 000,524,288 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{4b999b33-722e-11df-8de0-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010/06/07 13:18:18 | 000,065,536 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{4b999b33-722e-11df-8de0-806e6f6e6963}.TM.blf

[2010/06/05 23:48:08 | 000,524,288 | -HS- | C] () -- C:\ProgramData\NTUSER.dat{f0fb24e9-70f1-11df-94db-001d72d31bcd}.TMContainer00000000000000000002.regtrans-ms

[2010/06/05 23:48:08 | 000,524,288 | -HS- | C] () -- C:\ProgramData\NTUSER.dat{f0fb24e9-70f1-11df-94db-001d72d31bcd}.TMContainer00000000000000000001.regtrans-ms

[2010/06/05 23:48:08 | 000,262,144 | ---- | C] () -- C:\ProgramData\NTUSER.dat

[2010/06/05 23:48:08 | 000,065,536 | -HS- | C] () -- C:\ProgramData\NTUSER.dat{f0fb24e9-70f1-11df-94db-001d72d31bcd}.TM.blf

[2010/06/05 23:48:08 | 000,005,120 | -H-- | C] () -- C:\ProgramData\NTUSER.dat.LOG1

[2010/06/05 23:48:08 | 000,000,000 | -H-- | C] () -- C:\ProgramData\NTUSER.dat.LOG2

[2010/05/29 20:52:51 | 000,524,288 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{5215cb79-6b5b-11df-81fb-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2010/05/29 20:52:51 | 000,524,288 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{5215cb79-6b5b-11df-81fb-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010/05/29 20:52:51 | 000,065,536 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{5215cb79-6b5b-11df-81fb-806e6f6e6963}.TM.blf

[2010/05/25 18:23:57 | 000,524,288 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{e3a48733-6821-11df-8508-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2010/05/25 18:23:57 | 000,524,288 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{e3a48733-6821-11df-8508-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010/05/25 18:23:57 | 000,065,536 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{e3a48733-6821-11df-8508-806e6f6e6963}.TM.blf

[2010/05/24 16:55:18 | 000,524,288 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{3ca44d14-674c-11df-a060-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2010/05/24 16:55:18 | 000,524,288 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{3ca44d14-674c-11df-a060-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010/05/24 16:55:18 | 000,065,536 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{3ca44d14-674c-11df-a060-806e6f6e6963}.TM.blf

[2010/05/23 22:04:33 | 000,524,288 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{4aa5f1f5-66ae-11df-aac5-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2010/05/23 22:04:33 | 000,524,288 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{4aa5f1f5-66ae-11df-aac5-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010/05/23 22:04:33 | 000,065,536 | -HS- | C] () -- C:\Users\Jay\ntuser.dat{4aa5f1f5-66ae-11df-aac5-806e6f6e6963}.TM.blf

[2010/01/19 00:24:15 | 000,000,271 | ---- | C] () -- C:\Windows\SysMech.INI

[2010/01/18 23:49:28 | 002,316,712 | ---- | C] () -- C:\Windows\System32\Incinerator.dll

[2010/01/04 13:11:50 | 000,007,680 | ---- | C] () -- C:\Windows\System32\RdCi1027.dll

[2009/12/21 22:01:32 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini

[2009/12/20 15:51:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/12/20 03:52:33 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll

[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2008/07/11 11:38:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll

[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/03/09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010/05/05 05:09:42 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\iolo

[2010/02/04 19:53:03 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\LG Electronics

[2009/12/31 22:14:59 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Propellerhead Software

[2010/06/19 02:28:05 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Files - Unicode (All) ==========

[2010/05/24 17:33:45 | 000,000,000 | ---D | M](C:\Users\jay\Documents\my rns song files?) -- C:\Users\jay\Documents\my rns song files

[2009/12/31 23:05:36 | 000,000,000 | ---D | C](C:\Users\jay\Documents\my rns song files?) -- C:\Users\jay\Documents\my rns song files

