Solved Followed 8 Steps, still getting malware

Status
Not open for further replies.

allclearhere

Posts: 19   +0
Hi guys. I had a bit of a snowballing virus problem this week. So I tried the 8 Steps (including the Avira > Malwarebytes > GMER > DDS sequence) but I am still getting malware attacks, particularly while using internet explorer. But I'm not sure what else might be happening while I'm not connected to the internet.

If it means anything, BEFORE I did the 8 Steps I tried to remove the problem(s) using Spybot, AVG, registered version of Malwarebytes (quick then full then flash scan) in that order both in safe and normal mode - it cleaned up a lot of things but whatever it is seems to be coming back.

Then I did the 8 Steps.

After the 8 Steps I did a HijackThis just FYI, not sure if that effects anything.

Anyway here are my log files (MALWAREBYTES, GMER, DDS, ATTACH, HIJACKTHIS). Hopefully, you guys can help me fix this problem as I've had to restore this computer once in the past and I really really would like to not have to do that again. Thanks.


MALWAREBYTES

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5564

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/21/2011 12:08:09 PM
mbam-log-2011-01-21 (12-08-09).txt

Scan type: Quick scan
Objects scanned: 154512
Time elapsed: 6 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-21 12:19:43
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 WDC_WD1600JS-75NCB1 rev.10.02E01
Running: gmqf4psi.exe; Driver: C:\DOCUME~1\AL09C6~1\LOCALS~1\Temp\pwloapod.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- System - GMER 1.0.15 ----

SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xB9E765DC]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xB9E82120]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A64339B
Device \Driver\atapi \Device\Ide\IdePort0 8A5282E8
Device \Driver\atapi \Device\Ide\IdePort0
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A64339B
Device \Driver\atapi \Device\Ide\IdePort1 8A5282E8
Device \Driver\atapi \Device\Ide\IdePort1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-4 8A64339B
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 8A5282E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A64339B
Device \Driver\atapi \Device\Ide\IdePort2 8A5282E8
Device \Driver\atapi \Device\Ide\IdePort2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-c 8A64339B
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 8A5282E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c
Device \FileSystem\Ntfs \Ntfs 8A6DE1F8

AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/McAfee Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

Device \Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskWDC_WD1600JS-75NCB1_____________________10.02E01#5&289960e9&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Modules - GMER 1.0.15 ----

Module _________ B9D03000-B9D1B000 (98304 bytes)

---- EOF - GMER 1.0.15 ----


DDS


DDS (Ver_10-12-12.02) - NTFSx86
Run by A L at 12:22:31.68 on Fri 01/21/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1345 [GMT -8:00]

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
svchost.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\A L\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp:///
uSearch Page = hxxp://www.google.com/hws/sb/dell/en/side.html
uSearch Bar = hxxp://www.google.com/hws/sb/dell/en/side.html
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
mSearchAssistant = hxxp://www.google.com/hws/sb/dell/en/side.html
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {823cf514-7815-4788-9db4-e6c7bdf6f4de} - pabipihe.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: {f1edefe8-2c04-5f83-78a5-7d9bbc727d8e} - c:\windows\ifuhocozisijih.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [CTRegRun] c:\windows\CTRegRun.EXE
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIARwA5AEIANwAtAEIARwA3AFcAQwAtAFAAWABSAEMAUgAtAEoASwBBAEgATAAtAEgARQBNAEIAUgA"&"inst=NwA2AC0ANgA5ADEANgAzADcAOQAzADgALQBEADMAOAAxAEwAKwA1AC0AWABPADMANgArADEALQBQAEwAKwA5AC0ATgAxAEQAKwAxAA"&"prod=54"&"ver=9.0.872
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: kozafohew - {a6d261b7-e2cf-4a87-9de9-5f96df1fe2b2} - c:\windows\system32\bekoduya.dll
SSODL: sevehuyot - {00e0cad2-9479-4ba7-8aaf-bf317c78ab5a} - c:\windows\system32\huzivewe.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: kupuhivus: {00932a9f-83e7-4273-aca6-72e0fe3f9f96} - c:\windows\system32\foweriyo.dll
STS: {f00da279-ae5a-4ba6-8b1e-63f13e65f444} - No File
STS: jugezatag: {a6d261b7-e2cf-4a87-9de9-5f96df1fe2b2} - c:\windows\system32\bekoduya.dll
STS: mujuzedij: {00e0cad2-9479-4ba7-8aaf-bf317c78ab5a} - c:\windows\system32\huzivewe.dll
LSA: Notification Packages = scecli waners.dll lepopoka.dll

============= SERVICES / DRIVERS ===============

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2010-3-13 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2010-3-13 5248]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-1-21 11608]
R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2005-12-21 80640]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-21 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-21 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-21 61960]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-19 363344]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2005-12-21 126976]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2005-12-21 221184]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2005-12-21 122368]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-8-5 91456]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-19 20952]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2005-12-21 114464]
S0 wrkmlkcz;wrkmlkcz;c:\windows\system32\drivers\pmaaegsb.sys [2011-1-20 53888]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\a l\desktop\ts-h492c_ci06.bin --> c:\documents and settings\a l\desktop\TS-H492C_CI06.bin [?]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-12-21 245760]

=============== Created Last 30 ================

2011-01-21 17:36:49 -------- d-----w- c:\docume~1\al09c6~1\applic~1\Avira
2011-01-21 17:27:08 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-21 17:27:05 -------- d-----w- c:\program files\Avira
2011-01-21 17:27:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2011-01-21 08:03:17 -------- d-----w- c:\windows\pss
2011-01-20 19:35:11 53888 ----a-w- c:\windows\system32\drivers\pmaaegsb.sys
2011-01-20 11:37:22 838144 ----a-w- c:\windows\system32\dllcache\chtbrkr.dll
2011-01-20 11:37:22 838144 ----a-w- c:\windows\system32\chtbrkr.dll
2011-01-20 11:37:22 1677824 ----a-w- c:\windows\system32\dllcache\chsbrkr.dll
2011-01-20 11:37:22 1677824 ----a-w- c:\windows\system32\chsbrkr.dll
2011-01-20 11:37:21 98304 ----a-w- c:\windows\system32\msir3jp.dll
2011-01-20 11:37:21 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-01-20 11:37:21 70656 ----a-w- c:\windows\system32\korwbrkr.dll
2011-01-20 11:37:21 70656 ----a-w- c:\windows\system32\dllcache\korwbrkr.dll
2011-01-20 11:37:21 1875968 ----a-w- c:\windows\system32\msir3jp.lex
2011-01-20 11:37:18 10096640 ----a-w- c:\windows\system32\dllcache\hwxcht.dll
2011-01-20 05:33:12 -------- d-----w- c:\docume~1\al09c6~1\applic~1\Malwarebytes
2011-01-20 05:18:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-20 05:18:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-20 05:17:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-20 05:17:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-19 08:10:52 -------- d-----w- c:\program files\AVG
2011-01-19 07:44:51 -------- d-----w- c:\docume~1\al09c6~1\locals~1\applic~1\{70147CF7-4ABF-4319-A34D-19C3ADF04F16}
2011-01-18 04:48:21 -------- d-----w- c:\program files\Windows Media Connect 2
2011-01-18 04:47:42 -------- d-----w- C:\1b83767d15ac5b981e43347c
2011-01-18 04:46:45 -------- d-----w- C:\3f6cdbb3449a1ae57417e5c66f145759
2011-01-18 04:46:36 -------- d-----w- c:\windows\system32\LogFiles
2011-01-18 04:46:11 -------- d-----w- C:\205ebe4aa73d14f925
2011-01-18 03:35:00 237568 ----a-w- c:\windows\system32\lame_enc.dll
2011-01-18 03:34:57 -------- d-----w- c:\program files\FreeCDRipper
2011-01-18 02:28:08 2560 ------w- c:\windows\system32\drivers\cdralw2k.sys
2011-01-18 02:28:08 2432 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2011-01-18 02:28:08 110080 ------w- c:\windows\system32\pxinsi64.exe
2011-01-18 02:28:08 109056 ------w- c:\windows\system32\pxcpyi64.exe
2011-01-02 09:07:27 -------- d-----w- c:\documents and settings\a l\snap
2011-01-02 09:07:27 -------- d-----w- c:\documents and settings\a l\sample
2011-01-02 09:07:27 -------- d-----w- c:\documents and settings\a l\rom
2011-01-02 09:07:27 -------- d-----w- c:\documents and settings\a l\nvram
2011-01-02 09:07:27 -------- d-----w- c:\documents and settings\a l\memcard
2011-01-02 09:07:27 -------- d-----w- c:\documents and settings\a l\inp
2011-01-02 09:07:27 -------- d-----w- c:\documents and settings\a l\image
2011-01-02 09:07:27 -------- d-----w- c:\documents and settings\a l\hi
2011-01-02 09:07:27 -------- d-----w- c:\documents and settings\a l\diff
2011-01-02 09:07:27 -------- d-----w- c:\documents and settings\a l\artwork

