Error 'http 404' when trying to download HIJACKTHIS from your website

hello ! first, let me start off by saying you guys are Awesome! I spent several hours on my husbands laptop after he encountered the 'security master av' issue.. I happened to stumble across your website and downloaded a malwarebytes program that has seemed to have fixed everything!.. that being said - our home computer is decently old but has always worked fine, up until about 2 weeks ago.. it started slowing down. Now its to the point where it takes 3 minutes just to bring up the task manager.. today I couldnt open Spybot to run it and when I was searching online it kept redirecting me to other search engines. I seen a post by dr. inferno to download and paste a Hijackthis log but when i click on the link, im getting a page not found error.. when i googled it.. it started spinning me off into these search engines so i dont feel comfortable downloading it from anywhere else. can you help ?

thanks

Hi and welcome to GP! (only I wish your circumstances were better )

Looks like you have severe malware problems, please read this and after that post here.

OTL logfile created on: 7/10/2010 8:50:39 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 95.00 Mb Available Physical Memory | 38.00% Memory free
852.00 Mb Paging File | 443.00 Mb Available in Paging File | 52.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 26.42 Gb Free Space | 70.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-D4167E3C9C
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/10 20:26:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/11/01 14:22:53 | 000,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/11/21 10:03:02 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/09/16 13:16:08 | 001,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/08/14 18:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 18:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 18:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 09:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 09:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/06/23 22:27:40 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V305\dldtmsdmon.exe
PRC - [2008/06/23 22:26:16 | 000,668,912 | ---- | M] () -- C:\Program Files\Dell V305\dldtmon.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/25 08:38:12 | 000,595,184 | ---- | M] ( ) -- C:\WINDOWS\system32\dldtcoms.exe