< End of report >

OTL Extras logfile created on: 21/06/2010 02:40:56 - Run 1

OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\jay\Desktop

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18928)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69.65 Gb Total Space | 43.91 Gb Free Space | 63.04% Space Free | Partition Type: NTFS

Drive D: | 69.64 Gb Total Space | 69.55 Gb Free Space | 99.87% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: JAY-PC

Current User Name: jay

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{53A5E599-71A1-4A6D-9EE9-0EFF0E753953}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{710BD920-D49D-4865-9E65-8B775E73359E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{76863DAF-765C-4D39-8DCE-7F250B3B4790}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{699B0675-808F-4CA6-9A61-1615E80795CE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver

"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"ENTERPRISER" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"HDMI" = Intel® Graphics Media Accelerator Driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Marvell Miniport Driver" = Marvell Miniport Driver

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"Reason4_is1" = Reason 4.0.1

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 18/06/2010 21:27:57 | Computer Name = jay-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 18/06/2010 21:27:57 | Computer Name = jay-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 18/06/2010 21:27:57 | Computer Name = jay-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 18/06/2010 21:27:57 | Computer Name = jay-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 18/06/2010 21:27:57 | Computer Name = jay-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 18/06/2010 21:27:57 | Computer Name = jay-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 18/06/2010 21:27:57 | Computer Name = jay-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 20/06/2010 18:40:27 | Computer Name = jay-PC | Source = Windows Search Service | ID = 3038

Description =

Error - 20/06/2010 18:40:31 | Computer Name = jay-PC | Source = Windows Search Service | ID = 3028

Description =

Error - 20/06/2010 18:40:31 | Computer Name = jay-PC | Source = Windows Search Service | ID = 3058

Description =

[ OSession Events ]

Error - 25/04/2010 13:58:00 | Computer Name = jay-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 246

seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 29/01/2010 03:21:18 | Computer Name = jay-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 29/01/2010 12:11:16 | Computer Name = jay-PC | Source = Microsoft-Windows-Kernel-General | ID = 5

Description =

Error - 29/01/2010 12:12:39 | Computer Name = jay-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 29/01/2010 20:13:08 | Computer Name = jay-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 29/01/2010 20:13:08 | Computer Name = jay-PC | Source = Service Control Manager | ID = 7024

Description =

Error - 29/01/2010 20:13:08 | Computer Name = jay-PC | Source = Service Control Manager | ID = 7031

Description =

Error - 29/01/2010 20:26:57 | Computer Name = jay-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 29/01/2010 20:26:57 | Computer Name = jay-PC | Source = Service Control Manager | ID = 7024

Description =

Error - 29/01/2010 20:26:57 | Computer Name = jay-PC | Source = Service Control Manager | ID = 7031

Description =

Error - 29/01/2010 20:38:22 | Computer Name = jay-PC | Source = Service Control Manager | ID = 7000

Description =

[malware destroyer]

Results of screen317's Security Check version 0.99.4

Windows Vista Service Pack 2 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

iolo technologies' System Mechanic

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Adobe Flash Player 10.1.53.64

Mozilla Firefox (3.6.3)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Comodo Firewall cmdagent.exe

Comodo Firewall cfp.exe

iolo common lib ioloServiceManager.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

[Maurice Naggar]

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start (Vista Orb) >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

• Accept the Terms of Use and press Start button;
  
• Approve the install of the required ActiveX Control, then follow on-screen instructions;
  
• Enable (check) the Remove found threats option, and run the scan.
  
• After the scan completes, the Details tab in the Results window will display what was found and removed.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.
    

  Look at contents of this file using Notepad or Wordpad.

  The Frequently Asked Questions for ESET Online Scanner can be viewed here

  http://www.eset.com/onlinescan/cac4.php?page=faq

  • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
    Otherwise the scan will take twice as long to do:
    everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    
  • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
    (And the prompt re-enabling when finished.)
    
  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    
  • Do not use the system while the scan is running. Once the full scan is underway, go take a long break
    

You have GMER from before.