==================== Find3M ====================

2011-01-19 08:01:36 0 ----a-w- c:\windows\Odacimaf.bin
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600JS-75NCB1 rev.10.02E01 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-17

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A643555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a6497b0]; MOV EAX, [0x8a64982c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A6C1AB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A5CAD78]
\Driver\atapi[0x8A6C6AB0] -> IRP_MJ_CREATE -> 0x8A643555
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskWDC_WD1600JS-75NCB1_____________________10.02E01#5&289960e9&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A64339B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 12:24:39.15 ===============
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

Attach.txt part of DDS is missing.
Please, post it.

You're running two AV programs, McAfee and Avira.
One of them has to go.
If McAfee (preferably), make sure to use this tool to uninstall it: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml

Now, you're infected with a rootkit...

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Hi Broni, thanks for your reply. Here is the Attach.txt log and also the HijackThis if you need it (I couldn't include them originally because I was over the 50,000 posting limit and my thread wasn't quite cleared yet for me to append the other logs.)

I'll get started right now on your instructions and get back to you. Here you go...



ATTACH


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/13/2009 9:38:25 PM
System Uptime: 1/21/2011 11:52:12 AM (1 hours ago)

Motherboard: Dell Inc. | | 0YC523
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 144 GiB total, 47.946 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP493: 10/19/2010 11:22:09 PM - System Checkpoint
RP494: 10/24/2010 6:24:59 PM - System Checkpoint
RP495: 10/28/2010 1:47:31 AM - Software Distribution Service 3.0
RP496: 10/29/2010 3:00:24 AM - Software Distribution Service 3.0
RP497: 10/31/2010 10:29:56 AM - System Checkpoint
RP498: 11/2/2010 1:22:02 AM - System Checkpoint
RP499: 11/3/2010 2:35:37 AM - System Checkpoint
RP500: 11/4/2010 7:33:23 PM - System Checkpoint
RP501: 11/6/2010 12:22:36 PM - System Checkpoint
RP502: 11/7/2010 8:16:13 PM - System Checkpoint
RP503: 11/9/2010 8:52:24 PM - System Checkpoint
RP504: 11/10/2010 1:27:38 AM - Software Distribution Service 3.0
RP505: 11/11/2010 1:46:04 AM - System Checkpoint
RP506: 11/12/2010 9:23:54 PM - System Checkpoint
RP507: 11/14/2010 11:20:16 PM - System Checkpoint
RP508: 11/18/2010 8:55:39 PM - System Checkpoint
RP509: 11/20/2010 1:52:06 AM - System Checkpoint
RP510: 11/21/2010 2:29:03 AM - System Checkpoint
RP511: 11/22/2010 10:58:43 PM - System Checkpoint
RP512: 11/24/2010 9:17:32 PM - System Checkpoint
RP513: 11/26/2010 12:41:05 AM - System Checkpoint
RP514: 11/27/2010 1:53:23 AM - System Checkpoint
RP515: 11/28/2010 2:07:26 AM - System Checkpoint
RP516: 11/29/2010 3:47:12 AM - System Checkpoint
RP517: 12/1/2010 9:29:45 PM - System Checkpoint
RP518: 12/2/2010 10:22:11 PM - System Checkpoint
RP519: 12/5/2010 10:20:20 PM - System Checkpoint
RP520: 12/7/2010 1:55:18 AM - System Checkpoint
RP521: 12/8/2010 2:31:22 AM - System Checkpoint
RP522: 12/11/2010 9:50:43 PM - System Checkpoint
RP523: 12/13/2010 11:05:28 PM - System Checkpoint
RP524: 12/15/2010 11:27:22 PM - Software Distribution Service 3.0
RP525: 12/17/2010 6:19:50 AM - System Checkpoint
RP526: 12/18/2010 6:58:24 AM - System Checkpoint
RP527: 12/19/2010 7:40:15 AM - System Checkpoint
RP528: 12/22/2010 11:51:06 AM - System Checkpoint
RP529: 12/24/2010 1:50:31 AM - System Checkpoint
RP530: 12/25/2010 2:42:27 AM - System Checkpoint
RP531: 12/27/2010 12:09:04 PM - System Checkpoint
RP532: 12/28/2010 6:49:21 PM - System Checkpoint
RP533: 12/31/2010 1:33:24 AM - System Checkpoint
RP534: 1/2/2011 3:29:20 AM - System Checkpoint
RP535: 1/4/2011 10:47:55 PM - System Checkpoint
RP536: 1/6/2011 3:00:18 AM - Software Distribution Service 3.0
RP537: 1/8/2011 1:17:42 AM - System Checkpoint
RP538: 1/9/2011 2:45:02 PM - System Checkpoint
RP539: 1/11/2011 10:09:36 PM - System Checkpoint
RP540: 1/12/2011 3:00:14 AM - Software Distribution Service 3.0
RP541: 1/13/2011 5:13:54 PM - System Checkpoint
RP542: 1/14/2011 9:13:34 PM - System Checkpoint
RP543: 1/16/2011 12:19:24 PM - System Checkpoint
RP544: 1/17/2011 5:11:40 PM - Installed HP USB Disk Storage Format Tool
RP545: 1/17/2011 6:01:33 PM - Removed HP USB Disk Storage Format Tool
RP546: 1/17/2011 8:40:38 PM - Installed Windows Media Player 10
RP547: 1/17/2011 8:45:11 PM - Software Distribution Service 3.0
RP548: 1/18/2011 1:20:44 AM - Software Distribution Service 3.0
RP549: 1/18/2011 7:28:02 AM - Software Distribution Service 3.0
RP550: 1/19/2011 12:10:47 AM - Installed AVG 9.0
RP551: 1/19/2011 12:15:33 AM - Avg8 Update
RP552: 1/19/2011 12:17:07 AM - Avg8 Update
RP553: 1/19/2011 12:26:12 AM - Avg8 Update
RP554: 1/19/2011 3:09:41 PM - Avg Update
RP555: 1/19/2011 4:11:00 PM - Avg Update
RP556: 1/19/2011 9:36:29 PM - Removed AVG 9.0
RP557: 1/19/2011 9:39:00 PM - Installed AVG 9.0

==== Installed Programs ======================


µTorrent
Adobe Acrobat - Reader 6.0.2 Update
Adobe Audition 3.0
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
America Online (Choose which version to remove)
Andrea VoiceCenter
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
Apple Application Support
Apple Software Update
ASIO4ALL
ATI Control Panel
ATI Display Driver
Avanquest update
Avira AntiVir Personal - Free Antivirus
Corel Photo Album 6
Creative MediaSource
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support 3.1
Dell System Restore
Digital Content Portal
DivX Setup
Download Updater (AOL LLC)
EarthLink setup files
EducateU
ESPNMotion
FastStone Image Viewer 4.0
FL Studio 9
GemMaster Mystic
Get High Speed Internet!
GOM Player
Google AFE
Google Desktop
Google Talk (remove only)
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IL Download Manager
Intel Matrix Storage Manager
Intel(R) 537EP V9x DF PCI Modem
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player
Malwarebytes' Anti-Malware
McAfee Uninstaller
MCU
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft VM for Java
Microsoft Web Publishing Wizard 1.53
Modem Event Monitor
Modem Helper
Modem On Hold
Motorola Driver Installation 4.6.5
Motorola Phone Tools
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
NetZeroInstallers
Otto
PoiZone
PowerDVD 5.5
QuickBooks Simple Start Special Edition
QuickTime
RealPlayer Basic
Rose Online 1.0.254.123
RPG Maker 95+ (Translated by Don Miguel)
Sakura
Sawer
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype Toolbars
Skype™ 4.2
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Spybot - Search & Destroy
Toxic Biohazard
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update Rollup 2 for Windows XP Media Center Edition 2005
USB Driver
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 12
Xvid 1.2.2 final uninstall
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