========== Modules (SafeList) ==========

MOD - [2010/07/10 20:26:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/07/26 09:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll
MOD - [2008/04/13 16:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/07/26 09:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 09:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/02/25 08:38:16 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe -- (dldtCATSCustConnectService)
SRV - [2008/02/25 08:38:12 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dldtcoms.exe -- (dldt_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\zumbus.sys -- (zumbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/07/26 09:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/07/26 07:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 07:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 07:22:34 | 002,570,520 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/26 07:22:22 | 000,013,848 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/02 15:36:10 | 000,018,176 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/01/23 19:03:44 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/07/08 22:10:32 | 000,000,765 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 84.16.244.15 www.google.com
O1 - Hosts: 84.16.244.15 us.search.yahoo.com
O1 - Hosts: 84.16.244.15 uk.search.yahoo.com
O1 - Hosts: 84.16.244.15 search.yahoo.com
O1 - Hosts: 84.16.244.15 www.google.com.br
O1 - Hosts: 84.16.244.15 www.google.it
O1 - Hosts: 84.16.244.15 www.google.es
O1 - Hosts: 84.16.244.15 www.google.co.jp
O1 - Hosts: 84.16.244.15 www.google.com.mx
O1 - Hosts: 84.16.244.15 www.google.ca
O1 - Hosts: 84.16.244.15 www.google.com.au
O1 - Hosts: 84.16.244.15 www.google.nl
O1 - Hosts: 84.16.244.15 www.google.co.za
O1 - Hosts: 84.16.244.15 www.google.be
O1 - Hosts: 84.16.244.15 www.google.gr
O1 - Hosts: 84.16.244.15 www.google.at
O1 - Hosts: 84.16.244.15 www.google.se
O1 - Hosts: 84.16.244.15 www.google.ch
O1 - Hosts: 84.16.244.15 www.google.pt
O1 - Hosts: 84.16.244.15 www.google.dk
O1 - Hosts: 84.16.244.15 www.google.fi
O1 - Hosts: 84.16.244.15 www.google.ie
O1 - Hosts: 84.16.244.15 www.google.no
O1 - Hosts: 84.16.244.15 www.google.de
O1 - Hosts: 84.16.244.15 www.google.fr
O1 - Hosts: 2 more lines...
O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found
O4 - HKLM..\Run: [dldtamon] C:\Program Files\Dell V305\dldtamon.exe ()
O4 - HKLM..\Run: [dldtmon.exe] C:\Program Files\Dell V305\dldtmon.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe File not found
O4 - HKCU..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/13 14:45:15 | 000,000,687 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2007/01/17 12:38:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2b11acfd-0432-11dd-8f1a-000874f06cc8}\Shell - "" = AutoRun
O33 - MountPoints2\{2b11acfd-0432-11dd-8f1a-000874f06cc8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2b11acfd-0432-11dd-8f1a-000874f06cc8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (70945304882446336)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/10 20:27:06 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/10 20:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/07/10 19:56:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/10 19:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/07/10 19:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/07/10 19:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/10 19:04:58 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/10 19:04:57 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/10 19:04:57 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/10 19:04:57 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/10 19:04:57 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/10 18:56:07 | 016,066,336 | ---- | C] (Oracle) -- C:\Documents and Settings\Administrator\Desktop\Java upload.exe
[2010/07/07 21:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/07/07 21:19:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/07 21:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/07 21:19:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/07 21:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/07 20:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/07 20:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/07 19:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/07 19:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/06 11:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\cgnpfaxgg
[2009/11/29 14:08:48 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\DLDThcp.dll
[2009/11/29 14:08:48 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtinpa.dll
[2009/11/29 14:08:48 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtiesc.dll
[2009/11/29 14:08:47 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtserv.dll
[2009/11/29 14:08:47 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtusb1.dll
[2009/11/29 14:08:46 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtpmui.dll
[2009/11/29 14:08:46 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtprox.dll
[2009/11/29 14:08:45 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtlmpm.dll
[2009/11/29 14:08:44 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\dldthbn3.dll
[2009/11/29 14:08:41 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtcomc.dll
[2009/11/29 14:08:41 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtcomm.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/10 20:26:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/10 20:09:17 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/10 20:01:24 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/07/10 19:33:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/10 19:29:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/10 19:29:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/10 19:28:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/07/10 19:28:31 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/07/10 19:03:58 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/10 19:03:58 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/10 19:03:58 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/10 19:03:58 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/10 19:03:57 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/10 18:56:07 | 016,066,336 | ---- | M] (Oracle) -- C:\Documents and Settings\Administrator\Desktop\Java upload.exe
[2010/07/08 21:44:53 | 000,037,091 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\257a6116-0f64-485c-8aea-b3d845db4f19_43.avi
[2010/07/07 21:20:15 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/01 22:21:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/24 07:41:41 | 000,502,364 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MatSuLakes.pdf
[2010/06/24 03:05:39 | 000,488,742 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 03:05:39 | 000,432,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 03:05:39 | 000,067,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/16 19:36:32 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/06/11 03:41:05 | 000,220,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 03:24:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/10 20:09:17 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/10 20:01:24 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/07/08 21:39:12 | 000,037,091 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\257a6116-0f64-485c-8aea-b3d845db4f19_43.avi
[2010/07/07 21:20:15 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/24 07:41:40 | 000,502,364 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MatSuLakes.pdf
[2009/11/29 14:12:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldtvs.dll
[2009/11/29 14:12:20 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\dldtcoin.dll
[2009/11/29 14:10:40 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dldtcaps.dll
[2009/11/29 14:10:39 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\dldtdrs.dll
[2009/11/29 14:10:39 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldtcnv4.dll
[2009/11/29 14:09:20 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\dldtwupd.dll
[2009/11/29 14:08:49 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\DLDTinst.dll
[2009/11/29 14:08:48 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\dldtutil.dll
[2009/11/29 14:08:45 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dldtinsb.dll
[2009/11/29 14:08:45 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dldtjswr.dll
[2009/11/29 14:08:44 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldtins.dll
[2009/11/29 14:08:44 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldtinsr.dll
[2009/11/29 14:08:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldtgrd.dll
[2009/11/29 14:08:42 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldtcub.dll
[2009/11/29 14:08:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldtcu.dll
[2009/11/29 14:08:42 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldtcur.dll
[2009/11/29 14:08:40 | 000,077,906 | ---- | C] () -- C:\WINDOWS\System32\DLDTcfg.dll
[2009/11/01 14:23:35 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/01/03 23:30:55 | 000,000,279 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/07/26 09:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/01/22 22:10:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/21 17:29:30 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/11/21 17:29:30 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/11/21 17:29:30 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/11/21 17:29:29 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/01/17 13:37:08 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2007/01/17 03:23:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/01/17 03:23:39 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/01/17 03:23:39 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 04:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/04 04:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 04:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 04:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 04:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 04:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 04:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 04:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 04:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 04:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 04:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 04:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 04:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 04:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 04:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 10:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/05/01 21:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 16:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 16:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 16:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 16:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 16:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 16:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 16:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 16:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 16:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 16:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 16:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 16:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 16:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 15:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidserv.dll
[2008/04/13 16:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 16:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2009/10/14 20:02:44 | 000,000,786 | ---- | M] () -- C:\administrativeInfo.bak
[2009/10/14 20:02:44 | 000,000,786 | ---- | M] () -- C:\administrativeInfo.dbf
[2009/11/27 14:52:33 | 000,000,425 | ---- | M] () -- C:\albumImagesTable.bak
[2009/11/27 14:52:33 | 000,007,680 | ---- | M] () -- C:\albumImagesTable.cdx
[2009/11/27 14:52:33 | 000,000,425 | ---- | M] () -- C:\albumImagesTable.dbf
[2009/11/27 14:52:33 | 000,000,585 | ---- | M] () -- C:\albumTable.bak
[2009/11/27 14:52:33 | 000,004,608 | ---- | M] () -- C:\albumTable.cdx
[2009/11/27 14:52:33 | 000,000,585 | ---- | M] () -- C:\albumTable.dbf
[2007/04/13 14:45:15 | 000,000,687 | ---- | M] () -- C:\autoAlbum.log
[2007/01/17 12:38:05 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/03/25 18:43:04 | 000,000,320 | -HS- | M] () -- C:\boot.ini
[2009/11/27 14:52:32 | 000,000,000 | ---- | M] () -- C:\CB_Server_Errors.txt
[2007/01/17 12:38:05 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/12/11 10:35:41 | 000,006,077 | ---- | M] () -- C:\Cucu_Video_log.txt
[2007/09/26 13:51:52 | 000,000,000 | ---- | M] () -- C:\DBS.TXT
[2009/11/27 14:52:33 | 000,000,489 | ---- | M] () -- C:\EXIFTable.bak
[2009/11/27 14:52:33 | 000,003,072 | ---- | M] () -- C:\EXIFTable.cdx
[2009/11/27 14:52:33 | 000,000,489 | ---- | M] () -- C:\EXIFTable.dbf
[2009/11/27 14:49:00 | 000,000,178 | ---- | M] () -- C:\handle.dat
[2009/11/27 14:52:33 | 000,000,937 | ---- | M] () -- C:\imageTable.bak
[2009/11/27 14:52:33 | 000,009,216 | ---- | M] () -- C:\imageTable.cdx
[2009/11/27 14:52:33 | 000,000,937 | ---- | M] () -- C:\imageTable.dbf
[2009/11/27 14:52:33 | 000,000,512 | ---- | M] () -- C:\imageTable.fpk
[2009/11/27 14:52:33 | 000,000,512 | ---- | M] () -- C:\imageTable.fpt
[2007/01/17 12:38:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/10 19:32:32 | 000,001,730 | ---- | M] () -- C:\JavaRa.log
[2009/11/27 14:52:33 | 000,000,361 | ---- | M] () -- C:\keywordImagesTable.bak
[2009/11/27 14:52:33 | 000,006,144 | ---- | M] () -- C:\keywordImagesTable.cdx
[2009/11/27 14:52:33 | 000,000,361 | ---- | M] () -- C:\keywordImagesTable.dbf
[2009/11/27 14:52:33 | 000,000,457 | ---- | M] () -- C:\keywordTable.bak
[2009/11/27 14:52:33 | 000,004,608 | ---- | M] () -- C:\keywordTable.cdx
[2009/11/27 14:52:33 | 000,000,457 | ---- | M] () -- C:\keywordTable.dbf
[2009/11/27 14:52:33 | 000,000,361 | ---- | M] () -- C:\managedFolderTable.bak
[2009/11/27 14:52:33 | 000,000,361 | ---- | M] () -- C:\managedFolderTable.dbf
[2007/01/17 12:38:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/02/21 10:35:03 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/10 20:28:06 | 641,241,088 | -HS- | M] () -- C:\pagefile.sys
[2009/11/27 14:52:33 | 000,000,425 | ---- | M] () -- C:\pathnameTable.bak
[2009/11/27 14:52:33 | 000,004,608 | ---- | M] () -- C:\pathnameTable.cdx
[2009/11/27 14:52:33 | 000,000,425 | ---- | M] () -- C:\pathnameTable.dbf
[2009/11/27 14:52:33 | 000,000,361 | ---- | M] () -- C:\ROFImagesTable.bak
[2009/11/27 14:52:33 | 000,006,144 | ---- | M] () -- C:\ROFImagesTable.cdx
[2009/11/27 14:52:33 | 000,000,361 | ---- | M] () -- C:\ROFImagesTable.dbf
[2009/11/27 14:52:33 | 000,000,393 | ---- | M] () -- C:\ROFTable.bak
[2009/11/27 14:52:33 | 000,003,072 | ---- | M] () -- C:\ROFTable.cdx
[2009/11/27 14:52:33 | 000,000,393 | ---- | M] () -- C:\ROFTable.dbf
[2007/03/27 22:01:45 | 000,001,167 | ---- | M] () -- C:\_Sid.txt