========================================================

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

========================================================

RIGHT-click gmer.exe. and select Run As Administrator to start. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click Yes.
  
• Once the scan is complete, you may receive another notice about rootkit activity.
  
• Click OK.
  
• GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt".
  
• Save it where you can easily find it, such as your desktop.
  

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

• Click the Scan button and let the program do its work. GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt".
  
• Save it where you can easily find it, such as your desktop.
  

Reply with copy of the Eset scan log

and the Gmer log

and tell me, How is your system now?

[malware destroyer]

Here are the logs as requested.

[Maurice Naggar]

instead of attaching the logs, open each one (in turn) on your system, using NOTEPAD.

Select all lines & Copy (CTRL+A , CTRL+C) then paste into a reply text-box

Do both and post reply.

I cannot download your logs otherwise.

Always, copy contents of logs/reports and Paste in-line.

Thanks

[malware destroyer]

sorry about that here they are.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-22 01:19:38

Windows 6.0.6002 Service Pack 2

Running: xm09iw0i.exe; Driver: C:\Users\jay\AppData\Local\Temp\kfldypow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlId 3

Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlModified 1

Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlKBytes 0

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\0

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\0@CrawlType 1

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\0@InProgress 1

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\0@DoneAddingCrawlSeeds 1

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\0@LogName C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl0.gthr

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\0@CheckPoint 0x66 0x82 0x00 0x00 ...

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\0@IsCatalogLevel 0

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\0@LogStartAddId 0

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\1@InProgress 0

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\1@DoneAddingCrawlSeeds 0

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\1@LogStartAddId -1

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\0@CrawlNumberInProgress 0

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\0@CrawlNumberScheduled 1

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\0@LastCrawlType 0

---- EOF - GMER 1.0.15 ----

[Maurice Naggar]

There's not much here in the ESET log. If you are sure you got all of it, then ok. But if log has more, see if you can get all of ESET log.txt

In any event, run this tool

Please download >> DrWeb-CureIt << and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:

• Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  
• Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  
• The Express scan will automatically begin.
  (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  
• If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  
• If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  
• After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  
• In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  
• Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  
• Please be patient as this scan could take a long time to complete.
  
• When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  
• Click Select All, then choose Cure > Move incurable.
  
• In the top menu, click file and choose save report list.
  
• Save the DrWeb.csv report to your desktop.
  
• Exit Dr.Web Cureit when done.
  
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
  

[malware destroyer]

thats all that was in the ESET log

[Maurice Naggar]

That's ok. Go ahead and run the DrWeb Cure-It. Let's see what the findings are.

[malware destroyer]

can i do it with networking ?

[Maurice Naggar]

Run it in Safe mode. You'll have to restart system. Tap F8 & repeat tap when sys is restarting.

at Advanced Options menu, select SAFE mode. using the up | down arrows on keyboard.

After it has finished, restart in Normal mode.

[malware destroyer]

i did the scan with dr web and it found nothing also it would not let me save a log. i think that was because it found nothing

[Maurice Naggar]

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Link 3

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• RIGHT click on Combo-Fix.exe and select Run As Administrator & follow the prompts.
  

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

RE-Enable your AntiVirus and AntiSpyware applications.

Reply with copy of C:\Combofix.txt

[malware destroyer]

Gonna do the scan now but at about 3 this morning in the uk i started to get windows error report saying com surrgote had stoped working and that the DEP stoped it to help prevent data loss and son reboot my computer as i was getting loads of them then comodo firewall pop-up apear on my screen saying cmd.exe is in the sandbox and that it was trying to connect to the internet to desternation ip 224.0.0.22 could you tell me if that ip is bad i have blocked it and then i just blocked cmd.exe the whole thing if you could advise on this it would really help thanks

[Maurice Naggar]

Unblock what you have blocked. If needed, disable your Comodo & just be sure the Windows firewall is on.

Also as alternate, use another pc to download Combofix.exe then copy to the desktop of this system.

It is VERY tough to understand you when you do not use some punctuation and break up (demark) your sentences.

Can you help in that ?

