MBAM Runtime error 372 - help please

[steve jones]

New TDSSKiller log below - note this was produced before reboot, because I don't seem to get a proper reboot and no option to produce a log after reboot. TDSSKiller doesn't appear to be deleting the suspicious object though because it's been run at least 3 times and rebooted...

2010/11/16 04:01:26.0790 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22

2010/11/16 04:01:26.0790 ================================================================================

2010/11/16 04:01:26.0790 SystemInfo:

2010/11/16 04:01:26.0790

2010/11/16 04:01:26.0790 OS Version: 5.1.2600 ServicePack: 3.0

2010/11/16 04:01:26.0790 Product type: Workstation

2010/11/16 04:01:26.0790 ComputerName: WILL-88D4C38501

2010/11/16 04:01:26.0790 UserName: user

2010/11/16 04:01:26.0790 Windows directory: C:\WINDOWS

2010/11/16 04:01:26.0790 System windows directory: C:\WINDOWS

2010/11/16 04:01:26.0790 Processor architecture: Intel x86

2010/11/16 04:01:26.0790 Number of processors: 1

2010/11/16 04:01:26.0790 Page size: 0x1000

2010/11/16 04:01:26.0790 Boot type: Normal boot

2010/11/16 04:01:26.0790 ================================================================================

2010/11/16 04:01:27.0311 Initialize success

2010/11/16 04:01:49.0343 ================================================================================

2010/11/16 04:01:49.0343 Scan started

2010/11/16 04:01:49.0343 Mode: Manual;

2010/11/16 04:01:49.0343 ================================================================================

2010/11/16 04:01:51.0526 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys

2010/11/16 04:01:51.0837 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/11/16 04:01:52.0027 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/11/16 04:01:52.0377 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/11/16 04:01:52.0568 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/11/16 04:01:52.0968 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS

2010/11/16 04:01:53.0259 ALCXWDM (098a05b3dafb1244ada120b80758bda5) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2010/11/16 04:01:53.0499 aliadwdm (065a6d38a79216592de03f3525d6296e) C:\WINDOWS\system32\drivers\ac97ali.sys

2010/11/16 04:01:53.0709 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/11/16 04:01:53.0869 ApfiltrService (d3da11b88ab29076b78ff79f35f0586b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2010/11/16 04:01:54.0140 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/11/16 04:01:54.0611 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys

2010/11/16 04:01:54.0831 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/11/16 04:01:54.0911 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/11/16 04:01:55.0281 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/11/16 04:01:55.0482 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/11/16 04:01:55.0702 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/11/16 04:01:55.0902 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys

2010/11/16 04:01:56.0253 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys

2010/11/16 04:01:56.0473 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys

2010/11/16 04:01:56.0683 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys

2010/11/16 04:01:56.0904 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/11/16 04:01:57.0054 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

2010/11/16 04:01:57.0294 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys

2010/11/16 04:01:57.0495 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys

2010/11/16 04:01:57.0705 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys

2010/11/16 04:01:57.0895 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys

2010/11/16 04:01:57.0985 caboagp (10d5fb74ee18ea49c30daaa203c0e0ec) C:\WINDOWS\system32\DRIVERS\atisgkaf.sys

2010/11/16 04:01:58.0306 CamDrL (0f5ca31bb3fdb5c1e63c170cfbecc93b) C:\WINDOWS\system32\DRIVERS\Camdrl.sys

2010/11/16 04:01:58.0526 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/11/16 04:01:58.0736 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/11/16 04:01:58.0967 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/11/16 04:01:59.0197 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/11/16 04:01:59.0397 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/11/16 04:01:59.0778 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/11/16 04:01:59.0908 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/11/16 04:02:00.0379 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/11/16 04:02:00.0619 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/11/16 04:02:00.0809 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys

2010/11/16 04:02:00.0930 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/11/16 04:02:01.0170 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/11/16 04:02:01.0360 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/11/16 04:02:01.0651 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/11/16 04:02:01.0901 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/11/16 04:02:02.0211 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/11/16 04:02:02.0482 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/11/16 04:02:02.0682 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/11/16 04:02:02.0872 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/11/16 04:02:02.0993 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/11/16 04:02:03.0193 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/11/16 04:02:03.0373 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/11/16 04:02:03.0623 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\WINDOWS\system32\DRIVERS\hidbth.sys

2010/11/16 04:02:03.0864 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/11/16 04:02:04.0114 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/11/16 04:02:04.0284 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/11/16 04:02:04.0475 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/11/16 04:02:04.0675 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/11/16 04:02:04.0985 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/11/16 04:02:05.0216 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/11/16 04:02:05.0476 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/11/16 04:02:05.0676 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/11/16 04:02:05.0867 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/11/16 04:02:05.0947 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/11/16 04:02:06.0227 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/11/16 04:02:06.0427 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/11/16 04:02:06.0618 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/11/16 04:02:06.0818 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/11/16 04:02:07.0078 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/11/16 04:02:07.0159 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/11/16 04:02:07.0309 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/11/16 04:02:07.0529 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/11/16 04:02:07.0890 LEX_AS_NIC_SERVICE_YNOS (dd8bcb380aa2a8bca9fd613e3e2c23c0) C:\WINDOWS\system32\DRIVERS\ExpasAG.sys

2010/11/16 04:02:08.0180 LVUSBSta (64bc29c3a0388bfc580bb8b1346f7659) C:\WINDOWS\system32\drivers\LVUSBSta.sys

2010/11/16 04:02:08.0420 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/11/16 04:02:08.0521 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/11/16 04:02:08.0691 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/11/16 04:02:08.0791 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/11/16 04:02:09.0011 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/11/16 04:02:09.0171 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/11/16 04:02:09.0402 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/11/16 04:02:09.0642 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys

2010/11/16 04:02:09.0732 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/11/16 04:02:09.0953 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/11/16 04:02:10.0033 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/11/16 04:02:10.0263 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/11/16 04:02:10.0353 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/11/16 04:02:10.0553 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/11/16 04:02:10.0634 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/11/16 04:02:10.0864 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/11/16 04:02:11.0114 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/11/16 04:02:11.0325 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys

2010/11/16 04:02:11.0545 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/11/16 04:02:11.0595 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/11/16 04:02:11.0685 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/11/16 04:02:11.0855 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/11/16 04:02:11.0925 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/11/16 04:02:12.0176 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/11/16 04:02:12.0276 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/11/16 04:02:12.0516 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/11/16 04:02:12.0606 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/11/16 04:02:12.0847 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/11/16 04:02:13.0117 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/11/16 04:02:13.0438 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/11/16 04:02:13.0598 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/11/16 04:02:13.0708 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

2010/11/16 04:02:13.0888 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

2010/11/16 04:02:13.0958 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

2010/11/16 04:02:14.0209 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys

2010/11/16 04:02:14.0409 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/11/16 04:02:14.0479 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/11/16 04:02:14.0689 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/11/16 04:02:14.0800 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/11/16 04:02:14.0990 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/11/16 04:02:15.0180 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/11/16 04:02:15.0791 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/11/16 04:02:16.0011 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/11/16 04:02:16.0111 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/11/16 04:02:16.0542 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/11/16 04:02:16.0662 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/11/16 04:02:16.0883 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/11/16 04:02:17.0093 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/11/16 04:02:17.0243 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/11/16 04:02:17.0433 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/11/16 04:02:17.0574 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/11/16 04:02:17.0794 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/11/16 04:02:17.0994 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/11/16 04:02:18.0104 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

2010/11/16 04:02:18.0335 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2010/11/16 04:02:18.0585 s117bus (1f561844318914e7eb6e54673a4cc54c) C:\WINDOWS\system32\DRIVERS\s117bus.sys

2010/11/16 04:02:18.0805 s117mdfl (ba93eec3cdf6a63b77ae66221aa4f902) C:\WINDOWS\system32\DRIVERS\s117mdfl.sys