< %PROGRAMFILES%\*. >
[2010/07/10 20:07:02 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2007/01/17 13:34:29 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2009/01/12 12:39:46 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/04/30 20:10:59 | 000,000,000 | ---D | M] -- C:\Program Files\Avanquest update
[2009/01/12 12:53:24 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/07/10 19:56:21 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2007/01/17 12:33:54 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2007/11/21 17:29:25 | 000,000,000 | ---D | M] -- C:\Program Files\Cucusoft
[2009/11/29 14:16:07 | 000,000,000 | ---D | M] -- C:\Program Files\Dell V305
[2007/11/09 11:09:35 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2009/01/03 23:32:45 | 000,000,000 | ---D | M] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2010/04/02 06:51:45 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/11/01 14:22:47 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2007/01/17 13:36:42 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/06/11 03:22:49 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/07/10 19:31:29 | 000,000,000 | ---D | M] -- C:\Program Files\Java

[2009/11/01 14:22:48 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2010/07/07 21:21:08 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/02/22 04:06:58 | 000,000,000 | ---D | M] -- C:\Program Files\Messengerdo not use
[2008/02/07 18:03:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007/01/17 12:38:36 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/01/06 19:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2008/01/22 22:08:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2008/12/12 08:30:56 | 000,000,000 | ---D | M] -- C:\Program Files\Motorola Phone Tools
[2010/03/10 19:40:36 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/08/22 03:10:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/01/06 19:34:27 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/03/15 17:53:04 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/01/17 12:33:27 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/03/28 04:03:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/10/18 03:01:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2009/02/21 10:38:17 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/07/10 19:48:01 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2007/01/17 12:36:00 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/12 03:02:24 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/01/12 12:52:05 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime

[2009/08/22 03:10:40 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/11/01 21:05:04 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/01/03 22:57:19 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2007/01/17 12:46:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/02/21 10:43:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player

When i click on the send button.. i keep getting an error msg "internet explorer cannot display web page" i will restart my computer and see if i can get the rest copied and pasted.. thanks

it still wont let me copy and paste even one line of text fom the log anymore.. im not sure what to do.. these posts are going thru fine..

