Just plain WEIRD

**Rawd** · 10-09-2010

I followed all the instructions and will post the logs at the end of this, but check out the symptoms...my computer is just running very slow, all around, won't let me connect to the internet, pretty much ignores any request I make to click on my network connections, or my computer, won't let my antivirus or firewall software load, and to top it all off displays a "WILL SHUT DOWN IN 30 SECONDS" window.

However, all of these problems are alleviated when I reboot my computer ONLY IF I unplug the Ethernet cable before startup, and connect it afterwards. The only issue then is that I can't use the internet with my firewall on, and thus have to turn it off to surf the web or play video games, leaving me vulnerable. Upon leaving the ethernet cable plugged in and then rebooting, all the problems resurface...o_O
I've been dealing with the problem for about a week now but the final straw came when I turned on my computer to find that it looks like it's running windows 2000 (it's XP) and there isn't a sound device enabled...just had to get that off my chest.
Anywho,

OTL logfile created on: 9/10/2010 2:04:44 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Rodrigo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 685.32 Gb Total Space | 518.24 Gb Free Space | 75.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 13.31 Gb Total Space | 12.98 Gb Free Space | 97.57% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: Rawd
Current User Name: Rodrigo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/10 13:04:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rodrigo\Desktop\OTL.exe
PRC - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/10/12 13:34:56 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
PRC - [2009/07/09 09:32:20 | 000,073,728 | ---- | M] (Elo Touchsystems) -- C:\WINDOWS\system32\EloSrvce.exe
PRC - [2009/04/20 14:17:01 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/03/17 14:24:06 | 000,161,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2008/07/01 10:01:04 | 001,447,168 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2007/12/21 09

16 | 000,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2004/06/14 21:09:06 | 000,073,728 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2004/03/26 19:30:12 | 000,819,200 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe
PRC - [2002/04/12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe
PRC - [2002/03/19 18:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
PRC - [2001/12/13 00:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe

========== Modules (SafeList) ==========

MOD - [2010/09/10 13:04:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rodrigo\Desktop\OTL.exe
MOD - [2009/04/20 14:16:40 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll
MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010/09/03 14:15:04 | 001,355,928 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/07/09 09:32:20 | 000,073,728 | ---- | M] (Elo Touchsystems) [Auto | Running] -- C:\WINDOWS\system32\EloSrvce.exe -- (EloSystemService)
SRV - [2009/03/17 14:24:06 | 000,161,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/07/01 10:08:00 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2007/12/21 09

16 | 000,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)
SRV - [2002/04/12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\sonypvs1.sys -- (sonypvs1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Rodrigo\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/08/12 08:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/06/22 14:18:28 | 000,055,680 | ---- | M] (Elo Touchsystems ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EloUsb.Sys -- (EloUsb)
DRV - [2009/06/22 14:18:28 | 000,048,640 | ---- | M] (Elo Touchsystems ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EloFiltr.sys -- (elomoufiltr)
DRV - [2009/06/05 12:46:32 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/03/17 14:24:06 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/02/13 17:49:30 | 005,029,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/10/07 14:33:00 | 006,133,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/08/05 21:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/01 10:04:38 | 000,054,280 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2008/07/01 10:04:36 | 000,030,728 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2008/07/01 10:04:34 | 000,071,688 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2008/07/01 09:57:14 | 000,053,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2008/07/01 09

22 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/06/27 17:40:18 | 001,315,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 22:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/07/27 17:25:28 | 000,077,056 | ---- | M] (Unibrain S.A.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ubohci.sys -- (ubohci)
DRV - [2005/07/27 17:25:28 | 000,036,352 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\UBUMAPI.sys -- (ubumapi)
DRV - [2005/07/27 17:25:28 | 000,014,080 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\UBSBM.sys -- (ubsbm)
DRV - [2003/12/19 21:15:50 | 000,015,263 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/09 14:12:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/09 14:12:23 | 000,000,000 | ---D | M]

[2009/11/25 06:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Application Data\Mozilla\Extensions
[2009/11/25 06:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Application Data\Mozilla\Extensions\celtx@celtx.com
[2010/09/09 21:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Application Data\Mozilla\Firefox\Profiles\o6ttki7f.default\ext ensions
[2010/06/03 01:28:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rodrigo\Application Data\Mozilla\Firefox\Profiles\o6ttki7f.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/03 01:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Application Data\Mozilla\Firefox\Profiles\o6ttki7f.default\ext ensions\personas@christopher.beard
[2010/09/09 21:19:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/09/21 16:25:40 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: MaxRecentDocs = 18
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: verbosestatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pearsoned.com/Pegasus...es/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Rodrigo\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rodrigo\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/25 21:07:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\pdvcodec.dll (Matsu****a Electric Industrial Co., Ltd.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 90 Days ==========

[2010/09/10 13:03:51 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rodrigo\Desktop\OTL.exe
[2010/09/03 14:15:16 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/09/03 13:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Local Settings\Application Data\Sunbelt Software
[2010/09/03 13:50:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/08/02 21:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/02 21:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/02 11:36:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/02 11:33:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/07/17 22:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\My Documents\New Folder
[2010/06/22 14:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Local Settings\Application Data\PCHealth
[2010/06/22 13:52:48 | 000,000,000 | ---D | C] -- C:\1d9bdd49b3ab601db2d44af63a9e
[2010/06/18 22:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Application Data\Google