1/21/2011 9:35:20 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
1/21/2011 9:25:13 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
1/21/2011 9:25:13 AM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\AL09C6~1\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
1/21/2011 9:25:13 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
1/21/2011 7:41:23 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
1/21/2011 7:41:23 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/21/2011 12:16:08 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\spoolsv.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.6024.
1/21/2011 11:46:49 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
1/21/2011 11:46:49 AM, error: Service Control Manager [7034] - The McAfee WSC Integration service terminated unexpectedly. It has done this 1 time(s).
1/21/2011 11:46:49 AM, error: Service Control Manager [7034] - The McAfee Task Scheduler service terminated unexpectedly. It has done this 1 time(s).
1/21/2011 11:46:49 AM, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
1/21/2011 11:46:49 AM, error: Service Control Manager [7031] - The MotoConnect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
1/21/2011 11:46:49 AM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
1/21/2011 11:44:19 AM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
1/21/2011 11:44:18 AM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
1/21/2011 11:44:18 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
1/21/2011 11:44:18 AM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
1/21/2011 11:35:18 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file msmqocm.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
1/21/2011 11:33:55 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqac.sys. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqutil.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqupgrd.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqtrig.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqtgsvc.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqsvc.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqsnap.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqsec.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqrtdep.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqrt.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqqm.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqoa.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqise.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqdscli.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqbkup.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqad.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
1/21/2011 11:10:21 AM, information: Windows File Protection [64005] - The protected system file npwmsdrm.dll was not restored to its original, valid version because the Windows File Protection restoration process was cancelled by user interaction, user name is A L. The file version of the bad file is 1.0.0.1.
1/21/2011 11:10:21 AM, information: Windows File Protection [64005] - The protected system file npdsplay.dll was not restored to its original, valid version because the Windows File Protection restoration process was cancelled by user interaction, user name is A L. The file version of the bad file is 3.0.2.625.
1/20/2011 8:17:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MPFIREWL MRxSmb NetBIOS NetBT RasAcd Rdbss sptd Tcpip WS2IFSL
1/20/2011 8:17:51 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2011 8:17:51 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2011 8:17:51 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2011 8:17:51 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2011 7:31:17 AM, error: Dhcp [1002] - The IP address lease 192.168.100.10 for the Network Card with network address 00252ED37C11 has been denied by the DHCP server 76.85.238.52 (The DHCP Server sent a DHCPNACK message).
1/20/2011 12:19:43 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee.com McShield service to connect.
1/20/2011 12:19:43 PM, error: Service Control Manager [7000] - The McAfee.com McShield service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/20/2011 11:54:04 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
1/20/2011 11:49:32 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/20/2011 11:48:11 PM, error: PlugPlayManager [11] - The device Root\LEGACY_ATWPKT2\0000 disappeared from the system without first being prepared for removal.
1/19/2011 9:33:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iastor
1/19/2011 9:33:26 PM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
1/19/2011 9:14:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm sptd
1/19/2011 9:13:15 PM, error: sptd [4] - Driver detected an internal error in its data structures for .
1/19/2011 8:18:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/19/2011 7:25:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/19/2011 7:25:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/19/2011 3:59:38 PM, error: System Error [1003] - Error code c0000d71, parameter1 00000000, parameter2 00000000, parameter3 00000000, parameter4 00000000.
1/19/2011 3:38:02 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'avgupd.dll.old' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
1/19/2011 3:30:45 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
1/19/2011 3:30:15 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/19/2011 12:33:45 AM, error: Service Control Manager [7034] - The McAfee.com McShield service terminated unexpectedly. It has done this 1 time(s).
1/17/2011 10:14:45 AM, error: System Error [1003] - Error code 100000d1, parameter1 00000006, parameter2 00000002, parameter3 00000000, parameter4 b9bee508.
1/16/2011 8:21:49 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================


HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:43:47 PM, on 1/21/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\A L\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:///
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {823cf514-7815-4788-9db4-e6c7bdf6f4de} - pabipihe.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {f1edefe8-2c04-5f83-78a5-7d9bbc727d8e} - C:\WINDOWS\ifuhocozisijih.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIARwA5AEIANwAtAEIARwA3AFcAQwAtAFAAWABSAEMAUgAtAEoASwBBAEgATAAtAEgARQBNAEIAUgA"&"inst=NwA2AC0ANgA5ADEANgAzADcAOQAzADgALQBEADMAOAAxAEwAKwA1AC0AWABPADMANgArADEALQBQAEwAKwA5AC0ATgAxAEQAKwAxAA"&"prod=54"&"ver=9.0.872
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: kozafohew - {a6d261b7-e2cf-4a87-9de9-5f96df1fe2b2} - c:\windows\system32\bekoduya.dll (file missing)
O21 - SSODL: sevehuyot - {00e0cad2-9479-4ba7-8aaf-bf317c78ab5a} - c:\windows\system32\huzivewe.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: kupuhivus - {00932a9f-83e7-4273-aca6-72e0fe3f9f96} - c:\windows\system32\foweriyo.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {f00da279-ae5a-4ba6-8b1e-63f13e65f444} - (no file)
O22 - SharedTaskScheduler: jugezatag - {a6d261b7-e2cf-4a87-9de9-5f96df1fe2b2} - c:\windows\system32\bekoduya.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {00e0cad2-9479-4ba7-8aaf-bf317c78ab5a} - c:\windows\system32\huzivewe.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12954 bytes
 
Ok...

1) I chose to keep Avira and removed McAfee (since McAfee was the one "protecting" my computer when it got infected) using the MCPR download you provided. This required a reboot to complete.

2) Then I downloaded and ran TDSSKiller. After scanning, it required a reboot. Here is its log file:


TDSSKiller


2011/01/22 01:26:45.0640 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51
2011/01/22 01:26:45.0640 ================================================================================
2011/01/22 01:26:45.0640 SystemInfo:
2011/01/22 01:26:45.0640
2011/01/22 01:26:45.0640 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/22 01:26:45.0640 Product type: Workstation
2011/01/22 01:26:45.0640 ComputerName: D4SMZ191
2011/01/22 01:26:45.0640 UserName: A L
2011/01/22 01:26:45.0640 Windows directory: C:\WINDOWS
2011/01/22 01:26:45.0640 System windows directory: C:\WINDOWS
2011/01/22 01:26:45.0640 Processor architecture: Intel x86
2011/01/22 01:26:45.0640 Number of processors: 2
2011/01/22 01:26:45.0640 Page size: 0x1000
2011/01/22 01:26:45.0640 Boot type: Normal boot
2011/01/22 01:26:45.0640 ================================================================================
2011/01/22 01:26:46.0625 Initialize success
2011/01/22 01:26:54.0359 ================================================================================
2011/01/22 01:26:54.0359 Scan started
2011/01/22 01:26:54.0359 Mode: Manual;
2011/01/22 01:26:54.0359 ================================================================================
2011/01/22 01:26:55.0046 a347bus (1f61cacacb521215f39061789147968c) C:\WINDOWS\system32\DRIVERS\a347bus.sys
2011/01/22 01:26:55.0078 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\system32\Drivers\a347scsi.sys
2011/01/22 01:26:55.0171 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/01/22 01:26:55.0250 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/22 01:26:55.0296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/22 01:26:55.0343 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/01/22 01:26:55.0406 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/22 01:26:55.0484 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/22 01:26:55.0531 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/01/22 01:26:55.0578 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/01/22 01:26:55.0593 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/01/22 01:26:55.0625 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/01/22 01:26:55.0640 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/01/22 01:26:55.0671 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/01/22 01:26:55.0718 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/01/22 01:26:55.0750 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/01/22 01:26:55.0781 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/01/22 01:26:55.0875 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/01/22 01:26:55.0953 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/01/22 01:26:55.0968 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/01/22 01:26:56.0031 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/01/22 01:26:56.0093 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/01/22 01:26:56.0156 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/22 01:26:56.0203 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/22 01:26:56.0203 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\atapi.sys. md5: 9f3a2f5aa6875c72bf062c712cfa2674
2011/01/22 01:26:56.0203 atapi - detected Locked file (1)
2011/01/22 01:26:56.0296 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/01/22 01:26:56.0375 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/22 01:26:56.0421 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/22 01:26:56.0562 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/01/22 01:26:56.0687 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/01/22 01:26:56.0796 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/01/22 01:26:56.0859 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/22 01:26:56.0953 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/01/22 01:26:56.0968 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/22 01:26:57.0015 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/01/22 01:26:57.0062 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/22 01:26:57.0125 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/22 01:26:57.0156 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/22 01:26:57.0265 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/01/22 01:26:57.0359 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/01/22 01:26:57.0437 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2011/01/22 01:26:57.0468 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys
2011/01/22 01:26:57.0531 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/01/22 01:26:57.0546 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/01/22 01:26:57.0593 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/22 01:26:57.0656 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/22 01:26:57.0734 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/22 01:26:57.0765 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/22 01:26:57.0796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/22 01:26:57.0828 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/01/22 01:26:57.0859 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/22 01:26:57.0921 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/01/22 01:26:58.0109 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/01/22 01:26:58.0156 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/01/22 01:26:58.0203 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/01/22 01:26:58.0265 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/22 01:26:58.0312 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/22 01:26:58.0343 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/22 01:26:58.0359 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/22 01:26:58.0406 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/22 01:26:58.0437 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/22 01:26:58.0468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/22 01:26:58.0531 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/22 01:26:58.0609 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/22 01:26:58.0640 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/22 01:26:58.0703 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/01/22 01:26:58.0765 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/22 01:26:58.0812 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/01/22 01:26:58.0859 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/01/22 01:26:58.0890 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/22 01:26:58.0953 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys
2011/01/22 01:26:59.0062 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/22 01:26:59.0140 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/01/22 01:26:59.0218 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/01/22 01:26:59.0390 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/01/22 01:26:59.0437 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/01/22 01:26:59.0468 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/22 01:26:59.0531 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/22 01:26:59.0562 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/22 01:26:59.0609 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/22 01:26:59.0640 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/22 01:26:59.0687 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/22 01:26:59.0750 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/22 01:26:59.0765 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/22 01:26:59.0796 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/22 01:26:59.0843 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/22 01:26:59.0875 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/22 01:26:59.0906 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/22 01:26:59.0968 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/22 01:27:00.0093 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys
2011/01/22 01:27:00.0203 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/01/22 01:27:00.0218 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/22 01:27:00.0250 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/22 01:27:00.0281 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/01/22 01:27:00.0312 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/01/22 01:27:00.0343 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/22 01:27:00.0406 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/22 01:27:00.0437 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/22 01:27:00.0484 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/01/22 01:27:00.0546 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/22 01:27:00.0625 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/22 01:27:00.0734 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/22 01:27:00.0812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/22 01:27:00.0859 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/22 01:27:00.0890 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/22 01:27:00.0921 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/22 01:27:00.0953 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/22 01:27:01.0015 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/22 01:27:01.0062 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/22 01:27:01.0093 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/22 01:27:01.0125 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/22 01:27:01.0187 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/22 01:27:01.0203 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/22 01:27:01.0234 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/22 01:27:01.0328 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/01/22 01:27:01.0343 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/22 01:27:01.0390 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/22 01:27:01.0468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/22 01:27:01.0578 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/01/22 01:27:01.0843 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/22 01:27:01.0953 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/22 01:27:02.0031 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/01/22 01:27:02.0109 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2011/01/22 01:27:02.0140 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/22 01:27:02.0171 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/22 01:27:02.0203 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/22 01:27:02.0250 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/22 01:27:02.0296 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/22 01:27:02.0343 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/22 01:27:02.0437 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/01/22 01:27:02.0468 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/01/22 01:27:02.0546 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/22 01:27:02.0578 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/22 01:27:02.0625 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/22 01:27:02.0640 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/22 01:27:02.0718 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/01/22 01:27:02.0765 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/01/22 01:27:02.0781 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/01/22 01:27:02.0812 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/01/22 01:27:02.0828 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/01/22 01:27:02.0875 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/22 01:27:02.0906 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/22 01:27:02.0937 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/22 01:27:02.0968 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/22 01:27:03.0000 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/22 01:27:03.0062 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/22 01:27:03.0109 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/22 01:27:03.0187 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/22 01:27:03.0234 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/22 01:27:03.0343 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/22 01:27:03.0406 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/22 01:27:03.0453 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/22 01:27:03.0500 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/22 01:27:03.0609 sigfilt (6bd3976b881888ac9a0ed3eb94e7fd38) C:\WINDOWS\system32\drivers\sigfilt.sys
2011/01/22 01:27:03.0859 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/01/22 01:27:03.0953 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/01/22 01:27:04.0015 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/22 01:27:04.0125 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/01/22 01:27:04.0125 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/01/22 01:27:04.0125 sptd - detected Locked file (1)
2011/01/22 01:27:04.0140 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/22 01:27:04.0218 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/22 01:27:04.0281 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/01/22 01:27:04.0343 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/01/22 01:27:04.0359 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/01/22 01:27:04.0390 STHDA (b95480c92c4c9c311be47b8a1ad73770) C:\WINDOWS\system32\drivers\sthda.sys
2011/01/22 01:27:04.0468 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/22 01:27:04.0500 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/22 01:27:04.0578 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/01/22 01:27:04.0609 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/01/22 01:27:04.0625 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/01/22 01:27:04.0640 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/01/22 01:27:04.0687 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/22 01:27:04.0781 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/22 01:27:04.0859 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/22 01:27:04.0875 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/22 01:27:04.0921 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/22 01:27:05.0000 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/01/22 01:27:05.0015 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/01/22 01:27:05.0031 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/01/22 01:27:05.0062 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2011/01/22 01:27:05.0078 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/01/22 01:27:05.0109 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/01/22 01:27:05.0125 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/01/22 01:27:05.0156 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/01/22 01:27:05.0187 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/01/22 01:27:05.0343 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/01/22 01:27:05.0421 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/22 01:27:05.0437 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/01/22 01:27:05.0500 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/22 01:27:05.0625 usbcm (d21cde1c635bcc5053463579eee453cf) C:\WINDOWS\system32\DRIVERS\Sacm2A.sys
2011/01/22 01:27:05.0640 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/22 01:27:05.0671 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/22 01:27:05.0718 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/22 01:27:05.0734 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/22 01:27:05.0765 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/22 01:27:05.0921 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/22 01:27:06.0015 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/01/22 01:27:06.0078 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/01/22 01:27:06.0171 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/22 01:27:06.0218 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/22 01:27:06.0281 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/01/22 01:27:06.0328 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/22 01:27:06.0468 wrkmlkcz (9439d91885cf6c4c9e33ec7f522a2a40) C:\WINDOWS\system32\drivers\pmaaegsb.sys
2011/01/22 01:27:06.0531 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/01/22 01:27:06.0703 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/22 01:27:06.0765 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/22 01:27:06.0859 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/22 01:27:06.0859 ================================================================================
2011/01/22 01:27:06.0859 Scan finished
2011/01/22 01:27:06.0859 ================================================================================
2011/01/22 01:27:06.0875 Detected object count: 3
2011/01/22 01:27:52.0109 Locked file(atapi) - User select action: Skip
2011/01/22 01:27:52.0109 Locked file(sptd) - User select action: Skip
2011/01/22 01:27:52.0156 \HardDisk0 - will be cured after reboot
2011/01/22 01:27:52.0156 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/22 01:28:10.0296 Deinitialize success
 
Good job :)

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Ok...

1) I downloaded and ran MBRCheck

2) Then I downloaded ComboFix from your link, closed all browsers, disabled my AV software (Avira, Malwarebytes), and ran ComboFix.

NOTE: ComboFix did install a Recovery Console update before running the scan. Then after the scan completed, it rebooted automatically. The ComboFix log was created upon restart.