Hi jburton And Welcome to GeekPolice!

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please read the following through carefully so that you understand what to do.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  
• Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
  
  
  "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  
  
  
• If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  
• It may ask you to reboot the computer to complete the process. Allow it to do so.
  
• When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.
  

19:34:59:468 2784 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
19:34:59:468 2784 ================================================================================
19:34:59:468 2784 SystemInfo:

19:34:59:468 2784 OS Version: 5.1.2600 ServicePack: 3.0
19:34:59:468 2784 Product type: Workstation
19:34:59:468 2784 ComputerName: USER-D4167E3C9C
19:34:59:500 2784 UserName: Administrator
19:34:59:500 2784 Windows directory: C:\WINDOWS
19:34:59:500 2784 System windows directory: C:\WINDOWS
19:34:59:500 2784 Processor architecture: Intel x86
19:34:59:500 2784 Number of processors: 1
19:34:59:500 2784 Page size: 0x1000
19:34:59:609 2784 Boot type: Normal boot
19:34:59:609 2784 ================================================================================
19:35:01:984 2784 Initialize success
19:35:01:984 2784
19:35:02:000 2784 Scanning Services ...
19:35:04:859 2784 Raw services enum returned 342 services
19:35:04:890 2784
19:35:04:890 2784 Scanning Drivers ...
19:35:12:343 2784 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:35:12:750 2784 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:35:13:406 2784 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
19:35:13:921 2784 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:35:14:406 2784 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
19:35:17:421 2784 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:35:17:953 2784 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:35:18:734 2784 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:35:19:125 2784 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:35:19:609 2784 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:35:19:953 2784 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:35:20:359 2784 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:35:21:156 2784 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:35:21:515 2784 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:35:21:859 2784 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:35:22:265 2784 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
19:35:23:812 2784 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:35:24:562 2784 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:35:25:171 2784 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:35:25:640 2784 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:35:26:156 2784 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:35:26:937 2784 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:35:27:343 2784 E1000 (a97b4360acc61d9d3cae50cd155ef02c) C:\WINDOWS\system32\DRIVERS\e1000325.sys
19:35:27:703 2784 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:35:28:187 2784 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:35:28:671 2784 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:35:29:078 2784 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:35:29:531 2784 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:35:30:093 2784 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:35:30:578 2784 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:35:31:531 2784 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:35:31:906 2784 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:35:32:640 2784 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:35:33:078 2784 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:35:33:515 2784 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:35:34:078 2784 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:35:34:968 2784 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:35:35:343 2784 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:35:35:875 2784 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:35:36:671 2784 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:35:37:046 2784 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:35:37:296 2784 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:35:37:703 2784 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:35:38:062 2784 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:35:38:296 2784 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:35:38:531 2784 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:35:38:812 2784 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:35:39:062 2784 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:35:39:421 2784 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:35:39:937 2784 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:35:40:312 2784 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
19:35:40:687 2784 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:35:41:109 2784 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:35:41:406 2784 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
19:35:41:531 2784 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
19:35:41:734 2784 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
19:35:41:890 2784 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:35:42:031 2784 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:35:42:125 2784 motccgp (a10fa04b73a9d97e5cf77eb1d5a88165) C:\WINDOWS\system32\DRIVERS\motccgp.sys
19:35:42:250 2784 motccgpfl (aad6191a4daa519f04ab12b2af73e356) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
19:35:42:359 2784 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
19:35:42:484 2784 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motport.sys
19:35:42:609 2784 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:35:42:703 2784 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:35:42:921 2784 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:35:43:078 2784 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:35:43:265 2784 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:35:43:406 2784 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:35:43:468 2784 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:35:43:609 2784 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:35:43:703 2784 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:35:43:812 2784 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:35:43:906 2784 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:35:44:031 2784 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
19:35:44:156 2784 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:35:44:359 2784 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:35:44:515 2784 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:35:44:640 2784 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:35:44:750 2784 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:35:44:812 2784 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:35:44:875 2784 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
19:35:44:921 2784 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:35:44:984 2784 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:35:45:062 2784 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:35:45:156 2784 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:35:45:265 2784 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
19:35:45:390 2784 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:35:45:468 2784 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:35:45:562 2784 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:35:45:687 2784 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
19:35:45:796 2784 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:35:46:015 2784 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:35:46:625 2784 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:35:47:140 2784 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:35:47:843 2784 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:35:48:218 2784 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:35:49:500 2784 pepifilter (a05f0d7419cf4680eedd5736e6549e7b) C:\WINDOWS\system32\DRIVERS\lv302af.sys
19:35:51:562 2784 PID_PEPI (4bb5ac2dd485b8eefccb977ee66a68ad) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
19:35:54:140 2784 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:35:55:062 2784 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:35:55:812 2784 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:35:56:359 2784 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:35:58:593 2784 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:35:58:937 2784 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:35:59:421 2784 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:35:59:890 2784 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:36:00:375 2784 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:36:00:828 2784 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:36:01:343 2784 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:36:01:703 2784 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
19:36:02:234 2784 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:36:02:765 2784 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
19:36:03:203 2784 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:36:03:593 2784 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:36:03:875 2784 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:36:04:187 2784 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:36:04:796 2784 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:36:05:218 2784 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
19:36:06:125 2784 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:36:06:421 2784 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:36:06:781 2784 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
19:36:07:218 2784 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:36:07:640 2784 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:36:08:109 2784 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:36:10:046 2784 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:36:10:625 2784 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:36:11:203 2784 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:36:11:781 2784 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:36:12:296 2784 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:36:13:062 2784 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:36:14:109 2784 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:36:14:687 2784 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:36:15:171 2784 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:36:15:609 2784 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:36:16:171 2784 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:36:16:687 2784 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:36:17:140 2784 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:36:17:687 2784 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:36:18:125 2784 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:36:18:609 2784 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:36:19:031 2784 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:36:19:734 2784 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:36:20:109 2784 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:36:20:515 2784 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:36:21:500 2784 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:36:21:921 2784 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
19:36:22:281 2784 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:36:22:671 2784 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:36:23:281 2784 WudfPf (fe9d09403383a53a8b1eaba11504f0a1) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:36:23:296 2784 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\WudfPf.sys. Real md5: fe9d09403383a53a8b1eaba11504f0a1, Fake md5: eaa6324f51214d2f6718977ec9ce0def
19:36:23:296 2784 File "C:\WINDOWS\system32\DRIVERS\WudfPf.sys" infected by TDSS rootkit ... 19:36:30:421 2784 Backup copy found, using it..
19:36:30:562 2784 will be cured on next reboot
19:36:31:078 2784 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:36:31:828 2784 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
19:36:32:453 2784 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
19:36:32:484 2784 Reboot required for cure complete..
19:36:33:953 2784 Cure on reboot scheduled successfully
19:36:33:953 2784
19:36:33:953 2784 Completed
19:36:33:953 2784
19:36:33:953 2784 Results:
19:36:33:953 2784 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
19:36:33:953 2784 File objects infected / cured / cured on reboot: 1 / 0 / 1
19:36:33:953 2784
19:36:33:953 2784 KLMD(ARK) unloaded successfully