========== Files - Modified Within 90 Days ==========

[2010/09/10 14:05:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E01CF51F-E590-4F71-9873-26E382FC3185}.job
[2010/09/10 13:57:15 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8B101C39-28AA-4D42-A2A7-ECD583DFC838}.job
[2010/09/10 13:44:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/10 13:04:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rodrigo\Desktop\OTL.exe
[2010/09/10 13:02:49 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\MBRCheck.exe
[2010/09/10 12:55:17 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\HiJackThis.lnk
[2010/09/10 12:52:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/10 12:52:28 | 000,272,623 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/09/10 12:52:26 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/10 12:52:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/10 12:52:23 | 3488,862,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/10 03:26:53 | 000,175,104 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/10 00:13:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/09 17:04:49 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/09 16:54:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/08 13:16:11 | 004,314,140 | -H-- | M] () -- C:\Documents and Settings\Rodrigo\Local Settings\Application Data\IconCache.db
[2010/09/06 13:44:44 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Rodrigo\NTUSER.DAT
[2010/09/05 18:27:45 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\Resume.doc
[2010/09/04 21:09:25 | 000,181,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/04 20:20:04 | 000,501,780 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/04 20:20:04 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/04 20:20:04 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/03 13:50:33 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/03 13:50:33 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/09/01 09:03:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Rodrigo\ntuser.ini
[2010/08/12 08:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/08/12 08:15:20 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/04 20:16:25 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/04 20:16:25 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/28 20:29:28 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\Microsoft Calculator Plus.lnk
[2010/07/27 21:02:29 | 000,023,871 | ---- | M] () -- C:\Documents and Settings\Rodrigo\My Documents\reaction paper.odt
[2010/07/22 00:23:55 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/07/14 14:26:50 | 001,028,608 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\w9form.doc
[2010/07/12 13

56 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Rodrigo\My Documents\amef.doc
[2010/07/12 13

03 | 000,284,442 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\AMEF.jpg
[2010/06/20 19:41:36 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\Resume no references.doc
[2010/06/14 14:14:59 | 000,044,596 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\Clipboard01.jpg
[2010/06/13 14:24:54 | 000,085,887 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\wu-tang-wu-tang.jpg

========== Files Created - No Company Name ==========

[2010/09/10 13:02:48 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\MBRCheck.exe
[2010/09/05 18:27:43 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\Resume.doc
[2010/09/03 13:50:33 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/03 13:50:33 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/09/01 13:34:57 | 3488,862,208 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/27 21:02:28 | 000,023,871 | ---- | C] () -- C:\Documents and Settings\Rodrigo\My Documents\reaction paper.odt
[2010/07/22 00:23:55 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/07/14 14:26:47 | 001,028,608 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\w9form.doc
[2010/07/12 13

53 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Rodrigo\My Documents\amef.doc
[2010/07/12 13

03 | 000,284,442 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\AMEF.jpg
[2010/06/20 19:41:23 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\Resume no references.doc
[2010/06/18 22:39:58 | 000,000,888 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/18 22:39:57 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/14 14:14:59 | 000,044,596 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\Clipboard01.jpg
[2010/06/13 14:24:53 | 000,085,887 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\wu-tang-wu-tang.jpg
[2010/01/14 19:08:43 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/09/29 11:34:24 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/09/29 11:34:21 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/08/03 01

54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/03 01

54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01

54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 01

54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 01

54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01

54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 01

54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 01

54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 01

52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 01

52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/07/20 15:37:22 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/29 13:55:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/06/29 13:53:54 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/06/29 13:53:02 | 000,000,771 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/06/29 13:53:02 | 000,000,462 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2009/06/29 13:53:02 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/06/29 13:53:01 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/06/26 17:14:11 | 000,175,104 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/25 23:27:31 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/06/25 21:59:35 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2009/06/25 21:59:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2009/06/25 15:43:34 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/04/20 14:25:16 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll

========== LOP Check ==========

[2010/05/24 16:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/06/26 16:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/01/14 21:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/01/09 12:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/06/25 22:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2009/10/11 19:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\myitlab
[2010/03/03 21:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/06/26 05:37:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{12DD4DFD-49D5-4382-9533-B21955C1FD4C}
[2009/12/25 03:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/09/03 13:50:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/05/24 16:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Application Data\acccore
[2009/06/26 16:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Application Data\Azureus
[2009/11/24 03:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Application Data\Blitware
[2009/10/31 08:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Application Data\Camfrog
[2010/05/21 21:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Application Data\Canneverbe Limited
[2010/01/09 12

07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Application Data\ESET
[2010/01/22 11:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Application Data\FMZilla
[2009/09/14 16:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Application Data\Meebo
[2009/07/24 12:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Application Data\OpenOffice.org
[2010/09/10 05:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Application Data\uTorrent
[2010/09/10 00:13:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/09/10 13:57:15 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8B101C39-28AA-4D42-A2A7-ECD583DFC838}.job
[2010/09/10 14:05:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E01CF51F-E590-4F71-9873-26E382FC3185}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/09/10 12:52:20 | 000,037,921 | ---- | M] () -- C:\aaw7boot.log
[2009/06/25 21:07:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/03/02 18:00:22 | 000,000,002 | ---- | M] () -- C:\avenger.txt
[2009/06/26 00:48:41 | 010,001,714 | ---- | M] () -- C:\BellSouthIW.reg
[2010/03/02 20:40:16 | 000,014,000 | ---- | M] () -- C:\ComboFix.txt
[2009/06/25 21:07:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/09/10 12:52:23 | 3488,862,208 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/25 21:07:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/24 16:27:25 | 000,000,920 | -H-- | M] () -- C:\IPH.PH
[2009/06/25 21:07:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/10 12:52:20 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/03/02 14:34:04 | 000,048,196 | ---- | M] () -- C:\TDSSKiller.txt
[2009/11/25 05:28:10 | 000,058,401 | ---- | M] () -- C:\WaxCrash.dmp

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/25 21:06:26 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2004/02/09 00:00:00 | 000,026,285 | ---- | M] (Brother Industries ,Ltd ) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\brmfpp1. dll
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfil terpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/06/25 15:42:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/06/25 15:42:34 | 001,073,152 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/06/25 15:42:34 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/06/25 21:07:08 | 000,000,227 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2009/06/25 21:06:48 | 000,007,287 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\ASPNETSet up.log