I won't be able to check on you until much later this evening (my time).

[malware destroyer]

sorry if you find me hard to understand. so that ip address is a safe ip then so i can unblock cmd.exe connecting to that ip? also i have found the dr-web cureit log but when i do the copy and paste in to me reply it will not do it can i zip it then upload it that way? I tryed to run combofix but i just get the bar after i have clicked on the exe and then nothing happens what can i do ?

[malware destroyer]

it will not post the log fully when i copy and paste it into my reply so because of that im gonna upload it as a zip also with the dr-web log that i found

Edited June 24, 2010 by Maurice Naggar

[Maurice Naggar]

• Please RIGHT-click OTL.exe and choose Run As Administrator to start it.
  
• Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  *****************************************************************
  :processes
  :reg
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfa96c14-11bb-11df-b14c-f2ac88c1747f}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed8551ac-ece0-11de-8715-e9b16f7a2fd5}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
  :Commands
  [purity]
  [emptytemp]
  [CREATERESTOREPOINT]
  *****************************************************************
  
• Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
  
• Using your mouse, click on the red-lettered button Run Fix.
  
• Once you see a message box "Fix complete! Click OK to open the fix log."
  Click the OK button
  
• The log will open in Notepad (your default text editor).
  
• Save the log. Post a copy of that log in your next reply.
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2

Please download Rooter.exe and save to your desktop.

alternate download link

• Double-click on Rooter.exe to start the tool. If using Vista, right-click and Run as Administrator...
  
• Click the Scan button to begin.
  
• Once the scan is complete, Notepad will open with a report named Rooter_#.txt (where # is the number assigned to the report).
  
• A folder will be created at the %systemdrive% (usually, C:\Rooter$) where the log will be saved.
  
• Rooter will automatically close. If it doesn't, just press the Close button.
  
• Copy and paste the contents of Rooter_#.txt in your next reply.
  

Important: Before performing a scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.

• Disconnect from the Internet or physically unplug you Internet cable connection.
  
• Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  
• Temporarily disable your anti-virus and real-time anti-spyware protection.
  
• After starting the scan, do not use the computer until the scan has completed.
  
• When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  

Step 3

a) Tell me when & why you added Symantec Endpoint security?

B- This still has Comodo.

Reply with copy of OTL MovedFiles from above

and copy of Rooter log

and answer to my questions.

Jay, if I may re-emphasize, as you type a PERIOD and tap Enter-key at end of each sentence.

Like this.

Can you do that?

You don't gotta put everything slam-bam all together like this where it is difficult to understand know what i mean

I am not seeing malware left.

[malware destroyer]

i have not got symantec no more but i do not know why combofix detected

[malware destroyer]

here is the rooter log

Rooter.exe (v1.0.2) by Eric_71

.

SeDebugPrivilege granted successfully ...

.

Windows Vista . (6.0.6002) Service Pack 2

[32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel

.

[wscsvc] (Security Center) RUNNING (state:4)

[MpsSvc] RUNNING (state:4)

Windows Firewall -> Disabled !

Windows Defender -> Disabled !

User Account Control (UAC) -> Enabled

.

Internet Explorer 8.0.6001.18928

Mozilla Firefox 3.6.4 (en-GB)

.

C:\ [Fixed-NTFS] .. ( Total:69 Go - Free:43 Go )

D:\ [Fixed-NTFS] .. ( Total:69 Go - Free:69 Go )

E:\ [CD_Rom]

.

Scan : 22:49.30

Path : C:\Users\jay\Desktop\Rooter.exe

User : jay ( Administrator -> YES )

.

----------------------\\ Processes

.