thank you for your help! both of you

Your PC had a rootkit that has replaced your ide driver file with malware. We are not out of the woods yet.....

1. Download ComboFix from below:
   
   Combofix download
   
   
   * IMPORTANT !!! Place combofix.exe on your Desktop
   
   
2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   
   
   You can get help on disabling your protection programs here
   
   
3. Double click on combofix.exe & follow the prompts.
   
   
4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
   
   Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
   
   
   
   
   
   The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
   
   With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
   
   Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
   
   ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
   
   Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
   
   The Recovery Console was successfully installed.
   
   
   
   Click on Yes, to continue scanning for malware.
   
   
5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
   
6. When finished, it shall produce a log for you. Post that log in your next reply
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   ---------------------------------------------------------------------------------------------
   
   
7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   
   ---------------------------------------------------------------------------------------------
   

ComboFix 10-07-13.02 - Administrator 07/13/2010 17:25:41.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.74 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Application Data\cgnpfaxgg
c:\documents and settings\Administrator\Local Settings\Application Data\cgnpfaxgg\nwqaxictssd.exe
c:\documents and settings\Administrator\System
c:\documents and settings\Administrator\System\win_qs8.jqx
c:\windows\system32\AutoRun.inf
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-14 to 2010-07-14 )))))))))))))))))))))))))))))))
.