2010/11/16 04:02:19.0016 s117mdm (cba12fd8a8ee5b5cdfbbae2381cd6703) C:\WINDOWS\system32\DRIVERS\s117mdm.sys

2010/11/16 04:02:19.0286 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/11/16 04:02:19.0496 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2010/11/16 04:02:19.0596 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/11/16 04:02:19.0867 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/11/16 04:02:20.0117 SNC (1a992c8136c015453e82041c35b299da) C:\WINDOWS\system32\DRIVERS\SonyNC.sys

2010/11/16 04:02:20.0368 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/11/16 04:02:20.0598 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/11/16 04:02:20.0828 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/11/16 04:02:21.0099 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/11/16 04:02:21.0319 STVqx3 (65ba7d9daca76f67bb5a62f3570c5fe5) C:\WINDOWS\system32\drivers\STVqx3.sys

2010/11/16 04:02:21.0509 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/11/16 04:02:21.0689 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/11/16 04:02:22.0130 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/11/16 04:02:22.0400 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/11/16 04:02:22.0641 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/11/16 04:02:22.0811 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/11/16 04:02:22.0891 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/11/16 04:02:23.0121 tifmsony (1a406b0a846fe7250e16e05813aef849) C:\WINDOWS\system32\drivers\tifmsony.sys

2010/11/16 04:02:23.0412 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/11/16 04:02:23.0682 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/11/16 04:02:23.0923 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/11/16 04:02:24.0163 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/11/16 04:02:24.0363 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/11/16 04:02:24.0483 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/11/16 04:02:24.0694 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/11/16 04:02:24.0784 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/11/16 04:02:24.0974 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/11/16 04:02:25.0194 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/11/16 04:02:25.0335 Suspicious service (NoAccess): vbmaf096

2010/11/16 04:02:25.0485 vbmaf096 - detected Locked service (1)

2010/11/16 04:02:25.0595 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/11/16 04:02:25.0855 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/11/16 04:02:26.0096 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/11/16 04:02:26.0226 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/11/16 04:02:26.0576 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/11/16 04:02:26.0707 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/11/16 04:02:26.0907 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/11/16 04:02:27.0117 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/11/16 04:02:27.0638 ================================================================================

2010/11/16 04:02:27.0638 Scan finished

2010/11/16 04:02:27.0638 ================================================================================

2010/11/16 04:02:27.0678 Detected object count: 1

2010/11/16 04:02:45.0744 HKLM\SYSTEM\ControlSet003\services\vbmaf096 - will be deleted after reboot

2010/11/16 04:02:45.0774 C:\WINDOWS\system32\drivers\vbmaf096.sys - will be deleted after reboot

2010/11/16 04:02:45.0774 Locked service(vbmaf096) - User select action: Delete

[LDTate]

Insert you Windows CD and start from the CD to start the recovery console

I think you select Repair Options

You want the command prompt

At the command prompt type CD\ tap enter.

You want to be at C:\ or C:\windows

Type in: del C:\WINDOWS\system32\drivers\vbmaf096.sys tap enter

Type in Exit and reboot.

[steve jones]

Sadly the CD writer has never worked since we got the laptop - we use a USB external writer. The only CD I have is for XP Home - not XP Pro, but assumedly that would have worked if I could run it? Also there is no BIOS option to boot from a USB device - so I can't start Recovery console. I think the USB HDD caddy is the only option to allow me to make progress?

[LDTate]

Launch Notepad (Start>All Programs>Accessories), and copy/paste all the Quoted REGEDIT below to it. Don't forget to include REGEDIT4.

Save in: Desktop

File Name: fixme.reg

Save as Type: * files

Click: Save

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\services\vbmaf096]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\vbmaf096]

Save this as fixme.reg Choose to save as *all files and place it on your desktop.

It should look like this:

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Reboot and "copy/paste" a new TDSSKiller log file into this thread.

Also please describe how your computer behaves at the moment.

[steve jones]

The registry fix ran ok and attached is the TDSS Killer log. I am now rebooting the PC and will re-run TDSSKiller to see if the files have been deleted.

THhe laptop is running exactly as before - very very slowly, no taskbar, no copy/paste.

2010/11/17 16:02:26.0509 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22

2010/11/17 16:02:26.0509 ================================================================================

2010/11/17 16:02:26.0509 SystemInfo:

2010/11/17 16:02:26.0509

2010/11/17 16:02:26.0509 OS Version: 5.1.2600 ServicePack: 3.0

2010/11/17 16:02:26.0509 Product type: Workstation

2010/11/17 16:02:26.0509 ComputerName: WILL-88D4C38501

2010/11/17 16:02:26.0509 UserName: user

2010/11/17 16:02:26.0509 Windows directory: C:\WINDOWS

2010/11/17 16:02:26.0509 System windows directory: C:\WINDOWS

2010/11/17 16:02:26.0509 Processor architecture: Intel x86

2010/11/17 16:02:26.0509 Number of processors: 1

2010/11/17 16:02:26.0509 Page size: 0x1000

2010/11/17 16:02:26.0509 Boot type: Normal boot

2010/11/17 16:02:26.0509 ================================================================================

2010/11/17 16:02:27.0110 Initialize success

2010/11/17 16:02:33.0309 ================================================================================

2010/11/17 16:02:33.0309 Scan started

2010/11/17 16:02:33.0309 Mode: Manual;

2010/11/17 16:02:33.0309 ================================================================================

2010/11/17 16:02:35.0612 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys

2010/11/17 16:02:35.0902 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/11/17 16:02:36.0083 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/11/17 16:02:36.0373 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/11/17 16:02:36.0553 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/11/17 16:02:36.0954 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS

2010/11/17 16:02:37.0204 ALCXWDM (098a05b3dafb1244ada120b80758bda5) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2010/11/17 16:02:37.0425 aliadwdm (065a6d38a79216592de03f3525d6296e) C:\WINDOWS\system32\drivers\ac97ali.sys

2010/11/17 16:02:37.0635 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/11/17 16:02:37.0765 ApfiltrService (d3da11b88ab29076b78ff79f35f0586b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2010/11/17 16:02:37.0985 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/11/17 16:02:38.0446 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys

2010/11/17 16:02:38.0646 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/11/17 16:02:38.0757 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/11/17 16:02:39.0067 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/11/17 16:02:39.0277 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/11/17 16:02:39.0478 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/11/17 16:02:39.0658 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys

2010/11/17 16:02:39.0998 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys

2010/11/17 16:02:40.0259 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys

2010/11/17 16:02:40.0329 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys

2010/11/17 16:02:40.0519 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/11/17 16:02:40.0659 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

2010/11/17 16:02:40.0880 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys

2010/11/17 16:02:41.0070 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys

2010/11/17 16:02:41.0280 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys

2010/11/17 16:02:41.0471 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys

2010/11/17 16:02:41.0561 caboagp (10d5fb74ee18ea49c30daaa203c0e0ec) C:\WINDOWS\system32\DRIVERS\atisgkaf.sys

2010/11/17 16:02:41.0891 CamDrL (0f5ca31bb3fdb5c1e63c170cfbecc93b) C:\WINDOWS\system32\DRIVERS\Camdrl.sys

2010/11/17 16:02:42.0071 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/11/17 16:02:42.0272 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/11/17 16:02:42.0482 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/11/17 16:02:42.0672 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/11/17 16:02:42.0883 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/11/17 16:02:43.0223 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/11/17 16:02:43.0343 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/11/17 16:02:43.0734 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/11/17 16:02:44.0034 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/11/17 16:02:44.0244 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys

2010/11/17 16:02:44.0345 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/11/17 16:02:44.0545 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/11/17 16:02:44.0665 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/11/17 16:02:44.0966 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/11/17 16:02:45.0266 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/11/17 16:02:45.0456 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/11/17 16:02:45.0757 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/11/17 16:02:45.0957 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/11/17 16:02:46.0137 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/11/17 16:02:46.0327 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/11/17 16:02:46.0438 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/11/17 16:02:46.0618 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/11/17 16:02:46.0898 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\WINDOWS\system32\DRIVERS\hidbth.sys