NOTE: I don't know if this is related but while ComboFix was creating the log, I got a Windows error that said "The instruction at "0x006e0075" referenced memory at "0x00000008". The memory could not be "written". Click OK to terminate the program. Clock on CANCEL to debug the program"

I just tried to ignore it (if it interferes and forces me to choose something, I'll just click OK).

Here are the MBRCheck and ComboFix logs:


MBRCheck


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 153):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9EB4000 spnj.sys
0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB9E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB9E74000 a347bus.sys
0xB9E46000 ACPI.sys
0xB9E35000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9E16000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9DF0000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9D1B000 iastor.sys
0xB9D03000
0xBA5AE000 a347scsi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9CE3000 fltmgr.sys
0xB9CD1000 sr.sys
0xB9CBC000 drvmcdb.sys
0xBA0F8000 PxHelp20.sys
0xB9CA5000 KSecDD.sys
0xB9C18000 Ntfs.sys
0xB9BEB000 NDIS.sys
0xBA108000 ohci1394.sys
0xBA118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9BD1000 Mup.sys
0xBA138000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA258000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8D00000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB8CEC000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8CC4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8C97000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA468000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8C73000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA470000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA268000 \SystemRoot\system32\DRIVERS\IntelC53.sys
0xB8C50000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8B29000 \SystemRoot\system32\DRIVERS\IntelC51.sys
0xB8A94000 \SystemRoot\system32\DRIVERS\IntelC52.sys
0xBA478000 \SystemRoot\system32\DRIVERS\mohfilt.sys
0xBA480000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA488000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA278000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA288000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA298000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA688000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9B54000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8A7D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA490000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8A6C000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA498000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xB8A3C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA308000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA340000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5EC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB89DE000 \SystemRoot\system32\DRIVERS\update.sys
0xB8E65000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8E49000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xBA148000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB0969000 \SystemRoot\system32\drivers\sthda.sys
0xB0945000 \SystemRoot\system32\drivers\portcls.sys
0xB957E000 \SystemRoot\system32\drivers\drmk.sys
0xB07FB000 \SystemRoot\system32\drivers\sigfilt.sys
0xB955E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5F2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA348000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA5A0000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA5F4000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xBA5F6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA764000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5F8000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA370000 \SystemRoot\system32\drivers\ssrtln.sys
0xBA378000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA380000 \SystemRoot\System32\drivers\vga.sys
0xBA5FA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5FC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA388000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA390000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9B98000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB0780000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB0727000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB06FF000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB06D9000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB9B80000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB068F000 \SystemRoot\System32\drivers\afd.sys
0xB953E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB952E000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA398000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB950E000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB0664000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB05F4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA158000 \SystemRoot\System32\Drivers\Fips.SYS
0xB9B78000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA168000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB9B74000 \SystemRoot\system32\DRIVERS\Sacm2A.sys
0xB9B6C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB9B68000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB052E000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA608000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xBA1C8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB04EE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA61E000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB07BF000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3B8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6AC000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF049000 \SystemRoot\System32\ati2cqag.dll
0xBF07D000 \SystemRoot\System32\atikvmag.dll
0xBF0B2000 \SystemRoot\System32\ati3duag.dll
0xBF2F4000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAE399000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xAE41E000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xB0574000 \SystemRoot\system32\drivers\drvnddm.sys
0xBA7A5000 \SystemRoot\system32\dla\tfsndres.sys
0xAE383000 \SystemRoot\system32\dla\tfsnifs.sys
0xAE412000 \SystemRoot\system32\dla\tfsnopio.sys
0xBA65C000 \SystemRoot\system32\dla\tfsnpool.sys
0xBA3D0000 \SystemRoot\system32\dla\tfsnboio.sys
0xB0564000 \SystemRoot\system32\dla\tfsncofs.sys
0xBA7A8000 \SystemRoot\system32\dla\tfsndrct.sys
0xAE36A000 \SystemRoot\system32\dla\tfsnudf.sys
0xAE351000 \SystemRoot\system32\dla\tfsnudfa.sys
0xAE34D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAE054000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xADFC7000 \SystemRoot\system32\drivers\wdmaud.sys
0xAE1D9000 \SystemRoot\system32\drivers\sysaudio.sys
0xADF52000 \SystemRoot\system32\drivers\ctusfsyn.sys
0xADF22000 \SystemRoot\system32\DRIVERS\ctoss2k.sys
0xADEFC000 \SystemRoot\system32\DRIVERS\ctsfm2k.sys
0xBA62A000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xADC8A000 \SystemRoot\System32\Drivers\HTTP.sys
0xADC0A000 \SystemRoot\system32\DRIVERS\srv.sys
0xAD2E9000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xACCAA000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 59):
0 System Idle Process
4 System
816 C:\WINDOWS\system32\smss.exe
888 csrss.exe
920 C:\WINDOWS\system32\winlogon.exe
964 C:\WINDOWS\system32\services.exe
976 C:\WINDOWS\system32\lsass.exe
1180 C:\WINDOWS\system32\ati2evxx.exe
1196 C:\WINDOWS\system32\svchost.exe
1252 svchost.exe
1400 C:\WINDOWS\system32\svchost.exe
1528 svchost.exe
1628 svchost.exe
1808 C:\WINDOWS\system32\spoolsv.exe
1876 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1928 svchost.exe
348 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
400 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
408 C:\WINDOWS\explorer.exe
452 C:\WINDOWS\system32\CTSVCCDA.EXE
552 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
624 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
704 C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
712 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
980 svchost.exe
1480 C:\WINDOWS\system32\svchost.exe
1580 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
788 C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
2420 alg.exe
2468 C:\WINDOWS\ehome\ehrecvr.exe
2492 C:\WINDOWS\ehome\ehSched.exe
2696 mcrdsvc.exe
2968 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
3080 C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
3120 C:\WINDOWS\stsystra.exe
3128 C:\Program Files\Real\RealPlayer\realplay.exe
3144 C:\WINDOWS\system32\dllhost.exe
3280 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3368 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
3532 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
3560 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3696 C:\Program Files\Google\Google Talk\googletalk.exe
3708 C:\WINDOWS\ehome\ehtray.exe
3732 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
3740 C:\WINDOWS\system32\dla\tfswctrl.exe
3780 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3868 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
3880 C:\WINDOWS\ehome\ehmsas.exe
3896 C:\WINDOWS\system32\MDM.EXE
3916 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
3940 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3952 C:\WINDOWS\system32\ctfmon.exe
3984 C:\Program Files\Dell Support\DSAgnt.exe
3648 C:\WINDOWS\system32\wuauclt.exe
3012 C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
1772 C:\Program Files\Internet Explorer\iexplore.exe
3768 C:\Program Files\Internet Explorer\iexplore.exe
2028 C:\Program Files\Internet Explorer\iexplore.exe
2688 C:\Documents and Settings\A L\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600JS-75NCB1, Rev: 10.02E01

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: BF118E4CFC2D7C7489A85AC7AD11D2A979F74824


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


ComboFix


ComboFix 11-01-22.01 - A L 01/22/2011 10:49:08.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1509 [GMT -8:00]
Running from: c:\documents and settings\A L\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\A L\Local Settings\Application Data\{70147CF7-4ABF-4319-A34D-19C3ADF04F16}
c:\documents and settings\A L\Local Settings\Application Data\{70147CF7-4ABF-4319-A34D-19C3ADF04F16}\chrome.manifest
c:\documents and settings\A L\Local Settings\Application Data\{70147CF7-4ABF-4319-A34D-19C3ADF04F16}\chrome\content\_cfg.js
c:\documents and settings\A L\Local Settings\Application Data\{70147CF7-4ABF-4319-A34D-19C3ADF04F16}\chrome\content\overlay.xul
c:\documents and settings\A L\Local Settings\Application Data\{70147CF7-4ABF-4319-A34D-19C3ADF04F16}\install.rdf
C:\Install.exe
c:\windows\system32\bszip.dll
c:\windows\system32\Data
c:\windows\system32\drivers\pmaaegsb.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_SSHNAS
-------\Service_6to4
-------\Service_wrkmlkcz


((((((((((((((((((((((((( Files Created from 2010-12-22 to 2011-01-22 )))))))))))))))))))))))))))))))
.