2010-07-11 03:56 . 2010-07-11 03:56 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-11 03:48 . 2010-07-11 05:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-11 03:04 . 2010-07-11 03:03 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-08 05:21 . 2010-07-08 05:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-08 05:19 . 2010-07-08 05:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-08 05:19 . 2010-07-14 01:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-08 04:30 . 2010-07-08 04:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-08 03:40 . 2010-07-08 03:40 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-14 01:46 . 2009-11-02 05:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-07-14 01:11 . 2009-11-02 05:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2010-07-13 03:40 . 2006-09-29 02:55 91904 ----a-w- c:\windows\system32\drivers\WudfPf.sys
2010-07-13 03:16 . 2009-04-14 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-11 04:08 . 2008-02-06 01:27 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-11 03:31 . 2010-04-02 12:37 -------- d-----w- c:\program files\Java
2010-07-11 03:07 . 2010-04-02 12:37 -------- d-----w- c:\program files\Common Files\Java
2010-06-11 03:48 . 2010-06-11 03:48 -------- d-----w- c:\program files\Common Files\Skype
2010-06-01 11:00 . 2010-06-01 11:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-21 68856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-14 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-07 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-15 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-15 2407184]
"dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2008-06-24 668912]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-06-24 16624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-11-1 66864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dldtcoms.exe"=
"c:\\Program Files\\Dell V305\\dldtmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldttime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtjswx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [12/12/2008 8:28 AM 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [9/26/2007 1:52 PM 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [12/12/2008 8:28 AM 23680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 21:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Orb - c:\program files\Winamp Remote\bin\OrbTray.exe
SafeBoot-klmdb.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Orb - c:\program files\Winamp Remote\uninstall.exe
AddRemove-Winamp - c:\program files\Winamp\UninstWA.exe
AddRemove-Winamp Toolbar - c:\program files\Winamp Toolbar\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-13 17:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-507921405-682003330-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,ce,29,cd,a0,4b,69,48,bf,29,16,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,ce,29,cd,a0,4b,69,48,bf,29,16,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5700)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Skype\Phone\Skype.exe
c:\program files\Dell V305\dldtMsdMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\dldtcoms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2010-07-13 18:00:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-14 02:00

Pre-Run: 28,733,894,656 bytes free
Post-Run: 29,011,132,416 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - D439A95DB738E136DF896F6FB9195DA8

Nice Job! We are almost done here. How is your PC doing?

You have or had what has been identified as a flash drive infection.

Please download Flash_Disinfector from HERE

• First, download it to your desktop.
  
• Now double click it to run it and will tell it you what to do when you open it.
  
• It will temporarily kill explorer.exe and your desktop will go blank.
  
• Let Flash_Disinfector do it's job and it will restart explorer.exe for you.
  
• It will make a dummy autorun.inf in the root of every drive.
  
• You can now delete Flash_Disinfector.exe.
  

Next

Please download ATF Cleaner by Atribune.

• Double-click ATF-Cleaner.exe to run the program.
  
• Under Main choose: Select All
  
• Click the Empty Selected button.
  

Click Exit on the Main menu to close the program.


Next



Please download Malwarebytes Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

hey there - it was faster logging in today.. but i have been pretty nervous during the cleaning process so i havent used it for any other purposes in the last few days. i started the Flash disinfector around 2 hrs ago and i think its still running.. i still dont have any desktop icons... i did enable my Spybot again last nite after the combo fix, could that be causing any issues? or does it normally take this long ? i was hoping to get all 3 steps done tonight but its looking like it will have to wait till tomorrow. thanks for your patience ( and knowledge )

I'm having networking problems on my end. My response time is a bit slow...Have you restated your PC to bring up your desktop icons? You can use your PC at this point.


There are some older versions of Java on your computer. These can be a source of infection.

[
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  
• Scroll down to where it says Java SE Runtime Environment (JRE) - JRE 6 Update 20 -
  
• Click the Download button to the right.
  
• Select the Windows platform from the dropdown menu.
  
• Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6u16 with JavaFX 1 License Agreement. Click on Continue.The page will refresh.
  
• Click on the link to download Windows Offline Installation and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u120 -windows-i586-p.exe to install the newest version.
  

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  
  
  • On the General tab, under Temporary Internet Files, click the Settings button.
    
  • Next, click on the Delete Files button
    
  • There are two options in the window to clear the cache - Leave BOTH Checked
    Applications and Applets
    Trace and Log Files
    
    
    
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    
  • Click OK to leave the Temporary Files Window
    
  • Click OK to leave the Java Control Panel.
    
  
  

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml
When all is well, you should see Java Version: 1.6.0_20 from Sun Microsystems Inc.

Please run this online scan to help look for remnants.

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
  
• The program will then begin downloading and installing and will also update the database.
  
• Please be patient as this can take several minutes.
  
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Click View scan report at the bottom.
  
• Click the Save Report As... button.
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
  

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
  
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
  

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

ok.. my blonde must really be coming thru... i downloaded what i thought was the right java last week.. it says. (tm) 6 update 21 in my control panel.. looking at the website.. there isnt one that i can see that says JRE 6 _ 20.. they all start with JDK or something else.. i dont want to download the wrong one again..

the java test shows 1.6.0_21

Your fine with Java. Go ahead with Kaspersky Online Scanner please.

We'll run Malwarebytes after Kaspersky Online Scanner. There's something I want to look at with Kaspersky Online Scanner....

starting it now.. thanks

i'm attemtping to run it for the third time.. it has foze up on object 2035.. (about 25 minutes into scan).. it lets me click on the reports tab.. but does not display anything.

OK. Please run Malwarebytes as in post 16.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4320

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/16/2010 6:00:16 PM
mbam-log-2010-07-16 (18-00-16).txt

Scan type: Quick scan
Objects scanned: 128599
Time elapsed: 12 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

the third time i ran Kaspersky. it froze at object 3707 (36 min) it was a microsoft Zune file.. if that makes any difference. thanks!

How are things now? We'll try ESET.....