2010/11/17 16:02:47.0139 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/11/17 16:02:47.0399 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/11/17 16:02:47.0559 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/11/17 16:02:47.0629 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/11/17 16:02:47.0860 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/11/17 16:02:48.0190 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/11/17 16:02:48.0390 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/11/17 16:02:48.0621 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/11/17 16:02:48.0861 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/11/17 16:02:49.0021 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/11/17 16:02:49.0111 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/11/17 16:02:49.0302 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/11/17 16:02:49.0502 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/11/17 16:02:49.0692 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/11/17 16:02:49.0893 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/11/17 16:02:50.0153 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/11/17 16:02:50.0333 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/11/17 16:02:50.0473 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/11/17 16:02:50.0674 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/11/17 16:02:51.0054 LEX_AS_NIC_SERVICE_YNOS (dd8bcb380aa2a8bca9fd613e3e2c23c0) C:\WINDOWS\system32\DRIVERS\ExpasAG.sys

2010/11/17 16:02:51.0285 LVUSBSta (64bc29c3a0388bfc580bb8b1346f7659) C:\WINDOWS\system32\drivers\LVUSBSta.sys

2010/11/17 16:02:51.0515 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/11/17 16:02:51.0625 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/11/17 16:02:51.0855 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/11/17 16:02:51.0936 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/11/17 16:02:52.0136 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/11/17 16:02:52.0276 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/11/17 16:02:52.0486 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/11/17 16:02:52.0737 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys

2010/11/17 16:02:52.0817 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/11/17 16:02:53.0027 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/11/17 16:02:53.0087 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/11/17 16:02:53.0267 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/11/17 16:02:53.0358 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/11/17 16:02:53.0538 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/11/17 16:02:53.0628 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/11/17 16:02:53.0848 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/11/17 16:02:54.0089 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/11/17 16:02:54.0259 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys

2010/11/17 16:02:54.0469 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/11/17 16:02:54.0529 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/11/17 16:02:54.0609 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/11/17 16:02:55.0010 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/11/17 16:02:55.0260 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/11/17 16:02:55.0441 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/11/17 16:02:55.0521 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/11/17 16:02:55.0771 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/11/17 16:02:55.0951 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/11/17 16:02:56.0061 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/11/17 16:02:56.0302 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/11/17 16:02:56.0422 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/11/17 16:02:56.0592 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/11/17 16:02:56.0712 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

2010/11/17 16:02:56.0923 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

2010/11/17 16:02:57.0113 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

2010/11/17 16:02:57.0243 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys

2010/11/17 16:02:57.0443 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/11/17 16:02:57.0514 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/11/17 16:02:57.0714 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/11/17 16:02:57.0804 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/11/17 16:02:57.0994 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/11/17 16:02:58.0175 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/11/17 16:02:58.0835 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/11/17 16:02:59.0046 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/11/17 16:02:59.0146 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/11/17 16:02:59.0536 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/11/17 16:02:59.0637 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/11/17 16:02:59.0927 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/11/17 16:03:00.0107 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/11/17 16:03:00.0237 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/11/17 16:03:00.0418 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/11/17 16:03:00.0548 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/11/17 16:03:00.0768 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/11/17 16:03:00.0969 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/11/17 16:03:01.0169 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

2010/11/17 16:03:01.0359 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2010/11/17 16:03:01.0609 s117bus (1f561844318914e7eb6e54673a4cc54c) C:\WINDOWS\system32\DRIVERS\s117bus.sys

2010/11/17 16:03:01.0890 s117mdfl (ba93eec3cdf6a63b77ae66221aa4f902) C:\WINDOWS\system32\DRIVERS\s117mdfl.sys

2010/11/17 16:03:02.0080 s117mdm (cba12fd8a8ee5b5cdfbbae2381cd6703) C:\WINDOWS\system32\DRIVERS\s117mdm.sys

2010/11/17 16:03:02.0320 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/11/17 16:03:02.0511 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2010/11/17 16:03:02.0611 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/11/17 16:03:02.0921 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/11/17 16:03:03.0142 SNC (1a992c8136c015453e82041c35b299da) C:\WINDOWS\system32\DRIVERS\SonyNC.sys

2010/11/17 16:03:03.0292 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/11/17 16:03:03.0502 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/11/17 16:03:03.0702 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/11/17 16:03:04.0013 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/11/17 16:03:04.0253 STVqx3 (65ba7d9daca76f67bb5a62f3570c5fe5) C:\WINDOWS\system32\drivers\STVqx3.sys

2010/11/17 16:03:04.0444 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/11/17 16:03:04.0634 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/11/17 16:03:05.0044 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/11/17 16:03:05.0365 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/11/17 16:03:05.0595 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/11/17 16:03:05.0765 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/11/17 16:03:05.0946 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/11/17 16:03:06.0146 tifmsony (1a406b0a846fe7250e16e05813aef849) C:\WINDOWS\system32\drivers\tifmsony.sys

2010/11/17 16:03:06.0296 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/11/17 16:03:06.0567 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/11/17 16:03:06.0887 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/11/17 16:03:07.0077 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/11/17 16:03:07.0177 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/11/17 16:03:07.0358 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/11/17 16:03:07.0568 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/11/17 16:03:07.0668 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/11/17 16:03:07.0909 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/11/17 16:03:08.0089 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/11/17 16:03:08.0199 Suspicious service (NoAccess): vbmaf096

2010/11/17 16:03:08.0349 vbmaf096 - detected Locked service (1)

2010/11/17 16:03:08.0429 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/11/17 16:03:08.0660 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/11/17 16:03:08.0890 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/11/17 16:03:09.0130 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/11/17 16:03:09.0441 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/11/17 16:03:09.0561 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/11/17 16:03:09.0761 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/11/17 16:03:09.0961 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/11/17 16:03:10.0452 ================================================================================

2010/11/17 16:03:10.0452 Scan finished

2010/11/17 16:03:10.0452 ================================================================================

2010/11/17 16:03:10.0482 Detected object count: 1

2010/11/17 16:03:45.0843 HKLM\SYSTEM\ControlSet003\services\vbmaf096 - will be deleted after reboot

2010/11/17 16:03:45.0873 C:\WINDOWS\system32\drivers\vbmaf096.sys - will be deleted after reboot

2010/11/17 16:03:45.0873 Locked service(vbmaf096) - User select action: Delete

[LDTate]

It's not killing it.

Try OTL again

[steve jones]

OTL reports were too long to copy/paste so attched below

OTL.Txt

Extras.Txt

[LDTate]

OTL logfile created on: 18/11/2010 15:55:59 - Run 1

OTL by OldTimer - Version 3.2.16.0 Folder = D:\hijack this

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

447.00 Mb Total Physical Memory | 129.00 Mb Available Physical Memory | 29.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.26 Gb Total Space | 10.09 Gb Free Space | 27.08% Space Free | Partition Type: NTFS

Drive D: | 487.89 Mb Total Space | 480.91 Mb Free Space | 98.57% Space Free | Partition Type: FAT32

Computer Name: WILL-88D4C38501 | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Processes (All) ==========

PRC - D:\hijack this\winlogon.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Lexmark 6500 Series\lxdfamon.exe ()

PRC - C:\Program Files\Lexmark 6500 Series\lxdfmon.exe ()

PRC - C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\taskmgr.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\smss.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)

========== Modules (All) ==========

MOD - D:\hijack this\winlogon.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\rpcrt4.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\ntdll.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\advapi32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\secur32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\gdi32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\setupapi.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\winspool.drv (Microsoft Corporation)

MOD - C:\WINDOWS\system32\wldap32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\userenv.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\user32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\uxtheme.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\version.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\srclient.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\shlwapi.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\samlib.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\psapi.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\ole32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\ntmarta.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\olepro32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msvcrt.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\comres.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\comdlg32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\clbcatq.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (All) ==========

========== Driver Services (All) ==========

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1606980848-113007714-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-1606980848-113007714-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKU\S-1-5-21-1606980848-113007714-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1606980848-113007714-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1606980848-113007714-854245398-1003\..\URLSearchHook: {c55f5517-246e-4426-b745-ee25b08eb8b4} - C:\Program Files\TranslatorBar_3.2\tbTran.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-1606980848-113007714-854245398-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-1606980848-113007714-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1606980848-113007714-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/11 06:52:44 | 000,000,000 | ---D | M]

[2010/02/11 13:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions

[2010/02/11 13:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/10/25 19:22:10 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (TranslatorBar 3.2 Toolbar) - {c55f5517-246e-4426-b745-ee25b08eb8b4} - C:\Program Files\TranslatorBar_3.2\tbTran.dll (Conduit Ltd.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found.