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/06/26 14:15:59 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\Rodrigo\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/06/26 14:15:59 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/09/10 13:02:49 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\MBRCheck.exe
[2010/09/10 13:04:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rodrigo\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/06/26 14:15:59 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Rodrigo\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/10 13:57:15 | 000,049,152 | -HS- | M] () -- C:\Documents and Settings\Rodrigo\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >
[2003/06/13 18:23:06 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\AppLoc.exe

< %SYSTEMROOT%\inf\*.exe >
[2009/04/20 14:18:58 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

< >

< >

< Read more: http://www.d-a-l.com/help/spyware-ad...#ixzz0z9Q9W8Cx >
Invalid Switch: 68933-read-first-important-instructions-updated.html#ixzz0z9Q9W8Cx

< End of report >

OTL Extras logfile created on: 9/10/2010 2:04:44 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Rodrigo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 685.32 Gb Total Space | 518.24 Gb Free Space | 75.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 13.31 Gb Total Space | 12.98 Gb Free Space | 97.57% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: Rawd
Current User Name: Rodrigo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" =
"FirewallDisableNotify" = 0
"FirewallOverride" =
"FirstRunDisabled" =
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet

isabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet

isabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- File not found
"C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- File not found
"C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{195FF80D-6C1E-4B7A-A48E-45C0AEAC0F24}" = Microsoft LifeCam
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 18
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40A6C96D-808E-41DD-8716-617AB6B0F1F1}" = Brother MFL-Pro Suite
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{60451544-C17E-4057-9273-5F10176472BD}" = Creative ZEN X-Fi Video Converter
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 Service Pack 1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FBF09842-EB7F-4BC2-BD32-DDE2572B2195}" = ESET Smart Security
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Camfrog 5.4" = Camfrog Video Chat 5.4
"Creative ZEN X-Fi Video Converter" = Creative ZEN X-Fi Video Converter
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DMX5_is1" = DriverMax 5
"Foxit Reader" = Foxit Reader
"Guitar Pro 5_is1" = Guitar Pro 5.2
"hon" = Heroes of Newerth
"IrfanView" = IrfanView (remove only)
"Magic M4A to MP3 Converter_is1" = Magic M4A to MP3 Converter 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"TabIt for Windows_is1" = TabIt version 2.01
"Unlocker" = Unlocker 1.8.7
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"Meebo Notifier" = Meebo Notifier
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/3/2010 7:44:05 PM | Computer Name = Rawd | Source = Google Update | ID = 20
Description =

Error - 9/4/2010 9:44:05 AM | Computer Name = Rawd | Source = Google Update | ID = 20
Description =

Error - 9/4/2010 10:43:33 AM | Computer Name = Rawd | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/4/2010 10:43:33 AM | Computer Name = Rawd | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/4/2010 10:43:48 AM | Computer Name = Rawd | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 9/4/2010 10:43:48 AM | Computer Name = Rawd | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/4/2010 10:43:48 AM | Computer Name = Rawd | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/4/2010 10:43:48 AM | Computer Name = Rawd | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/4/2010 10:43:48 AM | Computer Name = Rawd | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/10/2010 12:52:47 PM | Computer Name = Rawd | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 9/10/2010 12:54:48 PM | Computer Name = Rawd | Source = Service Control Manager | ID = 7034
Description = The Distributed Link Tracking Client service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/10/2010 12:54:48 PM | Computer Name = Rawd | Source = Service Control Manager | ID = 7034
Description = The Windows Time service terminated unexpectedly. It has done this
1 time(s).

Error - 9/10/2010 12:54:48 PM | Computer Name = Rawd | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 9/10/2010 12:54:48 PM | Computer Name = Rawd | Source = Service Control Manager | ID = 7034
Description = The Automatic Updates service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/10/2010 12:54:48 PM | Computer Name = Rawd | Source = Service Control Manager | ID = 7034
Description = The Wireless Zero Configuration service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/10/2010 1:00:54 PM | Computer Name = Rawd | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 9/10/2010 1:01:51 PM | Computer Name = Rawd | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 9/10/2010 1:05:12 PM | Computer Name = Rawd | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 9/10/2010 2:04:51 PM | Computer Name = Rawd | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 9/10/2010 2:04:51 PM | Computer Name = Rawd | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