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

• Please go here then click on:
  
• Select the option YES, I accept the Terms of Use then click on:
  
• When prompted allow the Add-On/Active X to install.
  
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  
• Now click on Advanced Settings and select the following:
  

• Scan for potentially unwanted applications
  
• Scan for potentially unsafe applications
  
• Enable Anti-Stealth Technology
  


• Now click on:
  
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  
• When completed the Online Scan will begin automatically.
  
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  
• Now click on:
  
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  
• Copy and paste that log as a reply to this topic.
  

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

ok. getting ready to start the ESET.. the webpages are popping up a little faster, but computer optins (control panel, task manager) are still really delayed..

Your Physical Memory is 256. For XP. You should have at least 512 of Physical Memory. That is the main factor of the performance. I do want to see the ESET scan.

eset log -
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip Win32/Bagle.gen.zip worm
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\cgnpfaxgg\nwqaxictssd.exe.vir Win32/Adware.SpywareProtect2009 application

is the phyiscal memory issue because theres too much on the computer ?

after this gets cleaned up.. what do you recommend (either free or for a price) as the best protection for a home computer.. obivously what we were doing was not working

The search redirections should have stopped now. But your PC is slow at start up?

This might speed things up.

Download and install CCleaner

• CCleaner
  
• Double-click on the downloaded file ccsetup220_slim.exe and install the application.
  
• Keep the default installation folder C:\Program Files\CCleaner
  
• Click finish when done and close ALL PROGRAMS
  
• Start the CCleaner program.
  
• Click on Registry and Uncheck Registry Integrity so that it does not run (basically the very top, uncheck it)
  
• Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"
  
• Click back to Cleaner and under SYSTEM uncheck the Memory Dumps and Windows Log Files
  
• Click on Run Cleaner button on the bottom right side of the program.
  
• Click OK to any prompts
  

Looking over your log it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories.Please download this free anti-virus software...

• Avira AntiVir Personal - Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support.
  

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply.

Avira AntiVir Personal
Report file date: Saturday, July 17, 2010 22:32

Scanning for 2354648 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : USER-D4167E3C9C

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 21:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 21:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 03:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 08:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 18:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 04:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 02:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 01:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 20:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 06:27:44
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 06:27:54
VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 06:27:55
VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 06:27:55
VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 06:27:56
VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 06:27:56
VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 06:27:56
VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 06:27:56
VBASE013.VDF : 7.10.8.37 270336 Bytes 6/10/2010 06:27:58
VBASE014.VDF : 7.10.8.69 138752 Bytes 6/14/2010 06:27:59
VBASE015.VDF : 7.10.8.102 130560 Bytes 6/16/2010 06:28:00
VBASE016.VDF : 7.10.8.135 152064 Bytes 6/21/2010 06:28:00
VBASE017.VDF : 7.10.8.163 432128 Bytes 6/23/2010 06:28:02
VBASE018.VDF : 7.10.8.194 133632 Bytes 6/27/2010 06:28:03
VBASE019.VDF : 7.10.8.220 134656 Bytes 6/29/2010 06:28:04
VBASE020.VDF : 7.10.8.252 171520 Bytes 7/4/2010 06:28:05
VBASE021.VDF : 7.10.9.19 131072 Bytes 7/6/2010 06:28:06
VBASE022.VDF : 7.10.9.36 297472 Bytes 7/7/2010 06:28:07
VBASE023.VDF : 7.10.9.60 150016 Bytes 7/11/2010 06:28:08
VBASE024.VDF : 7.10.9.79 113152 Bytes 7/13/2010 06:28:09
VBASE025.VDF : 7.10.9.99 158720 Bytes 7/16/2010 06:28:10
VBASE026.VDF : 7.10.9.100 2048 Bytes 7/16/2010 06:28:10
VBASE027.VDF : 7.10.9.101 2048 Bytes 7/16/2010 06:28:10
VBASE028.VDF : 7.10.9.102 2048 Bytes 7/16/2010 06:28:11
VBASE029.VDF : 7.10.9.103 2048 Bytes 7/16/2010 06:28:11
VBASE030.VDF : 7.10.9.104 2048 Bytes 7/16/2010 06:28:11
VBASE031.VDF : 7.10.9.108 67584 Bytes 7/16/2010 06:28:12
Engineversion : 8.2.4.12
AEVDF.DLL : 8.1.2.0 106868 Bytes 7/18/2010 06:28:28
AESCRIPT.DLL : 8.1.3.40 1360250 Bytes 7/18/2010 06:28:28
AESCN.DLL : 8.1.6.1 127347 Bytes 7/18/2010 06:28:26
AESBX.DLL : 8.1.3.1 254324 Bytes 7/18/2010 06:28:29
AERDL.DLL : 8.1.4.6 541043 Bytes 7/18/2010 06:28:25
AEPACK.DLL : 8.2.2.6 430452 Bytes 7/18/2010 06:28:24
AEOFFICE.DLL : 8.1.1.6 201081 Bytes 7/18/2010 06:28:23
AEHEUR.DLL : 8.1.1.38 2724214 Bytes 7/18/2010 06:28:22
AEHELP.DLL : 8.1.11.6 242038 Bytes 7/18/2010 06:28:17
AEGEN.DLL : 8.1.3.14 381299 Bytes 7/18/2010 06:28:16
AEEMU.DLL : 8.1.2.0 393588 Bytes 7/18/2010 06:28:15
AECORE.DLL : 8.1.15.4 192886 Bytes 7/18/2010 06:28:14
AEBB.DLL : 8.1.1.0 53618 Bytes 7/18/2010 06:28:14
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 21:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 21:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/19/2010 01:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 21:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 21:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 21:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 18:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 21:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/17/2010 00:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 23:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 22:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 23:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Saturday, July 17, 2010 22:32