O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (TranslatorBar 3.2 Toolbar) - {c55f5517-246e-4426-b745-ee25b08eb8b4} - C:\Program Files\TranslatorBar_3.2\tbTran.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-1606980848-113007714-854245398-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1606980848-113007714-854245398-1003\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1606980848-113007714-854245398-1003\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1606980848-113007714-854245398-1003\..\Toolbar\WebBrowser: (TranslatorBar 3.2 Toolbar) - {C55F5517-246E-4426-B745-EE25B08EB8B4} - C:\Program Files\TranslatorBar_3.2\tbTran.dll (Conduit Ltd.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Lexmark 6500 Series Fax Server] C:\Program Files\Lexmark 6500 Series\fm3032.exe ()

O4 - HKLM..\Run: [lxdfamon] C:\Program Files\Lexmark 6500 Series\lxdfamon.exe ()

O4 - HKLM..\Run: [lxdfmon.exe] C:\Program Files\Lexmark 6500 Series\lxdfmon.exe ()

O4 - HKU\.DEFAULT..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 File not found

O4 - HKU\S-1-5-18..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0

O7 - HKU\S-1-5-21-1606980848-113007714-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1606980848-113007714-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab (Reg Error: Key error.)

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Reg Error: Key error.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Reg Error: Key error.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freerealms.com/gamedata/plu...ller.cab?v=1049 (Reg Error: Key error.)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.virginmedia.com/CST/ver1/xp_mail.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found

O18 - Protocol\Handler\AutorunsDisabled\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\AutorunsDisabled\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()

O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 () -

O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/22 09:06:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{224658a0-4b53-11dc-87f2-000e9b5869cb}\Shell\AutoRun\command - "" = G:\GizmoSecure\Windows\GizmoSecure30.exe -- File not found

O33 - MountPoints2\{3fa24260-b965-11de-a3db-000e9b5869cb}\Shell\AutoRun\command - "" = D:\setupSNK.exe -- File not found

O33 - MountPoints2\{c86550b0-1641-11de-91d7-000e9b5869cb}\Shell\AutoRun\command - "" = F:\Everymanracing.exe -- File not found

O33 - MountPoints2\{dcd9e5f0-d33d-11dd-905f-000e9b5869cb}\Shell - "" = AutoRun

O33 - MountPoints2\{dcd9e5f0-d33d-11dd-905f-000e9b5869cb}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{dcd9e5f0-d33d-11dd-905f-000e9b5869cb}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/06/17 19:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[LDTate]

========== Files/Folders - Created Within (All) ==========

[2010/11/16 06:47:53 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW

[2010/11/11 04:08:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/11/11 04:08:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/11/11 04:08:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/11/11 04:08:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/11/11 03:50:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/11/11 03:47:47 | 000,000,000 | --SD | C] -- C:\ComboFix

[2010/11/07 08:34:01 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/11/05 07:00:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2010/10/19 19:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Lexmark Productivity Studio

[2010/10/16 14:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Conduit

[2010/10/16 14:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit

[2010/10/16 14:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\TranslatorBar_3.2

[2010/10/16 14:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\ConduitEngine

[2010/10/16 14:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine

[2010/10/16 14:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\TranslatorBar_3.2

[2010/10/16 14:40:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Temp

[2010/09/05 11:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\6500 Series

[2010/09/05 11:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Lx_cats

[2010/09/05 11:30:55 | 000,000,000 | ---D | C] -- C:\logs

[2010/09/05 11:26:43 | 000,339,968 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IMGMAN32.DLL

[2010/09/05 11:26:43 | 000,098,345 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IMHOST32.DLL

[2010/09/05 11:26:43 | 000,098,304 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IM31XPNG.DEL

[2010/09/05 11:26:43 | 000,069,632 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IM31XTIF.DEL

[2010/09/05 11:26:43 | 000,049,152 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IM31IMG.DIL

[2010/09/05 11:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\6500 Series

[2010/09/05 11:24:34 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfhcp.dll

[2010/09/05 11:24:33 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfserv.dll

[2010/09/05 11:24:33 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfusb1.dll

[2010/09/05 11:24:33 | 000,503,808 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdfutil.dll

[2010/09/05 11:24:33 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfinpa.dll

[2010/09/05 11:24:33 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfiesc.dll

[2010/09/05 11:24:33 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfprox.dll

[2010/09/05 11:24:32 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfpmui.dll

[2010/09/05 11:24:32 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdflmpm.dll

[2010/09/05 11:24:32 | 000,320,432 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfih.exe

[2010/09/05 11:24:32 | 000,208,896 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdfinsb.dll

[2010/09/05 11:24:32 | 000,176,128 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdfins.dll

[2010/09/05 11:24:32 | 000,143,360 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdfjswr.dll

[2010/09/05 11:24:32 | 000,106,496 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdfinsr.dll

[2010/09/05 11:24:31 | 000,983,121 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lxdfgf.dll

[2010/09/05 11:24:31 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfhbn3.dll

[2010/09/05 11:24:31 | 000,090,112 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdfcub.dll

[2010/09/05 11:24:31 | 000,077,824 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdfcu.dll

[2010/09/05 11:24:31 | 000,036,864 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdfcur.dll

[2010/09/05 11:24:30 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcomc.dll

[2010/09/05 11:24:30 | 000,598,960 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcoms.exe

[2010/09/05 11:24:30 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcomm.dll

[2010/09/05 11:24:29 | 000,365,488 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcfg.exe

[2010/09/05 11:24:29 | 000,077,906 | ---- | C] (Lexmark International) -- C:\WINDOWS\System32\lxdfcfg.dll

[2010/09/05 11:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 6500 Series

[2010/09/05 11:22:29 | 000,000,000 | ---D | C] -- C:\lexmark

[2010/07/18 17:40:39 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2010/07/04 06:59:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent

[2010/05/16 08:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Virgin Media

[2010/04/26 07:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EPSON

[2010/04/26 07:30:03 | 000,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FLBAIA.DLL

[2010/04/26 07:30:03 | 000,078,848 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FD4BAIA.DLL

[2010/04/26 07:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON

[2010/04/08 09:46:43 | 000,000,000 | -H-D | C] -- C:\$AVG

[2010/04/08 09:35:05 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2010/04/08 09:34:54 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2010/04/08 09:34:51 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2010/04/08 09:34:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg

[2010/04/08 09:29:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010/02/12 13:34:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Sony Online Entertainment

[2010/02/11 13:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Mozilla

[

[LDTate]

========== Files Created - No Company Name ==========

[2010/11/17 15:01:06 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\user\Desktop\fixme.reg

[2010/11/11 04:08:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/11/11 04:08:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/11/11 04:08:59 | 000,088,576 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/11/11 04:08:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/11/11 04:08:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/09/05 11:37:59 | 000,000,254 | ---- | C] () -- C:\Documents and Settings\All Users\lxdf

[2010/09/05 11:29:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdfvs.dll

[2010/09/05 11:29:29 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdfcoin.dll

[2010/09/05 11:27:55 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdfdrs.dll

[2010/09/05 11:27:55 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdfcnv4.dll

[2010/09/05 11:27:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdfcaps.dll