< End of report >

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 124):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB80B8000 ohci1394.sys
0xB80C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB85AC000 intelide.sys
0xB80D8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB85AE000 dmload.sys
0xB7F23000 dmio.sys
0xB8330000 PartMgr.sys
0xB80E8000 VolSnap.sys
0xB7F0B000 atapi.sys
0xB80F8000 disk.sys
0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7EEB000 fltMgr.sys
0xB8118000 Lbd.sys
0xB8128000 PxHelp20.sys
0xB7ED4000 KSecDD.sys
0xB7EC1000 WudfPf.sys
0xB7E34000 Ntfs.sys
0xB7E07000 NDIS.sys
0xB7DED000 Mup.sys
0xB8258000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB6ECE000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6EBA000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8428000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB6E96000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8430000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6E6E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB6E4B000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xB6E38000 \SystemRoot\system32\DRIVERS\ubohci.sys
0xB6E22000 \SystemRoot\system32\DRIVERS\UB1394.SYS
0xB8268000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB8438000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8440000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB8278000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8288000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8298000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB6DFF000 \SystemRoot\system32\DRIVERS\ks.sys
0xB82A8000 \SystemRoot\system32\DRIVERS\Epfwndis.sys
0xB871B000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB82B8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB8598000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6DE8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB82C8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB82D8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8448000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB6DD7000 \SystemRoot\system32\DRIVERS\psched.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8450000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8458000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB6D07000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB82F8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB85E0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6CA9000 \SystemRoot\system32\DRIVERS\update.sys
0xB7DC1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8308000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8158000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85E2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB465C000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB4638000 \SystemRoot\system32\drivers\portcls.sys
0xB8168000 \SystemRoot\system32\drivers\drmk.sys
0xB858C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB87B7000 \SystemRoot\System32\Drivers\Null.SYS
0xB85E6000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8488000 \SystemRoot\System32\drivers\vga.sys
0xB85E8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8490000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8498000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB7DBD000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB3E61000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB3E08000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB3DCE000 \SystemRoot\system32\DRIVERS\epfwtdi.sys
0xB3DA8000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB3D80000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB3D5E000 \SystemRoot\System32\drivers\afd.sys
0xB8178000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB3D33000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB3CC3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8188000 \SystemRoot\System32\Drivers\Fips.SYS
0xB84A0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB8198000 \SystemRoot\system32\DRIVERS\easdrv.sys
0xB84A8000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB6C58000 \SystemRoot\System32\Drivers\BrScnUsb.sys
0xB84B0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB81C8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB81D8000 \SystemRoot\System32\Drivers\nx6000.sys
0xB3C05000 \SystemRoot\System32\Drivers\usbvideo.sys
0xB81E8000 \SystemRoot\system32\drivers\usbaudio.sys
0xB4634000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB81F8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB8350000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8218000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB3BC5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB85EE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB4614000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8370000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB86D8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB35D1000 \SystemRoot\system32\DRIVERS\epfw.sys
0xB3BF1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB3775000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xB3375000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB32D8000 \SystemRoot\system32\DRIVERS\eamon.sys
0xB3259000 \SystemRoot\system32\DRIVERS\srv.sys
0xB317C000 \SystemRoot\system32\drivers\wdmaud.sys
0xB3401000 \SystemRoot\system32\drivers\sysaudio.sys
0xB32D4000 \SystemRoot\system32\DRIVERS\ubsbm.sys
0xB31E9000 \SystemRoot\system32\DRIVERS\ubumapi.sys
0xB31AD000 \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
0xB2942000 \??\C:\DOCUME~1\Rodrigo\LOCALS~1\Temp\pxtdrpob.sys
0xB1B76000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 41):
0 System Idle Process
4 System
888 C:\WINDOWS\system32\smss.exe
944 csrss.exe
968 C:\WINDOWS\system32\winlogon.exe
1012 C:\WINDOWS\system32\services.exe
1032 C:\WINDOWS\system32\lsass.exe
1204 C:\WINDOWS\system32\nvsvc32.exe
1224 C:\WINDOWS\system32\svchost.exe
1312 svchost.exe
1392 C:\WINDOWS\system32\svchost.exe
1576 svchost.exe
1600 svchost.exe
1780 C:\WINDOWS\system32\brsvc01a.exe
1796 C:\WINDOWS\system32\brss01a.exe
1804 C:\WINDOWS\system32\spoolsv.exe
1868 svchost.exe
1912 C:\WINDOWS\system32\Brmfrmps.exe
1944 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
1964 C:\WINDOWS\system32\EloSrvce.exe
1992 C:\Program Files\Java\jre6\bin\jqs.exe
2012 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
2036 C:\Program Files\CDBurnerXP\NMSAccessU.exe
364 C:\WINDOWS\system32\svchost.exe
516 C:\Program Files\UPHClean\uphclean.exe
684 C:\WINDOWS\explorer.exe
804 C:\WINDOWS\system32\TaskSwitch.exe
812 C:\WINDOWS\RTHDCPL.EXE
564 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
872 C:\WINDOWS\system32\ctfmon.exe
1252 C:\WINDOWS\system32\svchost.exe
1276 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
3996 C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
3256 alg.exe
3328 C:\WINDOWS\system32\svchost.exe
1504 C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
1564 C:\WINDOWS\system32\notepad.exe
2200 C:\Program Files\Mozilla Firefox\firefox.exe
248 C:\WINDOWS\explorer.exe
1672 C:\Program Files\Mozilla Firefox\plugin-container.exe
2384 C:\Documents and Settings\Rodrigo\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`007e0000 (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x000000ab`550ef000 (NTFS)

PhysicalDrive0 Model Number: ST3750630AS, Rev: HP26

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 33F35FE854431BFA9832D54D96771775F18EF778

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-10 13:54:37
Windows 5.1.2600 Service Pack 3
Running: vg8gptfv.exe; Driver: C:\DOCUME~1\Rodrigo\LOCALS~1\Temp\pxtdrpob.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xB811887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xB8118BFE]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB31AD6D0]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6ECE360, 0x32E00D, 0xE8000020]
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[216] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1040098F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1944] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2200] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

Device \Driver\ubohci \Device\UBOHCI0 UB1394.SYS (FireAPI® 1394 Class Driver (XP)/Unibrain S.A.)

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

Device \Driver\ubohci \Device\C1394 UB1394.SYS (FireAPI® 1394 Class Driver (XP)/Unibrain S.A.)

AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

---- EOF - GMER 1.0.15 ----

Malwarebytes' Anti-Malware 1.44
Database version: 3815
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/10/2010 2:34:25 PM
mbam-log-2010-09-10 (14-34-25).txt

Scan type: Quick Scan
Objects scanned: 122827
Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

and although the instructions didn't specify, I took the liberty of making a Hijackthis log as well!

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 2:45:47 PM, on 9/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\EloSrvce.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Free Online News, Sport, Music, Movies, Money, Cars and Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Free Online News, Sport, Music, Movies, Money, Cars and Windows Live from MSN UK
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\macromed\flash\FlashUtil10b.ex e (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Pegasus...es/ax/stub.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B55EEA5-2D2D-4CB8-8E07-FD7CE824D02D}: NameServer = 205.152.144.23 205.152.132.23
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EloSystemService - Elo Touchsystems - C:\WINDOWS\system32\EloSrvce.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6101 bytes

**Rawd** · 10-09-2010

also, I've been getting a BLUE SCREEN error that shuts down windows, something along the lines of killing a process in order to prevent damage or something?
I was scared it was the infamous blue screen of death but it's not.
I forgot what it said, but it just happened about 10 minutes ago and I got the following notifications when I rebooted:

**broni** · 10-09-2010

We don't use HJT around here anymore.