2011-01-22 01:14 . 2011-01-22 01:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2011-01-21 17:36 . 2011-01-21 17:36 -------- d-----w- c:\documents and settings\A L\Application Data\Avira
2011-01-21 17:27 . 2010-12-13 16:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-21 17:27 . 2010-12-13 16:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-01-21 17:27 . 2010-06-17 22:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-01-21 17:27 . 2010-06-17 22:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-01-21 17:27 . 2011-01-21 17:27 -------- d-----w- c:\program files\Avira
2011-01-21 17:27 . 2011-01-21 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-01-20 11:37 . 2004-08-10 11:00 838144 ----a-w- c:\windows\system32\dllcache\chtbrkr.dll
2011-01-20 11:37 . 2004-08-10 11:00 838144 ----a-w- c:\windows\system32\chtbrkr.dll
2011-01-20 11:37 . 2004-08-10 11:00 1677824 ----a-w- c:\windows\system32\dllcache\chsbrkr.dll
2011-01-20 11:37 . 2004-08-10 11:00 1677824 ----a-w- c:\windows\system32\chsbrkr.dll
2011-01-20 11:37 . 2004-08-10 11:00 98304 ----a-w- c:\windows\system32\msir3jp.dll
2011-01-20 11:37 . 2004-08-10 11:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-01-20 11:37 . 2004-08-10 11:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll
2011-01-20 11:37 . 2004-08-10 11:00 70656 ----a-w- c:\windows\system32\dllcache\korwbrkr.dll
2011-01-20 11:37 . 2004-08-10 11:00 1875968 ----a-w- c:\windows\system32\msir3jp.lex
2011-01-20 11:37 . 2004-08-10 11:00 10096640 ----a-w- c:\windows\system32\dllcache\hwxcht.dll
2011-01-20 05:33 . 2011-01-20 05:33 -------- d-----w- c:\documents and settings\A L\Application Data\Malwarebytes
2011-01-20 05:18 . 2011-01-20 05:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-01-20 05:18 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-20 05:18 . 2011-01-20 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-20 05:17 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-20 05:17 . 2011-01-20 05:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-20 05:15 . 2011-01-20 05:15 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-01-20 03:26 . 2011-01-20 03:26 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-01-19 16:19 . 2011-01-19 16:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-01-19 08:10 . 2011-01-19 08:10 -------- d-----w- c:\program files\AVG
2011-01-19 03:40 . 2011-01-19 03:40 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-01-18 07:05 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-01-18 04:48 . 2011-01-18 04:48 -------- d-----w- c:\program files\Windows Media Connect 2
2011-01-18 04:47 . 2011-01-18 04:48 -------- d-----w- C:\1b83767d15ac5b981e43347c
2011-01-18 04:46 . 2011-01-18 04:47 -------- d-----w- C:\3f6cdbb3449a1ae57417e5c66f145759
2011-01-18 04:46 . 2011-01-18 04:47 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-01-18 04:46 . 2011-01-18 04:46 -------- d-----w- c:\windows\system32\LogFiles
2011-01-18 04:46 . 2011-01-18 04:46 -------- d-----w- C:\205ebe4aa73d14f925
2011-01-18 03:35 . 2003-08-07 22:01 237568 ----a-w- c:\windows\system32\lame_enc.dll
2011-01-18 03:34 . 2011-01-21 16:49 -------- d-----w- c:\program files\FreeCDRipper
2011-01-18 02:28 . 2005-11-15 09:00 109056 ------w- c:\windows\system32\pxcpyi64.exe
2011-01-18 02:28 . 2005-11-03 11:00 2560 ------w- c:\windows\system32\drivers\cdralw2k.sys
2011-01-18 02:28 . 2005-11-03 11:00 2432 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2011-01-18 02:28 . 2005-11-03 11:00 110080 ------w- c:\windows\system32\pxinsi64.exe
2011-01-06 08:17 . 2011-01-06 08:17 -------- d-----w- c:\documents and settings\A L\Application Data\GRETECH
2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\snap
2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\sample
2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\rom
2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\nvram
2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\memcard
2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\inp
2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\image
2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\hi
2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\diff
2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\artwork

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2005-08-16 10:40 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2005-08-16 10:18 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2005-08-16 10:18 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2005-08-16 10:18 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2005-08-16 10:18 1853312 ----a-w- c:\windows\system32\win32k.sys
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2005-05-15 332800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-12-22 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"CTRegRun"="c:\windows\CTRegRun.EXE" [1999-10-11 41984]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-12-21 156784]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"=
"c:\\WINDOWS\\system32\\dla\\tfswctrl.exe"=
"c:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"=
"c:\\Program Files\\MUSICMATCH\\Musicmatch Jukebox\\mim.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [3/13/2010 1:46 AM 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [3/13/2010 1:46 AM 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/25/2010 11:34 PM 691696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/21/2011 9:27 AM 135336]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/19/2011 9:18 PM 363344]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [8/5/2010 10:47 PM 91456]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/19/2011 9:17 PM 20952]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\A L\Desktop\TS-H492C_CI06.bin --> c:\documents and settings\A L\Desktop\TS-H492C_CI06.bin [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp:///
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
.
- - - - ORPHANS REMOVED - - - -

BHO-{823cf514-7815-4788-9db4-e6c7bdf6f4de} - pabipihe.dll
BHO-{f1edefe8-2c04-5f83-78a5-7d9bbc727d8e} - c:\windows\ifuhocozisijih.dll
SharedTaskScheduler-{00932a9f-83e7-4273-aca6-72e0fe3f9f96} - c:\windows\system32\foweriyo.dll
SharedTaskScheduler-{f00da279-ae5a-4ba6-8b1e-63f13e65f444} - (no file)
SharedTaskScheduler-{a6d261b7-e2cf-4a87-9de9-5f96df1fe2b2} - c:\windows\system32\bekoduya.dll
SharedTaskScheduler-{00e0cad2-9479-4ba7-8aaf-bf317c78ab5a} - c:\windows\system32\huzivewe.dll
SSODL-kozafohew-{a6d261b7-e2cf-4a87-9de9-5f96df1fe2b2} - c:\windows\system32\bekoduya.dll
SSODL-sevehuyot-{00e0cad2-9479-4ba7-8aaf-bf317c78ab5a} - c:\windows\system32\huzivewe.dll
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-22 11:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vcdrom]
"ImagePath"="\??\c:\documents and settings\A L\Desktop\TS-H492C_CI06.bin"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Ôw*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2708)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Motorola\MotoConnectService\MotoConnect.exe
c:\windows\system32\mdm.exe
.
**************************************************************************
.
Completion time: 2011-01-22 11:11:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-22 19:11

Pre-Run: 51,114,590,208 bytes free
Post-Run: 51,415,265,280 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - E646E80157B13FD87A5D7007C14F3D77
 
Found non-standard or infected MBR.
We need to double check your MBR.

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Ok...

I downloaded Bootkit Remover from your link, extracted it, and ran it. Here is the output from it:


BOOTKIT REMOVER


Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00
Boot sector MD5 is: 75152e63358aab67ac253ae2f28ef97a

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...
 
We need to fix your MBR...

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.

**Important note to Dell users - fixing the MBR may prevent access to the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. If this is Dell computer, let me know before proceeding.
 
My computer is actually a DELL XPS 400.

I didn't see your note (at the bottom of your post) about that earlier so I accidentally went ahead with your instructions but didn't get all the way through...perhaps a good thing. Here's what happened:

1) I downloaded NTBR from your link and opened it.

2) I placed the blank CD and ran BurnItCD.cmd

NOTE: The burn failed at 16x write speed so I had to reburn it on a new CD at 1x.

3) I rebooted the computer, set CD-Rom as the first boot device, and booted the CD.

4) I pressed ENTER, then it went to the warning screen:

naohdfear's Tiny Bootable Repair CD
with MBR and boot.ini tools
WARNING! The tools available on this disc can leave your system unbootable and/or data inaccessible if used improperly. Be sure you know what you're doing or follow instructions exactly as given if being helped. Press any key to continue . . .


...but then it halted at that point and pressing any key didn't continue in any way.

I rebooted and tried the disc in my other CD drive to no avail. I rebooted the computer normally and burned a new CD at 8x speed but it too also halted.