[2010/09/05 11:27:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDFPMON.DLL

[2010/09/05 11:27:03 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDFFXPU.DLL

[2010/09/05 11:26:43 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdfoem.dll

[2010/09/05 11:26:11 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lexmark Productivity Studio - 6500 Series.LNK

[2010/09/05 11:24:35 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdfinst.dll

[2010/09/05 11:24:31 | 001,450,859 | ---- | C] () -- C:\WINDOWS\System32\LXDFhelp.chm

[2010/09/05 11:24:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdfgrd.dll

[2010/09/05 11:24:29 | 000,074,658 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf

[2010/09/05 11:24:29 | 000,002,003 | ---- | C] () -- C:\WINDOWS\System32\lxdf.loc

[2010/08/09 15:39:50 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Stardoll FC list.doc

[2010/08/09 15:26:09 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\user\My Documents\FC Gurls.doc

[2010/08/06 10:17:50 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Did Anyone Ever Tell You Mrs Murphy.doc

[2010/06/05 09:41:55 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\user\My Documents\cANC OF sWINTON INSURANCE ERROR.doc

[2010/05/16 20:23:46 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\user\My Documents\mums.doc

[2010/04/20 15:08:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\jagex__preferences3.dat

[2010/04/08 09:34:50 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2010/04/08 09:34:37 | 066,493,787 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/03/10 16:50:03 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\user\My Documents\board game pics.doc

[2010/02/23 20:24:14 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\user\My Documents\~$EP BY STEP.doc

[2010/02/16 22:25:09 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\user\My Documents\STEP BY STEP.doc

[2010/02/14 18:24:38 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Mini hesfes.xls

[2010/01/29 19:58:14 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Dear First News.doc

[2010/01/02 09:35:41 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Synergi nails!!!!!!!!!!!!.doc

[2010/01/02 09:24:39 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Synergi OFFER!!!!!!.doc

[2010/01/02 09:12:37 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Synergi PRICES!!!!!!!!!!.doc

[2009/12/24 07:33:15 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\user\My Documents\CLAY PIDGEON SHOOTING.doc

[2009/12/22 00:08:04 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Is it that time of year already.doc

[2009/12/15 17:51:15 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\user\My Documents\MoBiLe AdVeRt!.doc

[2009/12/15 10:21:49 | 000,190,976 | ---- | C] () -- C:\Documents and Settings\user\My Documents\bitw 2010-poster.doc

[2009/10/25 09:18:43 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\user\My Documents\WEDDING FAYRE 33333333.doc

[2009/10/25 09:13:32 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\user\My Documents\WEDDING FAYRE 222222222222.doc

[2009/10/25 09:04:17 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\user\My Documents\WEDDING FAYRE 11111111111111111111111.doc

[2009/10/24 10:23:43 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/10/08 18:02:06 | 000,316,845 | ---- | C] () -- C:\Documents and Settings\user\My Documents\saga doc.pdf

[2009/10/03 18:27:26 | 000,000,559 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Shortcut to DSC00013.lnk

[2009/10/03 18:27:05 | 001,469,717 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\DSC00013.JPG

[2009/09/01 10:00:17 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Sky complaint sent 1.9.09.doc

[2009/08/28 18:53:32 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\user\My Documents\This I Love.doc

[2009/08/26 19:49:16 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\user\My Documents\WEB16414 woolacombe bay reference code.doc

[2009/08/24 08:35:31 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Angela Brooks 100 hrs REPORT vn2.doc

[2009/08/22 19:28:15 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Angela Brooks 100 hrs REPORT.doc

[2009/08/20 08:32:40 | 000,919,425 | ---- | C] () -- C:\Documents and Settings\user\My Documents\motorola L2 or L6 userguide.pdf

[2009/08/18 19:51:55 | 000,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090818-205155.backup

[2009/08/10 09:29:27 | 001,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat

[2009/07/26 18:46:35 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\user\My Documents\SUPERVISION CONTRACT.doc

[2009/07/22 20:11:14 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\user\My Documents\anonymous 100 hrs REPORT.doc

[2009/07/22 17:20:59 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Angela Brooks 50 hrs REPORT vn2.doc

[2009/07/19 07:23:24 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Halifax - Welcome to Online.url

[2009/07/09 16:45:11 | 000,000,285 | ---- | C] () -- C:\Documents and Settings\user\Desktop\DONS ONLY.url

[2009/07/09 16:16:09 | 000,000,567 | ---- | C] () -- C:\Documents and Settings\user\Desktop\DONS INTERNET BANKING.lnk

[2009/07/09 16:16:02 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\user\My Documents\DON PASSWORD.doc

[2009/06/14 18:26:43 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\user\My Documents\SUPERVISEE REPORT.doc

[2009/06/14 18:20:19 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\user\My Documents\D.I.A.S Invoice May June09.doc

[2009/06/14 09:57:25 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\user\My Documents\FREE PEDICURESPECIALISING BRIDAL PACKAGES.doc

[2009/06/10 20:14:44 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Dear Hollie.doc

[2009/06/09 15:23:21 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\user\My Documents\~$Y ONE TREATMENT GET BUY ONE TREATMENT GET BUY ONE TREATMENT GET.doc

[2009/06/05 17:05:29 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\user\My Documents\BUY ONE TREATMENT GET BUY ONE TREATMENT GET BUY ONE TREATMENT GET.doc

[2009/06/03 19:23:44 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Marie Wilcock 100 hrs REPORT.doc

[2009/06/03 18:49:07 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Joanne Mcavoy 50 hrs REPORT.doc

[2009/06/02 15:01:14 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\user\My Documents\!!!!!!!!!!!GYM LETTER!!!!!!!!!!!!!.doc

[2009/05/17 19:24:33 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\user\My Documents\D.I.A.S Invoice April May09.doc

[2009/05/14 21:52:28 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Angela Brooks 50 hrs REPORT.doc

[2009/05/11 11:40:50 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\user\My Documents\intro letter for may 09 cv.doc

[2009/05/09 18:04:50 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\user\My Documents\KAREN CV for Bolton college May 09.doc

[2009/05/09 17:55:42 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\user\My Documents\KAREN CV for salford college.doc

[2009/05/09 17:55:42 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\user\My Documents\KAREN CV for supervising.doc

[2009/05/09 17:55:42 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\user\My Documents\KAREN CV for bolton college.doc

[2009/05/09 17:55:42 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Karen intro to Westhawtn High.doc

[2009/05/09 17:55:42 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Karen intro to Bolton Comm Coll.doc

[2009/05/09 17:55:42 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\user\My Documents\KAREN CV.doc

[2009/05/07 08:33:10 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\user\My Documents\St Michaels ADS vn3.xls

[2009/05/07 08:32:40 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\user\My Documents\pLAYSHAK register.xls

[2009/04/22 06:53:11 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\user\My Documents\~$n bump claim.doc

[2009/04/21 16:44:27 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\user\My Documents\van bump claim.doc

[2009/04/18 20:23:14 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\user\My Documents\D.I.A.S Invoice MarApril09.doc

[2009/04/18 20:20:08 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\user\My Documents\D.I.A.S Invoice.doc

[2009/04/15 06:52:04 | 001,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb

[2009/03/31 23:58:48 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job

[2009/03/11 18:47:26 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Queens hall accounts.xls

[2009/02/22 21:25:17 | 000,001,249 | ---- | C] () -- C:\Documents and Settings\user\My Documents\clover first pivot animation!.piv

[2009/01/21 22:15:48 | 000,498,240 | ---- | C] () -- C:\MoonShell_SCSD_SuperCard (SD Card).nds

[2009/01/21 22:15:48 | 000,498,240 | ---- | C] () -- C:\MoonShell_SCSD_MOON_SuperCard (SD Card).nds

[2009/01/21 22:15:48 | 000,498,240 | ---- | C] () -- C:\MoonShell_SCLT_SuperCard Lite(TransFlash MicroSD).nds