You're infected with a bootkit.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**Rawd** · 11-09-2010

here ya go:

ComboFix 10-09-09.04 - Rodrigo 09/11/2010 11:28:26.5.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2834 [GMT -4:00]
Running from: c:\documents and settings\Rodrigo\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.

2010-09-11 00:25 . 2010-09-11 00:25 101280 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-04 00:21 . 2010-07-27 06:28 8463360 ------w- c:\windows\system32\dllcache\shell32.dll
2010-09-04 00:20 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-03 18:15 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-03 17:50 . 2010-09-03 17:50 -------- d-----w- c:\documents and settings\Rodrigo\Local Settings\Application Data\Sunbelt Software
2010-09-03 17:50 . 2010-09-03 17:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-03 17:50 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-10 23:46 . 2010-05-10 23:29 -------- d-----w- c:\documents and settings\Rodrigo\Application Data\Skype
2010-09-10 22:15 . 2010-05-11 00:34 -------- d-----w- c:\program files\Heroes of Newerth
2010-09-10 22:08 . 2009-06-29 01:27 -------- d-----w- c:\documents and settings\Rodrigo\Application Data\skypePM
2010-09-10 09:07 . 2009-06-26 20:54 -------- d-----w- c:\documents and settings\Rodrigo\Application Data\uTorrent
2010-09-10 07:19 . 2010-03-09 03:13 -------- d-----w- c:\documents and settings\Rodrigo\Application Data\vlc
2010-09-06 15:16 . 2009-07-24 16:34 1 ----a-w- c:\documents and settings\Rodrigo\Application Data\OpenOffice.org\3\user\uno_packages\cache\stam p.sys
2010-09-05 00:08 . 2010-06-08 02:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-01 17:41 . 2010-02-24 20:47 -------- d-----w- c:\program files\QuickTime
2010-09-01 17:40 . 2009-06-26 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-09-01 13:04 . 2009-07-09 05:38 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-09-01 13:02 . 2009-06-26 09:37 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-01 13:00 . 2009-08-21 06:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-08-12 12:15 . 2010-02-23 18:30 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-22 04:23 . 2010-07-22 04:23 8 ----a-w- c:\windows\system32\nvModes.dat
2010-06-30 12:23 . 2009-04-20 18:18 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2009-04-20 18:19 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 02:14 . 2009-04-20 18:19 1861120 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 14:18 . 2009-04-20 18:18 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-04-14 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-06-26 01:04 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:39 . 2009-04-20 18:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-08-25 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2007-10-31 . E9EEB38B858B637F4F8FA3401F325DC5 . 13824 . . [5.1.2600.3244] . . c:\windows\system32\wscntfy.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-11_00.33.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-11 15:23 . 2010-09-11 15:23 16384 c:\windows\Temp\Perflib_Perfdata_7b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"CoolSwitch"="c:\windows\system32\taskswitch.e xe" [2002-03-19 45632]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-13 17508864]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-03-17 157552]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-04-20 128512]
"FlashPlayerUpdate"="c:\windows\system32\macromed\ flash\FlashUtil10b.exe" [2009-04-20 240544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2009-6-29 819200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/3/2010 2:15 PM 64288]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 9:21 AM 468224]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [6/26/2009 4:20 AM 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [6/26/2009 4:20 AM 36352]
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [6/28/2009 7:31 PM 30560]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [6/26/2009 4:20 AM 77056]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfil t.sys [6/25/2009 11:10 PM 1684736]
S3 elomoufiltr;ELO TouchSystems-SRV2;c:\windows\system32\drivers\EloFiltr.sys [11/5/2009 7:23 PM 48640]
S3 EloUsb;ELO TouchSystems-SRV;c:\windows\system32\drivers\EloUsb.Sys [11/5/2009 7:23 PM 55680]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 8:15 AM 1355928]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/14/2008 8:00 AM 14336]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-09-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 18:15]

2010-09-11 c:\windows\Tasks\User_Feed_Synchronization-{8B101C39-28AA-4D42-A2A7-ECD583DFC838}.job
- c:\windows\system32\msfeedssync.exe [2009-04-20 18:22]

2010-09-11 c:\windows\Tasks\User_Feed_Synchronization-{E01CF51F-E590-4F71-9873-26E382FC3185}.job
- c:\windows\system32\msfeedssync.exe [2009-04-20 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Rodrigo\Application Data\Mozilla\Firefox\Profiles\o6ttki7f.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-11 11:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,ba,04 ,f8,d1,5c,d2,4b,b6,0b,d9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,ba,04 ,f8,d1,5c,d2,4b,b6,0b,d9,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1528)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-11 11:32:47
ComboFix-quarantined-files.txt 2010-09-11 15:32
ComboFix2.txt 2010-09-11 00:34
ComboFix3.txt 2010-03-03 00:40

Pre-Run: 562,395,164,672 bytes free
Post-Run: 562,376,556,544 bytes free

- - End Of File - - CEB7962CCDAC7D55FF9D8B6595F605FB

**broni** · 11-09-2010

You ran Combofix twice (why?)

Navigate to C:\Qoobox and post ComboFix2.txt content.

**Rawd** · 11-09-2010

the first time I ran it I had to leave my house and didn't get to copy/paste the log so I just ran it a second time.

here's combofix2:

ComboFix 10-09-09.04 - Rodrigo 09/10/2010 20:27:14.4.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2945 [GMT -4:00]
Running from: c:\documents and settings\Rodrigo\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Custom Settings\ToggleQL.exe

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.