Locked [system Process] (0)

Locked System (4)

______ \SystemRoot\System32\smss.exe (528)

______ C:\Windows\system32\csrss.exe (612)

______ C:\Windows\system32\wininit.exe (656)

______ C:\Windows\system32\csrss.exe (668)

______ C:\Windows\system32\services.exe (700)

______ C:\Windows\system32\lsass.exe (712)

______ C:\Windows\system32\lsm.exe (720)

______ C:\Windows\system32\winlogon.exe (848)

______ C:\Windows\system32\svchost.exe (936)

______ C:\Windows\system32\svchost.exe (996)

______ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (1036)

______ C:\Windows\system32\svchost.exe (1112)

______ C:\Windows\System32\svchost.exe (1244)

______ C:\Windows\System32\svchost.exe (1268)

______ C:\Windows\system32\svchost.exe (1280)

Locked audiodg.exe (1360)

______ C:\Windows\system32\svchost.exe (1388)

______ C:\Windows\system32\SLsvc.exe (1436)

______ C:\Windows\system32\svchost.exe (1476)

______ C:\Windows\System32\spoolsv.exe (1852)

______ C:\Windows\system32\svchost.exe (1876)

______ C:\Program Files\iolo\common\lib\ioloServiceManager.exe (324)

______ C:\Windows\system32\svchost.exe (944)

______ C:\Windows\system32\svchost.exe (1348)

______ C:\Windows\System32\svchost.exe (2204)

______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2312)

______ C:\Windows\system32\SearchIndexer.exe (2336)

______ C:\Windows\system32\taskeng.exe (2520)

______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2680)

______ C:\Windows\system32\taskeng.exe (2956)

______ C:\Windows\system32\Dwm.exe (2976)

______ C:\Windows\Explorer.EXE (3060)

______ C:\Windows\System32\hkcmd.exe (3340)

______ C:\Windows\System32\igfxpers.exe (3360)

______ C:\Windows\system32\igfxsrvc.exe (3480)

______ C:\Program Files\Windows Media Player\wmpnscfg.exe (3584)

______ C:\Program Files\Windows Media Player\wmpnetwk.exe (3636)

______ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (3748)

______ C:\Windows\RtHDVCpl.exe (3756)

______ C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (3780)

______ C:\Program Files\Comodo\COMODO Internet Security\cfp.exe (3796)

______ C:\Program Files\Windows Live\Messenger\msnmsgr.exe (3804)

______ C:\Users\jay\AppData\Local\Temp\RtkBtMnt.exe (3892)

______ C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (3328)

______ C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (3864)

______ C:\Windows\servicing\TrustedInstaller.exe (3420)

______ C:\Windows\system32\SearchProtocolHost.exe (2600)

______ C:\Windows\system32\DllHost.exe (2060)

______ C:\Windows\system32\DllHost.exe (3556)

______ C:\Users\jay\Desktop\Rooter.exe (1768)

.

----------------------\\ Device\Harddisk0\

.

\Device\Harddisk0 [sectors : 63 x 512 Bytes]

.

\Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:10485760000)

\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:10486808576 | Length:74781294592)

\Device\Harddisk0\Partition3 (Start_Offset:85268103168 | Length:74771857408)

.

----------------------\\ Scheduled Tasks

.

C:\Windows\Tasks\SA.DAT

C:\Windows\Tasks\SCHEDLGU.TXT

.

----------------------\\ Registry

.

.

----------------------\\ Files & Folders

.

----------------------\\ Scan completed at 22:49.31

.

C:\Rooter$\Rooter_2.txt - (24/06/2010 | 22:49.31)

[Maurice Naggar]

Dr.Web Cure-It did not tag anything, and neither did Combofix. No malwares found to this point.

Do these things. First, make sure to close and save any documents you have open. Close programs that you started.

Step 1

Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  
• IF prompted to Reboot, reply "Yes".
  

Step 2

Download and SAVE HijackThis

Save the HJT to your desktop or the folder of your choice, then navigate to that folder and double-click Hijackthis.exe to start it.

Do a "Scan and Save log".

Step 3

Download Security Check by screen317 and save it to your Desktop: here or here

• Run Security Check
  
• Follow the onscreen instructions inside of the command window.
  
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
  

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Step 4

Reply with copy of HijackThis log

and Checkup.txt

[malware destroyer]

here are the logs

[screen317]

malware destroyer,

Do you still need help?