[2009/01/21 22:15:48 | 000,498,240 | ---- | C] () -- C:\MoonShell_SCCF_SuperCard (Compact Flash).nds

[2009/01/21 22:15:48 | 000,497,728 | ---- | C] () -- C:\MoonShell_SCDS_SuperCard DS (Slot-1).nds

[2009/01/21 22:15:48 | 000,497,728 | ---- | C] () -- C:\MoonShell_R4TF_M3Simply-R4DS (MicroSD Card).nds

[2009/01/21 22:15:48 | 000,497,728 | ---- | C] () -- C:\MoonShell_NSD2_Neo2 (SD Card).nds

[2009/01/21 22:15:48 | 000,497,728 | ---- | C] () -- C:\MoonShell_NRIO_N-CARD_NAND FLASH CARD LIBFATNRIO.nds

[2009/01/21 22:15:48 | 000,497,728 | ---- | C] () -- C:\MoonShell_NMMC_Neoflash MK2 & MK3.nds

[2009/01/21 22:15:48 | 000,497,728 | ---- | C] () -- C:\MoonShell_NJSD_Ninja DS (SD Card).nds

[2009/01/21 22:15:48 | 000,497,728 | ---- | C] () -- C:\MoonShell_MPSD_GBA Movie Player (SD Card).nds

[2009/01/21 22:15:48 | 000,497,728 | ---- | C] () -- C:\_BOOT_MP.NDS

[2009/01/21 22:15:47 | 000,498,240 | ---- | C] () -- C:\MoonShell_M3SD_M3 Adapter (SD Card).nds

[2009/01/21 22:15:47 | 000,498,240 | ---- | C] () -- C:\MoonShell_M3SD_ALT_M3 Adapter (SD Card).nds

[2009/01/21 22:15:47 | 000,498,240 | ---- | C] () -- C:\MoonShell_M3CF_MOON_M3 Adapter (Compact Flash).nds

[2009/01/21 22:15:47 | 000,498,240 | ---- | C] () -- C:\MoonShell_G6FL_G6 Lite DLDI V0.19.nds

[2009/01/21 22:15:47 | 000,497,728 | ---- | C] () -- C:\MoonShell_MMCF_MOON_Max Media Dock (Compact Flash).nds

[2009/01/21 22:15:47 | 000,497,728 | ---- | C] () -- C:\MoonShell_MMCF_Max Media Dock (Compact Flash).nds

[2009/01/21 22:15:47 | 000,497,728 | ---- | C] () -- C:\MoonShell_MK5N_NEO Flash MK5 (NAND Flash).nds

[2009/01/21 22:15:47 | 000,497,728 | ---- | C] () -- C:\MoonShell_GMTF2_Datel Games 'n' Music (microSD).nds

[2009/01/21 22:15:47 | 000,497,728 | ---- | C] () -- C:\MoonShell_GMTF_Datel Games 'n' Music (microSD).nds

[2009/01/21 22:15:47 | 000,497,728 | ---- | C] () -- C:\MoonShell_EZSD_EZ Flash 4 (SD Card).nds.bin

[2009/01/21 22:15:47 | 000,497,728 | ---- | C] () -- C:\MoonShell_EZ5S_MOON_EZ Flash 5 (SD Card).nds

[2009/01/21 22:15:47 | 000,497,728 | ---- | C] () -- C:\MoonShell_EZ5S_EZ Flash 5 (SD Card).nds

[2009/01/21 22:15:47 | 000,497,728 | ---- | C] () -- C:\MoonShell_EWSD_MOON_Ewin2 (SD Card).nds

[2009/01/21 22:15:47 | 000,497,728 | ---- | C] () -- C:\MoonShell_DSX_DS-Xtreme.nds

[2009/01/21 22:15:47 | 000,497,728 | ---- | C] () -- C:\MoonShell_DLMS_MOON_DSLink (microSD Card).nds

[2009/01/21 22:15:46 | 000,497,728 | ---- | C] () -- C:\MoonShell_DLMS3_DSLink (microSD Card).nds

[2009/01/21 22:15:46 | 000,497,728 | ---- | C] () -- C:\MoonShell_AUTOPATCH_Default (No interface).nds

[2009/01/21 22:15:46 | 000,497,728 | ---- | C] () -- C:\MoonShell_ACEK_AceKard+.nds

[2009/01/05 19:45:15 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\user\My Documents\rECEIPT FOR Simon Forster Jan09.doc

========== LOP Check ==========

[2010/09/05 11:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\6500 Series

[2010/04/08 09:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010/04/26 07:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON

[2009/08/19 14:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft

[2009/11/28 18:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes

[2010/09/05 11:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\6500 Series

[2010/10/19 19:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Lexmark Productivity Studio

[2010/08/10 18:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\LimeWire

[2007/03/23 17:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\MSNInstaller

[2007/03/01 21:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Opera

[2007/03/19 18:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Screenshot Sender

[2010/02/12 13:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Sony Online Entertainment

[2009/08/18 19:24:54 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

[steve jones]

I was just having a look through the expanded OTL log and I don't recognise the Conduit Engine?? It seems to be a toolbar 'helper' that doesn't get a good press on forums - perhaps the kids have clicked on it but it shouldn't be there! Don't know if that's relevant.

[LDTate]

OTL Fix

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  

  :OTL
  O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found.
  O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab (Reg Error: Key error.)
  O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Reg Error: Key error.)
  O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Reg Error: Key error.)
  O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freerealms.com/gamedata/plu...ller.cab?v=1049 (Reg Error: Key error.)
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
  O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.virginmedia.com/CST/ver1/xp_mail.cab (Reg Error: Key error.)
  O33 - MountPoints2\{224658a0-4b53-11dc-87f2-000e9b5869cb}\Shell\AutoRun\command - "" = G:\GizmoSecure\Windows\GizmoSecure30.exe -- File not found
  O33 - MountPoints2\{3fa24260-b965-11de-a3db-000e9b5869cb}\Shell\AutoRun\command - "" = D:\setupSNK.exe -- File not found
  O33 - MountPoints2\{c86550b0-1641-11de-91d7-000e9b5869cb}\Shell\AutoRun\command - "" = F:\Everymanracing.exe -- File not found
  O33 - MountPoints2\{dcd9e5f0-d33d-11dd-905f-000e9b5869cb}\Shell - "" = AutoRun
  O33 - MountPoints2\{dcd9e5f0-d33d-11dd-905f-000e9b5869cb}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{dcd9e5f0-d33d-11dd-905f-000e9b5869cb}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/06/17 19:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)
  
  :Files
  C:\Program Files\ConduitEngine\ConduitEngine.dll
  C:\Program Files\ConduitEngine
  C:\Program Files\Conduit
  
  :Commands
  [EmptyFlash]
  [EmptyTemp]
  [RESETHOSTS] 
  [purity]
  [start explorer]
  [Reboot]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, it will reboot when it is done and produce a log
  

[steve jones]

Thanks LDTate! I'll try it but I don't think I have a copy/paste function on the infected machine...

[LDTate]

If you don't have a desktop, try this:

Please download this file and Save it to your Desktop.

Open Taskmanager (Alt/Ctrl/Del) > New Task(Run...) and copy/paste the following bolded text into the Create New Task box and click OK:

"%userprofile%\desktop\Inherit.exe" "c:\Windows\explorer.exe"

[steve jones]

Hi LDTate - just posting to apologise for not getting back sooner - I've been away for the weekend and will try to run the latest fixes this evening. Thanks again.

[LDTate]

OK.

[steve jones]

As an aside, the HDD external enclusure I mentioned in earlier posts is on order. If it arrives I was planning on trying to get a Combofix log done for you to review. Do you think I will be safe to plug the infected drive into the USB of my clean laptop?

[LDTate]

As an aside, the HDD external enclusure I mentioned in earlier posts is on order. If it arrives I was planning on trying to get a Combofix log done for you to review. Do you think I will be safe to plug the infected drive into the USB of my clean laptop?

I really don't know but I don't think you have much of a choice.