2010-09-11 00:25 . 2010-09-11 00:25 101280 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-04 00:21 . 2010-07-27 06:28 8463360 ------w- c:\windows\system32\dllcache\shell32.dll
2010-09-04 00:20 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-03 18:15 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-03 17:50 . 2010-09-03 17:50 -------- d-----w- c:\documents and settings\Rodrigo\Local Settings\Application Data\Sunbelt Software
2010-09-03 17:50 . 2010-09-03 17:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-03 17:50 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-10 23:46 . 2010-05-10 23:29 -------- d-----w- c:\documents and settings\Rodrigo\Application Data\Skype
2010-09-10 22:15 . 2010-05-11 00:34 -------- d-----w- c:\program files\Heroes of Newerth
2010-09-10 22:08 . 2009-06-29 01:27 -------- d-----w- c:\documents and settings\Rodrigo\Application Data\skypePM
2010-09-10 09:07 . 2009-06-26 20:54 -------- d-----w- c:\documents and settings\Rodrigo\Application Data\uTorrent
2010-09-10 07:19 . 2010-03-09 03:13 -------- d-----w- c:\documents and settings\Rodrigo\Application Data\vlc
2010-09-06 15:16 . 2009-07-24 16:34 1 ----a-w- c:\documents and settings\Rodrigo\Application Data\OpenOffice.org\3\user\uno_packages\cache\stam p.sys
2010-09-05 00:08 . 2010-06-08 02:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-01 17:41 . 2010-02-24 20:47 -------- d-----w- c:\program files\QuickTime
2010-09-01 17:40 . 2009-06-26 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-09-01 13:04 . 2009-07-09 05:38 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-09-01 13:02 . 2009-06-26 09:37 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-01 13:00 . 2009-08-21 06:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-08-12 12:15 . 2010-02-23 18:30 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-22 04:23 . 2010-07-22 04:23 8 ----a-w- c:\windows\system32\nvModes.dat
2010-06-30 12:23 . 2009-04-20 18:18 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2009-04-20 18:19 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 02:14 . 2009-04-20 18:19 1861120 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 14:18 . 2009-04-20 18:18 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-04-14 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-06-26 01:04 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:39 . 2009-04-20 18:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-08-25 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2007-10-31 . E9EEB38B858B637F4F8FA3401F325DC5 . 13824 . . [5.1.2600.3244] . . c:\windows\system32\wscntfy.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"CoolSwitch"="c:\windows\system32\taskswitch.e xe" [2002-03-19 45632]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-13 17508864]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-03-17 157552]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-04-20 128512]
"FlashPlayerUpdate"="c:\windows\system32\macromed\ flash\FlashUtil10b.exe" [2009-04-20 240544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2009-6-29 819200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/3/2010 2:15 PM 64288]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 9:21 AM 468224]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [6/26/2009 4:20 AM 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [6/26/2009 4:20 AM 36352]
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [6/28/2009 7:31 PM 30560]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [6/26/2009 4:20 AM 77056]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfil t.sys [6/25/2009 11:10 PM 1684736]
S3 elomoufiltr;ELO TouchSystems-SRV2;c:\windows\system32\drivers\EloFiltr.sys [11/5/2009 7:23 PM 48640]
S3 EloUsb;ELO TouchSystems-SRV;c:\windows\system32\drivers\EloUsb.Sys [11/5/2009 7:23 PM 55680]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 8:15 AM 1355928]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/14/2008 8:00 AM 14336]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-09-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 18:15]

2010-09-11 c:\windows\Tasks\User_Feed_Synchronization-{8B101C39-28AA-4D42-A2A7-ECD583DFC838}.job
- c:\windows\system32\msfeedssync.exe [2009-04-20 18:22]

2010-09-11 c:\windows\Tasks\User_Feed_Synchronization-{E01CF51F-E590-4F71-9873-26E382FC3185}.job
- c:\windows\system32\msfeedssync.exe [2009-04-20 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Rodrigo\Application Data\Mozilla\Firefox\Profiles\o6ttki7f.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper_3004.dll

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-10 20:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,ba,04 ,f8,d1,5c,d2,4b,b6,0b,d9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,ba,04 ,f8,d1,5c,d2,4b,b6,0b,d9,\
.
Completion time: 2010-09-10 20:34:58
ComboFix-quarantined-files.txt 2010-09-11 00:34
ComboFix2.txt 2010-03-03 00:40

Pre-Run: 560,569,147,392 bytes free
Post-Run: 562,393,837,568 bytes free

- - End Of File - - FB2F93CEF8C0AF947A3E5D18944009A7

**broni** · 11-09-2010

How is computer doing at the moment?

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
"FirewallOverride"=-

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

**Rawd** · 13-09-2010

computer is running slightly smoother, I guess.
Antivirus/Firewall is disabled, no issues.
here's the log:

ComboFix 10-09-12.04 - Rodrigo 09/13/2010 11:57:15.6.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2853 [GMT -4:00]
Running from: c:\documents and settings\Rodrigo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rodrigo\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-08-13 to 2010-09-13 )))))))))))))))))))))))))))))))
.