Now, I realize the more important thing was to let you know that I have a DELL. So, maybe it was good that I couldn't go through the process but at least now you know I did run into a problem with the process.

What would you suggest next?
 
We'll leave MBR for now....

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
FCopy::
c:\windows\ServicePackFiles\i386\atapi.sys | c:\windows\system32\drivers\atapi.sys

Folder::
c:\program files\AVG

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Ok...

1) I copied and save the script as CFScript.txt

2) I disabled my AV (Avira, Malwarebytes) and dragged CFScript.txt onto ComboFix

NOTE: When ComboFix started, it asked if I wanted to update it and I picked Yes.

After reboot, here is the ComboFix log:


COMBOFIX


ComboFix 11-01-22.02 - A L 01/22/2011 20:45:23.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1517 [GMT -8:00]
Running from: c:\documents and settings\A L\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\A L\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AVG
c:\program files\AVG\AVG9\force_restart.txt

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2010-12-23 to 2011-01-23 )))))))))))))))))))))))))))))))
.

2011-01-22 01:14 . 2011-01-22 01:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2011-01-21 17:36 . 2011-01-21 17:36 -------- d-----w- c:\documents and settings\A L\Application Data\Avira
2011-01-21 17:27 . 2010-12-13 16:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-21 17:27 . 2010-12-13 16:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-01-21 17:27 . 2010-06-17 22:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-01-21 17:27 . 2010-06-17 22:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-01-21 17:27 . 2011-01-21 17:27 -------- d-----w- c:\program files\Avira
2011-01-21 17:27 . 2011-01-21 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-01-20 11:37 . 2004-08-10 11:00 838144 ----a-w- c:\windows\system32\dllcache\chtbrkr.dll
2011-01-20 11:37 . 2004-08-10 11:00 838144 ----a-w- c:\windows\system32\chtbrkr.dll
2011-01-20 11:37 . 2004-08-10 11:00 1677824 ----a-w- c:\windows\system32\dllcache\chsbrkr.dll
2011-01-20 11:37 . 2004-08-10 11:00 1677824 ----a-w- c:\windows\system32\chsbrkr.dll
2011-01-20 11:37 . 2004-08-10 11:00 98304 ----a-w- c:\windows\system32\msir3jp.dll
2011-01-20 11:37 . 2004-08-10 11:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-01-20 11:37 . 2004-08-10 11:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll
2011-01-20 11:37 . 2004-08-10 11:00 70656 ----a-w- c:\windows\system32\dllcache\korwbrkr.dll
2011-01-20 11:37 . 2004-08-10 11:00 1875968 ----a-w- c:\windows\system32\msir3jp.lex
2011-01-20 11:37 . 2004-08-10 11:00 10096640 ----a-w- c:\windows\system32\dllcache\hwxcht.dll
2011-01-20 05:33 . 2011-01-20 05:33 -------- d-----w- c:\documents and settings\A L\Application Data\Malwarebytes
2011-01-20 05:18 . 2011-01-20 05:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-01-20 05:18 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-20 05:18 . 2011-01-20 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-20 05:17 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-20 05:17 . 2011-01-20 05:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-20 05:15 . 2011-01-20 05:15 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-01-20 03:26 . 2011-01-20 03:26 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-01-19 16:19 . 2011-01-19 16:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-01-19 03:40 . 2011-01-19 03:40 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-01-18 07:05 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-01-18 04:48 . 2011-01-18 04:48 -------- d-----w- c:\program files\Windows Media Connect 2
2011-01-18 04:47 . 2011-01-18 04:48 -------- d-----w- C:\1b83767d15ac5b981e43347c
2011-01-18 04:46 . 2011-01-18 04:47 -------- d-----w- C:\3f6cdbb3449a1ae57417e5c66f145759
2011-01-18 04:46 . 2011-01-18 04:47 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-01-18 04:46 . 2011-01-18 04:46 -------- d-----w- c:\windows\system32\LogFiles
2011-01-18 04:46 . 2011-01-18 04:46 -------- d-----w- C:\205ebe4aa73d14f925
2011-01-18 03:35 . 2003-08-07 22:01 237568 ----a-w- c:\windows\system32\lame_enc.dll
2011-01-18 03:34 . 2011-01-21 16:49 -------- d-----w- c:\program files\FreeCDRipper
2011-01-18 02:28 . 2005-11-15 09:00 109056 ------w- c:\windows\system32\pxcpyi64.exe
2011-01-18 02:28 . 2005-11-03 11:00 2560 ------w- c:\windows\system32\drivers\cdralw2k.sys
2011-01-18 02:28 . 2005-11-03 11:00 2432 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2011-01-18 02:28 . 2005-11-03 11:00 110080 ------w- c:\windows\system32\pxinsi64.exe
2011-01-06 08:17 . 2011-01-06 08:17 -------- d-----w- c:\documents and settings\A L\Application Data\GRETECH
2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\snap
2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\sample
2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\rom
2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\nvram
2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\memcard
2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\inp
2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\image
2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\hi
2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\diff
2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\artwork

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2005-08-16 10:40 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2005-08-16 10:18 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2005-08-16 10:18 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2005-08-16 10:18 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2005-08-16 10:18 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2005-05-15 332800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-12-22 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"CTRegRun"="c:\windows\CTRegRun.EXE" [1999-10-11 41984]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-12-21 156784]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"=
"c:\\WINDOWS\\system32\\dla\\tfswctrl.exe"=
"c:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"=
"c:\\Program Files\\MUSICMATCH\\Musicmatch Jukebox\\mim.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [3/13/2010 1:46 AM 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [3/13/2010 1:46 AM 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/25/2010 11:34 PM 691696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/21/2011 9:27 AM 135336]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/19/2011 9:18 PM 363344]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [8/5/2010 10:47 PM 91456]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/19/2011 9:17 PM 20952]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\A L\Desktop\TS-H492C_CI06.bin --> c:\documents and settings\A L\Desktop\TS-H492C_CI06.bin [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp:///
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-22 20:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vcdrom]
"ImagePath"="\??\c:\documents and settings\A L\Desktop\TS-H492C_CI06.bin"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Ôw*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
Completion time: 2011-01-22 20:55:29
ComboFix-quarantined-files.txt 2011-01-23 04:55
ComboFix2.txt 2011-01-22 19:11

Pre-Run: 51,341,725,696 bytes free
Post-Run: 51,385,217,024 bytes free

- - End Of File - - EBE66F789E2B4B50B596EF3FD05AD352
 
Good job :)

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Hi. My computer seems to be doing much better than before. I can access my USB flash drive again, that's good. Not getting pop-ups. And the computer's attempts to access "malicious websites" seem to be much less frequent now. So I did what you said:

1) I downloaded OTL, closed all windows, and ran it

2) I checked SCAN ALL USERS and pasted your text under CUSTOM SCAN and and ran a QUICK SCAN

Here are the logs for OTL and Extras (I'm splitting OTL in half because it is over the 50,000 post limit):


OTL


OTL Extras logfile created on: 1/22/2011 11:17:14 PM - Run 1
OTL by OldTimer - Version 3.2.20.4 Folder = C:\Documents and Settings\A L\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 47.87 Gb Free Space | 33.17% Space Free | Partition Type: NTFS

Computer Name: D4SMZ191 | User Name: A L | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" = C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe:*:Enabled:MediaDetect -- (Corel, Inc.)
"C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe" = C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe:*:Enabled:mim -- (Musicmatch, Inc.)
 