[steve jones]

OTL ran the fix succesfully, and it moved some files onto my memory stick. Sadly no change in laptop's situation as far as I can tell. OTL report below;

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

C:\Program Files\ConduitEngine\ConduitEngine.dll moved successfully.

Starting removal of ActiveX control {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}

C:\WINDOWS\Downloaded Program Files\QTPlugin.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.

Starting removal of ActiveX control {1239CC52-59EF-4DFA-8C61-90FFA846DF7E}

C:\WINDOWS\Downloaded Program Files\Mnviewer.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1239CC52-59EF-4DFA-8C61-90FFA846DF7E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1239CC52-59EF-4DFA-8C61-90FFA846DF7E}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1239CC52-59EF-4DFA-8C61-90FFA846DF7E}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1239CC52-59EF-4DFA-8C61-90FFA846DF7E}\ not found.

Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}

C:\WINDOWS\Downloaded Program Files\swdir.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.

Starting removal of ActiveX control {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1}

C:\WINDOWS\Downloaded Program Files\cabfile.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1}\ not found.

Starting removal of ActiveX control {4F1E5B1A-2A80-42CA-8532-2D05CB959537}

C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Starting removal of ActiveX control {A8F2B9BD-A6A0-486A-9744-18920D898429}

C:\WINDOWS\Downloaded Program Files\SETUP.INF moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}

C:\WINDOWS\Downloaded Program Files\swflash.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:\WINDOWS\Downloaded Program Files\gp.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Starting removal of ActiveX control {FD0EBBED-0C42-4D0F-82DA-44399B5C420A}

C:\WINDOWS\Downloaded Program Files\download_xp.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{224658a0-4b53-11dc-87f2-000e9b5869cb}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{224658a0-4b53-11dc-87f2-000e9b5869cb}\ not found.

File G:\GizmoSecure\Windows\GizmoSecure30.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fa24260-b965-11de-a3db-000e9b5869cb}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fa24260-b965-11de-a3db-000e9b5869cb}\ not found.

File D:\setupSNK.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c86550b0-1641-11de-91d7-000e9b5869cb}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c86550b0-1641-11de-91d7-000e9b5869cb}\ not found.

File F:\Everymanracing.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcd9e5f0-d33d-11dd-905f-000e9b5869cb}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcd9e5f0-d33d-11dd-905f-000e9b5869cb}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcd9e5f0-d33d-11dd-905f-000e9b5869cb}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcd9e5f0-d33d-11dd-905f-000e9b5869cb}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcd9e5f0-d33d-11dd-905f-000e9b5869cb}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcd9e5f0-d33d-11dd-905f-000e9b5869cb}\ not found.

C:\WINDOWS\system32\shell32.dll moved successfully.

========== FILES ==========

File\Folder C:\Program Files\ConduitEngine\ConduitEngine.dll not found.

C:\Program Files\ConduitEngine folder moved successfully.

C:\Program Files\Conduit\Community Alerts folder moved successfully.

C:\Program Files\Conduit folder moved successfully.

========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: user

->Flash cache emptied: 45876 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 1243268 bytes

->Temporary Internet Files folder emptied: 1154847 bytes

User: user

->Temp folder emptied: 637698522 bytes

->Temporary Internet Files folder emptied: 131631037 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2176856 bytes

%systemroot%\System32 .tmp files removed: 17512465 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 134 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13496916 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 293298 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 768.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.16.0 log created on 11222010_162604

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[LDTate]

Lets try TDSSKiller again

[rand-K]

LDTate and steve, my hat is off to you both. You both are showing such infinite patience.

I have read this entire thread, and even setup a forum acct so I could post and let you both know that you have been very helpful.

Steve is not alone. This "attack" is *exactly* the same (95% of the same symptoms) as what has happened to one of my desktop PCs (same OS as steve, sp, etc). This is a nasty one.

LDTate, you have convinced me to save a month of my time and flatten my PC.

At any rate, good luck! I know how it feels to have so much time invested, and I only wanted to cheer you both on. I will be watching this thread to it's conclusion. "Been there, done that" ...

Thanks for all your due diligence and good luck!

Rand

ps: I can think of very few people I despise more than the pond scum that author these malware attacks.

[steve jones]

Thanks for the encouragement Rand I've attached the latest TDSSKiller log below. My external caddy arrived so I put the infected drive in it and ran some scans from a good laptop - both MBAM and AVG came up clean. I don'tknow if Combofix can be run from my laptop and be 'aimed' at the infected external drive? Also I've noticed that the User folder containing important pics that I wanted to save is not accesible - can't remember the message but I wondered if that's something fixable? Last question - if I decided to format and reload XP on the infected drive, could I do this by running the Windows CD in my good laptop and loading the OS on the infected USB drive? I would then put the drive back in it's proper laptop, but would XP then have a problem because the hardware would have all changed?

2010/11/24 14:26:12.0616 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22

2010/11/24 14:26:12.0616 ================================================================================

2010/11/24 14:26:12.0616 SystemInfo:

2010/11/24 14:26:12.0616

2010/11/24 14:26:12.0616 OS Version: 5.1.2600 ServicePack: 3.0

2010/11/24 14:26:12.0646 Product type: Workstation

2010/11/24 14:26:12.0646 ComputerName: WILL-88D4C38501

2010/11/24 14:26:12.0646 UserName: user

2010/11/24 14:26:12.0646 Windows directory: C:\WINDOWS

2010/11/24 14:26:12.0646 System windows directory: C:\WINDOWS

2010/11/24 14:26:12.0646 Processor architecture: Intel x86

2010/11/24 14:26:12.0646 Number of processors: 1

2010/11/24 14:26:12.0646 Page size: 0x1000

2010/11/24 14:26:12.0646 Boot type: Normal boot

2010/11/24 14:26:12.0646 ================================================================================

2010/11/24 14:26:13.0157 Initialize success

2010/11/24 14:26:18.0074 ================================================================================

2010/11/24 14:26:18.0074 Scan started

2010/11/24 14:26:18.0074 Mode: Manual;

2010/11/24 14:26:18.0074 ================================================================================

2010/11/24 14:26:20.0707 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys

2010/11/24 14:26:20.0908 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/11/24 14:26:21.0098 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/11/24 14:26:21.0378 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/11/24 14:26:21.0579 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/11/24 14:26:22.0049 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS

2010/11/24 14:26:22.0300 ALCXWDM (098a05b3dafb1244ada120b80758bda5) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2010/11/24 14:26:22.0540 aliadwdm (065a6d38a79216592de03f3525d6296e) C:\WINDOWS\system32\drivers\ac97ali.sys

2010/11/24 14:26:22.0760 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/11/24 14:26:23.0141 ApfiltrService (d3da11b88ab29076b78ff79f35f0586b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2010/11/24 14:26:23.0311 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/11/24 14:26:23.0772 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys

2010/11/24 14:26:24.0002 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/11/24 14:26:24.0162 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/11/24 14:26:24.0433 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/11/24 14:26:24.0653 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/11/24 14:26:24.0873 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/11/24 14:26:25.0204 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys

2010/11/24 14:26:25.0514 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys

2010/11/24 14:26:25.0755 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys

2010/11/24 14:26:26.0025 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys

2010/11/24 14:26:26.0215 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/11/24 14:26:26.0356 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

2010/11/24 14:26:26.0556 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys

2010/11/24 14:26:26.0756 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys

2010/11/24 14:26:27.0097 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys

2010/11/24 14:26:27.0287 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys

2010/11/24 14:26:27.0387 caboagp (10d5fb74ee18ea49c30daaa203c0e0ec) C:\WINDOWS\system32\DRIVERS\atisgkaf.sys

2010/11/24 14:26:27.0657 CamDrL (0f5ca31bb3fdb5c1e63c170cfbecc93b) C:\WINDOWS\system32\DRIVERS\Camdrl.sys