2010-09-11 00:25 . 2010-09-11 00:25 101280 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-04 00:21 . 2010-07-27 06:28 8463360 ------w- c:\windows\system32\dllcache\shell32.dll
2010-09-04 00:20 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-03 18:15 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-03 17:50 . 2010-09-03 17:50 -------- d-----w- c:\documents and settings\Rodrigo\Local Settings\Application Data\Sunbelt Software
2010-09-03 17:50 . 2010-09-03 17:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-03 17:50 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-13 03:16 . 2010-05-10 23:29 -------- d-----w- c:\documents and settings\Rodrigo\Application Data\Skype
2010-09-13 02:32 . 2009-06-29 01:27 -------- d-----w- c:\documents and settings\Rodrigo\Application Data\skypePM
2010-09-12 16:33 . 2010-03-09 03:13 -------- d-----w- c:\documents and settings\Rodrigo\Application Data\vlc
2010-09-10 22:15 . 2010-05-11 00:34 -------- d-----w- c:\program files\Heroes of Newerth
2010-09-10 09:07 . 2009-06-26 20:54 -------- d-----w- c:\documents and settings\Rodrigo\Application Data\uTorrent
2010-09-06 15:16 . 2009-07-24 16:34 1 ----a-w- c:\documents and settings\Rodrigo\Application Data\OpenOffice.org\3\user\uno_packages\cache\stam p.sys
2010-09-05 00:08 . 2010-06-08 02:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-01 17:41 . 2010-02-24 20:47 -------- d-----w- c:\program files\QuickTime
2010-09-01 17:40 . 2009-06-26 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-09-01 13:04 . 2009-07-09 05:38 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-09-01 13:02 . 2009-06-26 09:37 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-01 13:00 . 2009-08-21 06:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-08-12 12:15 . 2010-02-23 18:30 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-22 04:23 . 2010-07-22 04:23 8 ----a-w- c:\windows\system32\nvModes.dat
2010-06-30 12:23 . 2009-04-20 18:18 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2009-04-20 18:19 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 02:14 . 2009-04-20 18:19 1861120 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 14:18 . 2009-04-20 18:18 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-04-14 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-08-25 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2007-10-31 . E9EEB38B858B637F4F8FA3401F325DC5 . 13824 . . [5.1.2600.3244] . . c:\windows\system32\wscntfy.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-11_00.33.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-11 15:23 . 2010-09-11 15:23 16384 c:\windows\Temp\Perflib_Perfdata_7b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"CoolSwitch"="c:\windows\system32\taskswitch.e xe" [2002-03-19 45632]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-13 17508864]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-03-17 157552]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-04-20 128512]
"FlashPlayerUpdate"="c:\windows\system32\macromed\ flash\FlashUtil10b.exe" [2009-04-20 240544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2009-6-29 819200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/3/2010 2:15 PM 64288]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 9:21 AM 468224]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [6/26/2009 4:20 AM 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [6/26/2009 4:20 AM 36352]
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [6/28/2009 7:31 PM 30560]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [6/26/2009 4:20 AM 77056]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfil t.sys [6/25/2009 11:10 PM 1684736]
S3 elomoufiltr;ELO TouchSystems-SRV2;c:\windows\system32\drivers\EloFiltr.sys [11/5/2009 7:23 PM 48640]
S3 EloUsb;ELO TouchSystems-SRV;c:\windows\system32\drivers\EloUsb.Sys [11/5/2009 7:23 PM 55680]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 8:15 AM 1355928]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/14/2008 8:00 AM 14336]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-09-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 18:15]

2010-09-13 c:\windows\Tasks\User_Feed_Synchronization-{8B101C39-28AA-4D42-A2A7-ECD583DFC838}.job
- c:\windows\system32\msfeedssync.exe [2009-04-20 18:22]

2010-09-13 c:\windows\Tasks\User_Feed_Synchronization-{E01CF51F-E590-4F71-9873-26E382FC3185}.job
- c:\windows\system32\msfeedssync.exe [2009-04-20 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: {3B55EEA5-2D2D-4CB8-8E07-FD7CE824D02D} = 205.152.144.23 205.152.132.23
FF - ProfilePath - c:\documents and settings\Rodrigo\Application Data\Mozilla\Firefox\Profiles\o6ttki7f.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-13 12:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,ba,04 ,f8,d1,5c,d2,4b,b6,0b,d9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,ba,04 ,f8,d1,5c,d2,4b,b6,0b,d9,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3280)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-13 12:01:35
ComboFix-quarantined-files.txt 2010-09-13 16:01
ComboFix2.txt 2010-09-11 15:32
ComboFix3.txt 2010-09-11 00:34
ComboFix4.txt 2010-03-03 00:40

Pre-Run: 562,191,327,232 bytes free
Post-Run: 562,172,276,736 bytes free

- - End Of File - - D53AB1C08985E9B15EBA990A3B5471EF

**broni** · 14-09-2010

Looks good

Please, re-run OTL "Quick scan" and post new log. It'll create only 1 log.

**Rawd** · 15-09-2010

here ya go:

OTL logfile created on: 9/14/2010 9:55:46 PM - Run 3
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Rodrigo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 685.32 Gb Total Space | 523.25 Gb Free Space | 76.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 13.31 Gb Total Space | 12.98 Gb Free Space | 97.57% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: Rawd
Current User Name: Rodrigo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/10 13:04:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rodrigo\Desktop\OTL.exe
PRC - [2010/09/09 14:12:21 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/09 14:12:20 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/07 21:27:07 | 000,818,888 | ---- | M] (Meebo, Inc.) -- C:\Documents and Settings\Rodrigo\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe
PRC - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/07/09 09:32:20 | 000,073,728 | ---- | M] (Elo Touchsystems) -- C:\WINDOWS\system32\EloSrvce.exe
PRC - [2009/04/20 14:17:01 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/03/17 14:24:06 | 000,161,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2008/07/01 10:01:04 | 001,447,168 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2007/12/21 09

16 | 000,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2004/06/14 21:09:06 | 000,073,728 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2004/03/26 19:30:12 | 000,819,200 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe
PRC - [2002/04/12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe
PRC - [2002/03/19 18:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
PRC - [2001/12/13 00:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe

========== Modules (SafeList) ==========

MOD - [2010/09/10 13:04:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rodrigo\Desktop\OTL.exe
MOD - [2009/04/20 14:16:40 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll
MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010/09/03 14:15:04 | 001,355,928 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/07/09 09:32:20 | 000,073,728 | ---- | M] (Elo Touchsystems) [Auto | Running] -- C:\WINDOWS\system32\EloSrvce.exe -- (EloSystemService)
SRV - [2009/03/17 14:24:06 | 000,161,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/07/01 10:08:00 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2007/12/21 09