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\Program Files\Logitech\QuickCam\LU\LULnchr.exe
[NOTE] The process is not visible.

The scan of running processes will be started
Scan process 'rsmsink.exe' - '28' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '68' Module(s) have been scanned
Scan process 'avcenter.exe' - '63' Module(s) have been scanned
Scan process 'avgnt.exe' - '51' Module(s) have been scanned
Scan process 'sched.exe' - '55' Module(s) have been scanned
Scan process 'avshadow.exe' - '27' Module(s) have been scanned
Scan process 'avguard.exe' - '57' Module(s) have been scanned
Scan process 'COCIManager.exe' - '47' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'wscntfy.exe' - '18' Module(s) have been scanned
Scan process 'LVComSer.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '17' Module(s) have been scanned
Scan process 'LVComSer.exe' - '38' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'dldtcoms.exe' - '76' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '32' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'skypePM.exe' - '54' Module(s) have been scanned
Scan process 'LogitechDesktopMessenger.exe' - '73' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '35' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'Skype.exe' - '93' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '59' Module(s) have been scanned
Scan process 'dldtMsdMon.exe' - '50' Module(s) have been scanned
Scan process 'jusched.exe' - '21' Module(s) have been scanned
Scan process 'dldtmon.exe' - '35' Module(s) have been scanned
Scan process 'Quickcam.exe' - '53' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '47' Module(s) have been scanned
Scan process 'hkcmd.exe' - '28' Module(s) have been scanned
Scan process 'spoolsv.exe' - '64' Module(s) have been scanned
Scan process 'Explorer.EXE' - '126' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '162' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '36' Module(s) have been scanned
Scan process 'winlogon.exe' - '68' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1040' files ).


Starting the file scan:

Begin scan in 'C:'
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\cgnpfaxgg\nwqaxictssd.exe.vir
[DETECTION] Is the TR/Drop.bty Trojan
C:\System Volume Information\_restore{7618BD40-6B8E-4000-98C9-EF44A4FB5810}\RP1229\A0064117.exe
[DETECTION] Is the TR/Drop.bty Trojan

Beginning disinfection:
C:\System Volume Information\_restore{7618BD40-6B8E-4000-98C9-EF44A4FB5810}\RP1229\A0064117.exe
[DETECTION] Is the TR/Drop.bty Trojan
[NOTE] The file was moved to the quarantine directory under the name '46e5172f.qua'.
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\cgnpfaxgg\nwqaxictssd.exe.vir
[DETECTION] Is the TR/Drop.bty Trojan
[NOTE] The file was moved to the quarantine directory under the name '5eb33f30.qua'.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '0cf4622e.qua'.


End of the scan: Saturday, July 17, 2010 23:55
Used time: 1:22:22 Hour(s)

The scan has been done completely.

5458 Scanned directories
278256 Files were scanned
2 Viruses and/or unwanted programs were found
1 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
3 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
278253 Files not concerned
1258 Archives were scanned
0 Warnings
3 Notes
322455 Objects were scanned with rootkit scan
2 Hidden objects were found

Your logs are fine. As for the slow start ups are not malware related. At the end of this post is a link that will help.

Please Uninstall logitec desktop messenger from add/remove you don't need it! Logitech is not a virus or anything, but it uses unnecessary system resources in your computer. And it's not used anymore as well.

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Also see here for system improvement: Help! My computer is slow!

I am away from the home computer until tomorrow.. but will follow the above instructions when i get back.. thank you so much for all your help!

the internet seems to be working like it used to.. my computer is still slow so i will check out the other forum.. is there anything else i need to do ?

Your Computer is Clean



Some final items:

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  
• From within Internet Explorer click on the Tools menu and then click on Options.
  
• Click once on the Security tab
  
• Click once on the Internet icon so it becomes highlighted.
  
• Click once on the Custom Level button.
  
• Change the Download signed ActiveX controls to Prompt
  
• Change the Download unsigned ActiveX controls to Disable
  
• Change the Initialize and script ActiveX controls not marked as safe to Disable
  
• Change the Installation of desktop items to Prompt
  
• Change the Launching programs and files in an IFRAME to Prompt
  
• Change the Navigate sub-frames across different domains to Prompt
  
• When all these settings have been made, click on the OK button
  
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
  
• Next press the Apply button and then the OK to exit the Internet Properties page.
  

Additional Security Measures


Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Secunia software inspector & update checker

Visit My Blog for Malware and Spyware Tips