2010/11/24 14:26:27.0888 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/11/24 14:26:28.0088 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/11/24 14:26:28.0328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/11/24 14:26:28.0509 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/11/24 14:26:28.0719 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/11/24 14:26:29.0009 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/11/24 14:26:29.0240 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/11/24 14:26:29.0630 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/11/24 14:26:29.0971 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/11/24 14:26:30.0161 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys

2010/11/24 14:26:30.0291 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/11/24 14:26:30.0491 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/11/24 14:26:30.0612 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/11/24 14:26:30.0902 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/11/24 14:26:31.0192 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/11/24 14:26:31.0393 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/11/24 14:26:31.0663 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/11/24 14:26:31.0873 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/11/24 14:26:32.0194 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/11/24 14:26:32.0404 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/11/24 14:26:32.0524 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/11/24 14:26:32.0695 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/11/24 14:26:32.0975 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\WINDOWS\system32\DRIVERS\hidbth.sys

2010/11/24 14:26:33.0195 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/11/24 14:26:33.0436 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/11/24 14:26:33.0596 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/11/24 14:26:33.0666 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/11/24 14:26:33.0916 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/11/24 14:26:34.0217 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/11/24 14:26:34.0427 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/11/24 14:26:34.0657 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/11/24 14:26:34.0848 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/11/24 14:26:35.0048 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/11/24 14:26:35.0148 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/11/24 14:26:35.0338 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/11/24 14:26:35.0529 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/11/24 14:26:35.0709 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/11/24 14:26:35.0799 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/11/24 14:26:36.0069 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/11/24 14:26:36.0120 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/11/24 14:26:36.0250 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/11/24 14:26:36.0460 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/11/24 14:26:36.0821 LEX_AS_NIC_SERVICE_YNOS (dd8bcb380aa2a8bca9fd613e3e2c23c0) C:\WINDOWS\system32\DRIVERS\ExpasAG.sys

2010/11/24 14:26:37.0111 LVUSBSta (64bc29c3a0388bfc580bb8b1346f7659) C:\WINDOWS\system32\drivers\LVUSBSta.sys

2010/11/24 14:26:37.0361 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/11/24 14:26:37.0471 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/11/24 14:26:37.0642 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/11/24 14:26:37.0732 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/11/24 14:26:37.0972 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/11/24 14:26:38.0223 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/11/24 14:26:38.0443 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/11/24 14:26:38.0673 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys

2010/11/24 14:26:38.0753 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/11/24 14:26:38.0994 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/11/24 14:26:39.0054 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/11/24 14:26:39.0224 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/11/24 14:26:39.0324 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/11/24 14:26:39.0524 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/11/24 14:26:39.0605 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/11/24 14:26:39.0835 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/11/24 14:26:40.0055 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/11/24 14:26:40.0145 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys

2010/11/24 14:26:40.0356 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/11/24 14:26:40.0406 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/11/24 14:26:40.0476 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/11/24 14:26:40.0676 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/11/24 14:26:40.0736 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/11/24 14:26:40.0987 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/11/24 14:26:41.0057 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/11/24 14:26:41.0297 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/11/24 14:26:41.0497 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/11/24 14:26:41.0597 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/11/24 14:26:41.0828 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/11/24 14:26:41.0938 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/11/24 14:26:42.0238 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/11/24 14:26:42.0429 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

2010/11/24 14:26:42.0629 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

2010/11/24 14:26:42.0779 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

2010/11/24 14:26:43.0220 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys

2010/11/24 14:26:43.0450 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/11/24 14:26:43.0650 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/11/24 14:26:43.0720 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/11/24 14:26:43.0921 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/11/24 14:26:44.0031 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/11/24 14:26:44.0341 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/11/24 14:26:45.0002 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/11/24 14:26:45.0223 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/11/24 14:26:45.0323 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/11/24 14:26:45.0713 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/11/24 14:26:45.0824 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/11/24 14:26:46.0024 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/11/24 14:26:46.0214 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/11/24 14:26:46.0324 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/11/24 14:26:46.0515 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/11/24 14:26:46.0645 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/11/24 14:26:46.0835 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/11/24 14:26:47.0035 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/11/24 14:26:47.0246 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

2010/11/24 14:26:47.0356 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2010/11/24 14:26:47.0606 s117bus (1f561844318914e7eb6e54673a4cc54c) C:\WINDOWS\system32\DRIVERS\s117bus.sys

2010/11/24 14:26:47.0816 s117mdfl (ba93eec3cdf6a63b77ae66221aa4f902) C:\WINDOWS\system32\DRIVERS\s117mdfl.sys

2010/11/24 14:26:47.0937 s117mdm (cba12fd8a8ee5b5cdfbbae2381cd6703) C:\WINDOWS\system32\DRIVERS\s117mdm.sys

2010/11/24 14:26:48.0157 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/11/24 14:26:48.0347 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2010/11/24 14:26:48.0457 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/11/24 14:26:48.0708 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/11/24 14:26:48.0948 SNC (1a992c8136c015453e82041c35b299da) C:\WINDOWS\system32\DRIVERS\SonyNC.sys

2010/11/24 14:26:49.0178 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/11/24 14:26:49.0389 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/11/24 14:26:49.0619 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/11/24 14:26:49.0889 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/11/24 14:26:50.0130 STVqx3 (65ba7d9daca76f67bb5a62f3570c5fe5) C:\WINDOWS\system32\drivers\STVqx3.sys

2010/11/24 14:26:50.0330 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/11/24 14:26:50.0510 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/11/24 14:26:50.0921 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/11/24 14:26:51.0161 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/11/24 14:26:51.0382 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/11/24 14:26:51.0532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/11/24 14:26:51.0622 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/11/24 14:26:51.0822 tifmsony (1a406b0a846fe7250e16e05813aef849) C:\WINDOWS\system32\drivers\tifmsony.sys

2010/11/24 14:26:51.0992 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/11/24 14:26:52.0323 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/11/24 14:26:52.0563 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/11/24 14:26:52.0763 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/11/24 14:26:52.0874 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/11/24 14:26:53.0074 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/11/24 14:26:53.0264 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/11/24 14:26:53.0364 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/11/24 14:26:53.0555 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/11/24 14:26:53.0725 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/11/24 14:26:53.0835 Suspicious service (NoAccess): vbmaf096

2010/11/24 14:26:53.0995 vbmaf096 - detected Locked service (1)

2010/11/24 14:26:54.0085 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/11/24 14:26:54.0326 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/11/24 14:26:54.0546 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/11/24 14:26:54.0786 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/11/24 14:26:55.0127 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/11/24 14:26:55.0247 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/11/24 14:26:55.0437 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/11/24 14:26:55.0638 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/11/24 14:26:56.0168 ================================================================================

2010/11/24 14:26:56.0168 Scan finished

2010/11/24 14:26:56.0168 ================================================================================

2010/11/24 14:26:56.0208 Detected object count: 1

2010/11/24 14:27:13.0623 HKLM\SYSTEM\ControlSet003\services\vbmaf096 - will be deleted after reboot

2010/11/24 14:27:13.0633 C:\WINDOWS\system32\drivers\vbmaf096.sys - will be deleted after reboot

2010/11/24 14:27:13.0633 Locked service(vbmaf096) - User select action: Delete

[steve jones]

Just finished an online Eset scan and that came up clean also? Confusing...

[LDTate]

if I decided to format and reload XP on the infected drive, could I do this by running the Windows CD in my good laptop and loading the OS on the infected USB drive?

You won't be able to load the OS on the usb drive. You'd need to put it back in the laptop as the boot drive.

TDSSKiller is still finding C:\WINDOWS\system32\drivers\vbmaf096.sys - will be deleted after reboot

Reboot if you haven't already and run the scan again

[steve jones]

To be honest I must have run TDSS and rebooted at least 6 times? I was thinking if I downloaded Combofix onto my good laptop, renamed it, and copied it to the Desktop folder of the infected drive, assumedly I could then run Combofix on the infected HDD? The infected OS won't be running but does this matter? Should I try this?