16 | 000,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)
SRV - [2002/04/12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\sonypvs1.sys -- (sonypvs1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Rodrigo\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/08/12 08:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/06/22 14:18:28 | 000,055,680 | ---- | M] (Elo Touchsystems ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EloUsb.Sys -- (EloUsb)
DRV - [2009/06/22 14:18:28 | 000,048,640 | ---- | M] (Elo Touchsystems ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EloFiltr.sys -- (elomoufiltr)
DRV - [2009/06/05 12:46:32 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/03/17 14:24:06 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/02/13 17:49:30 | 005,029,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/10/07 14:33:00 | 006,133,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/08/05 21:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/01 10:04:38 | 000,054,280 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2008/07/01 10:04:36 | 000,030,728 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2008/07/01 10:04:34 | 000,071,688 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2008/07/01 09:57:14 | 000,053,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2008/07/01 09

22 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/06/27 17:40:18 | 001,315,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 22:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/07/27 17:25:28 | 000,077,056 | ---- | M] (Unibrain S.A.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ubohci.sys -- (ubohci)
DRV - [2005/07/27 17:25:28 | 000,036,352 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\UBUMAPI.sys -- (ubumapi)
DRV - [2005/07/27 17:25:28 | 000,014,080 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\UBSBM.sys -- (ubsbm)
DRV - [2003/12/19 21:15:50 | 000,015,263 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/09 14:12:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/09 14:12:23 | 000,000,000 | ---D | M]

[2009/11/25 06:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Application Data\Mozilla\Extensions
[2009/11/25 06:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Application Data\Mozilla\Extensions\celtx@celtx.com
[2010/09/13 23:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Application Data\Mozilla\Firefox\Profiles\o6ttki7f.default\ext ensions
[2010/06/03 01:28:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rodrigo\Application Data\Mozilla\Firefox\Profiles\o6ttki7f.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/03 01:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Application Data\Mozilla\Firefox\Profiles\o6ttki7f.default\ext ensions\personas@christopher.beard
[2010/09/13 23:43:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/09/21 16:25:40 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll

O1 HOSTS File: ([2010/09/10 20:33:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: MaxRecentDocs = 18
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: verbosestatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pearsoned.com/Pegasus...es/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Rodrigo\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rodrigo\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/25 21:07:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/10 20:22:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/10 20:22:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/10 20:22:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/10 20:22:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/10 20:22:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/10 13:03:51 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rodrigo\Desktop\OTL.exe
[2010/09/03 14:15:16 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/09/03 13:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Local Settings\Application Data\Sunbelt Software
[2010/09/03 13:50:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/08/02 21:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/02 21:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/02 11:36:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/02 11:33:15 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/07/17 22:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\My Documents\New Folder
[2010/06/22 14:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Local Settings\Application Data\PCHealth
[2010/06/22 13:52:48 | 000,000,000 | ---D | C] -- C:\1d9bdd49b3ab601db2d44af63a9e
[2010/06/18 22:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Application Data\Google

========== Files - Modified Within 90 Days ==========

[2010/09/14 21:55:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E01CF51F-E590-4F71-9873-26E382FC3185}.job
[2010/09/14 18:12:59 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8B101C39-28AA-4D42-A2A7-ECD583DFC838}.job
[2010/09/14 00:13:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/13 18:41:14 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/13 16:27:26 | 000,272,623 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/09/13 16:27:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/13 16:27:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/13 16:27:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/13 16:27:18 | 3488,862,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/13 12:00:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/13 11:55:25 | 003,843,568 | R--- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\ComboFix.exe
[2010/09/12 16:15:42 | 000,175,104 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/12 16:12:17 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\HiJackThis.lnk
[2010/09/11 03:06:21 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Rodrigo\NTUSER.DAT
[2010/09/11 03:05:54 | 003,778,218 | -H-- | M] () -- C:\Documents and Settings\Rodrigo\Local Settings\Application Data\IconCache.db
[2010/09/10 20:33:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/10 17:40:09 | 000,073,901 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\wtf is going on.jpg
[2010/09/10 17:32:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Rodrigo\ntuser.ini
[2010/09/10 13:04:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rodrigo\Desktop\OTL.exe
[2010/09/10 13:02:49 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\MBRCheck.exe
[2010/09/05 18:27:45 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\Resume.doc
[2010/09/04 21:09:25 | 000,181,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/04 20:20:04 | 000,501,780 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/04 20:20:04 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/04 20:20:04 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/03 13:50:33 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/03 13:50:33 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/08/12 08:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/08/12 08:15:20 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/04 20:16:25 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/04 20:16:25 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/28 20:29:28 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\Microsoft Calculator Plus.lnk
[2010/07/27 21:02:29 | 000,023,871 | ---- | M] () -- C:\Documents and Settings\Rodrigo\My Documents\reaction paper.odt
[2010/07/22 00:23:55 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/07/14 14:26:50 | 001,028,608 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\w9form.doc
[2010/07/12 13

56 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Rodrigo\My Documents\amef.doc
[2010/07/12 13

03 | 000,284,442 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\AMEF.jpg
[2010/06/20 19:41:36 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Desktop\Resume no references.doc

========== Files Created - No Company Name ==========

[2010/09/10 20:25:18 | 000,101,280 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/10 20:22:22 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/10 20:22:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/10 20:22:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/10 20:22:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/10 20:22:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/10 19:50:27 | 003,843,568 | R--- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\ComboFix.exe
[2010/09/10 17:40:09 | 000,073,901 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\wtf is going on.jpg
[2010/09/10 17:33:32 | 3488,862,208 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/10 13:02:48 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\MBRCheck.exe
[2010/09/05 18:27:43 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\Resume.doc
[2010/09/03 13:50:33 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/03 13:50:33 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/07/27 21:02:28 | 000,023,871 | ---- | C] () -- C:\Documents and Settings\Rodrigo\My Documents\reaction paper.odt
[2010/07/22 00:23:55 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/07/14 14:26:47 | 001,028,608 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\w9form.doc
[2010/07/12 13

53 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Rodrigo\My Documents\amef.doc
[2010/07/12 13

03 | 000,284,442 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\AMEF.jpg
[2010/06/20 19:41:23 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Rodrigo\Desktop\Resume no references.doc
[2010/01/14 19:08:43 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/09/29 11:34:24 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/09/29 11:34:21 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/08/03 01