OTL (cont'd)



========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{07473686-FC3A-4825-9CA9-97D269145F62}" = Motorola Phone Tools
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Google AFE
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel(R) PROSet for Wired Connections
"{53454A1C-26F6-4599-A410-847B6AAD0009}" = Motorola Driver Installation 4.6.5
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AE1F1599-1496-4402-B5E4-B1F68C6854CD}" = Rose Online 1.0.254.123
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8F7C1E5-0150-11D6-A96C-00D05908F85D}" = USB Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =
"{EF2AA69F-67E4-4721-89F9-04F4A177F9C5}" = Motorola Phone Tools
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"DivX Setup.divx.com" = DivX Setup
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESPNMotion" = ESPNMotion
"FastStone Image Viewer" = FastStone Image Viewer 4.0
"FL Studio 9" = FL Studio 9
"GOM Player" = GOM Player
"Google Desktop" = Google Desktop
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MsJavaVM" = Microsoft VM for Java
"PoiZone" = PoiZone
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"RPG Maker 95+ (Translated by Don Miguel)" = RPG Maker 95+ (Translated by Don Miguel)
"Sakura" = Sakura
"Sawer" = Sawer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Toxic Biohazard" = Toxic Biohazard
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WebSTAR DPC2100 Uninstall" = Scientific-Atlanta WebSTAR 2000 series Cable Modem
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/21/2011 9:50:41 PM | Computer Name = D4SMZ191 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 1/21/2011 10:49:01 PM | Computer Name = D4SMZ191 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 1/21/2011 10:49:02 PM | Computer Name = D4SMZ191 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/22/2011 12:00:08 AM | Computer Name = D4SMZ191 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 1/22/2011 12:00:13 AM | Computer Name = D4SMZ191 | Source = Application Error | ID = 1001
Description = Fault bucket 1271752061.

Error - 1/22/2011 4:58:24 AM | Computer Name = D4SMZ191 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 1/22/2011 5:22:02 AM | Computer Name = D4SMZ191 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/22/2011 5:22:06 AM | Computer Name = D4SMZ191 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 1/22/2011 5:22:53 AM | Computer Name = D4SMZ191 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/22/2011 5:22:55 AM | Computer Name = D4SMZ191 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

[ System Events ]
Error - 1/22/2011 8:18:29 PM | Computer Name = D4SMZ191 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 1/22/2011 8:18:39 PM | Computer Name = D4SMZ191 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 1/22/2011 8:18:48 PM | Computer Name = D4SMZ191 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 1/22/2011 8:18:58 PM | Computer Name = D4SMZ191 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 1/22/2011 8:19:08 PM | Computer Name = D4SMZ191 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 1/22/2011 8:19:19 PM | Computer Name = D4SMZ191 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 1/22/2011 8:19:30 PM | Computer Name = D4SMZ191 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 1/22/2011 8:19:45 PM | Computer Name = D4SMZ191 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 1/22/2011 8:19:56 PM | Computer Name = D4SMZ191 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 1/22/2011 8:20:07 PM | Computer Name = D4SMZ191 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.


< End of report >
 
Good news :)

And the computer's attempts to access "malicious websites" seem to be much less frequent now
Does it still happen sometimes? I need more details.

You posted Extras.txt twice.
I still need OTL.txt log.
 
Hi. The "malicious website" thing seems to happen very sporadically (sometimes once, twice, three times within an hour, sometimes zero times during an hour) and it shows up as a balloon pop up from the windows taskbar saying:

"(!) Malwarebytes' Anti-Malware
Successfully blocked access to a potentially malicious website: 125.45.109.166"


I've also gotten one saying website 221.192.199.49. I'm not sure if it's the same numbers every time. And I'm not sure if I'm doing anything to cause them as they seem to pop up randomly.

My apologies for the missing OTL log file (and I still need to split it into 2 posts because of length). Here it is:


OTL


OTL logfile created on: 1/22/2011 11:17:14 PM - Run 1
OTL by OldTimer - Version 3.2.20.4 Folder = C:\Documents and Settings\A L\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 47.87 Gb Free Space | 33.17% Space Free | Partition Type: NTFS

Computer Name: D4SMZ191 | User Name: A L | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/22 23:13:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A L\Desktop\OTL.exe
PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/06/24 13:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 13:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/06/02 16:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/21 20:12:55 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2005/09/19 05:42:06 | 001,159,168 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
PRC - [2005/09/15 07:47:22 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2005/09/08 17:20:46 | 000,464,384 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
PRC - [2005/08/31 09:06:18 | 000,106,496 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
PRC - [2005/06/17 05:56:14 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/06/17 05:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/06/10 08:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/05/15 00:04:12 | 000,332,800 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2005/03/22 22:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/04/07 10:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [1998/05/28 23:00:00 | 000,119,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MDM.EXE


========== Modules (SafeList) ==========

MOD - [2011/01/22 23:13:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A L\Desktop\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/06/24 13:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/12/21 20:07:58 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2005/06/17 05:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)
SRV - [2004/04/07 10:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [1998/06/05 23:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/02/25 23:34:51 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2005/12/21 20:12:58 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/08/04 02:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/17 10:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor)
DRV - [2005/06/06 19:40:48 | 000,180,736 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/05/25 20:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS -- (CTUSFSYN)
DRV - [2005/03/31 21:04:52 | 000,180,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2005/03/25 14:11:00 | 001,350,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sigfilt.sys -- (sigfilt)
DRV - [2005/01/10 22:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2005/01/10 22:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS -- (ossrv)
DRV - [2004/12/05 23:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/05 23:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/05 23:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/05 23:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/05 23:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/05 23:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/05 23:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/05 23:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/05 23:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 01:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 00:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/03 20:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 09:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 09:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/06/16 01:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/06/10 06:42:38 | 000,015,429 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sacm2A.sys -- (usbcm)
DRV - [2004/04/30 09:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus)
DRV - [2004/04/30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi)
DRV - [2004/03/06 02:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 02:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 02:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1609724981-4002481501-578937507-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:///
IE - HKU\S-1-5-21-1609724981-4002481501-578937507-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
IE - HKU\S-1-5-21-1609724981-4002481501-578937507-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/01/22 20:52:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1609724981-4002481501-578937507-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [CTRegRun] C:\WINDOWS\Ctregrun.exe (Creative Technology Ltd )
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKU\S-1-5-21-1609724981-4002481501-578937507-1005..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1609724981-4002481501-578937507-1005..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1609724981-4002481501-578937507-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1609724981-4002481501-578937507-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1609724981-4002481501-578937507-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1609724981-4002481501-578937507-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKU\S-1-5-21-1609724981-4002481501-578937507-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/22 23:13:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\A L\Desktop\OTL.exe
[2011/01/22 21:17:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/22 20:55:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/01/22 20:41:56 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/01/22 16:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\Desktop\NTBR_CD
[2011/01/22 10:46:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/22 10:42:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/22 10:42:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/22 10:42:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/22 10:42:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/22 10:42:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/22 10:41:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/22 10:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\Desktop\software
[2011/01/21 13:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\Desktop\Favorites
[2011/01/21 09:36:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\Application Data\Avira
[2011/01/21 09:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/01/21 09:27:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/01/21 09:27:08 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/01/21 09:27:08 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/01/21 09:27:08 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/01/21 09:27:08 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/01/21 09:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/01/21 09:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/01/21 00:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/01/21 00:03:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/01/20 12:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/01/20 12:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/01/20 11:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/01/19 21:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\Application Data\Malwarebytes
[2011/01/19 21:18:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/19 21:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/19 21:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/19 21:17:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/19 21:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/19 21:13:14 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/01/19 08:19:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/01/18 19:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/01/18 19:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/01/17 23:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\Desktop\Shots
[2011/01/17 20:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/01/17 20:47:42 | 000,000,000 | ---D | C] -- C:\1b83767d15ac5b981e43347c
[2011/01/17 20:46:45 | 000,000,000 | ---D | C] -- C:\3f6cdbb3449a1ae57417e5c66f145759
[2011/01/17 20:46:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/01/17 20:46:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/01/17 20:46:11 | 000,000,000 | ---D | C] -- C:\205ebe4aa73d14f925
[2011/01/17 19:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\FreeCDRipper
[2011/01/17 19:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\My Documents\Alcohol 120%
[2011/01/17 11:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\Desktop\Valentine Cards
[2011/01/09 17:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\Desktop\Dragon Quest - Yuusha Aberu Densetsu
[2011/01/09 17:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\Desktop\Dragon Quest - Dai no Daibouken
[2011/01/06 00:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\Application Data\GRETECH
[2011/01/06 00:11:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GOM Player
[2011/01/02 01:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\snap
[2011/01/02 01:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\sample
[2011/01/02 01:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\rom
[2011/01/02 01:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\nvram
[2011/01/02 01:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\memcard
[2011/01/02 01:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\inp
[2011/01/02 01:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\image
[2011/01/02 01:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\hi
[2011/01/02 01:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\diff
[2011/01/02 01:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\artwork
[2010/05/05 17:48:34 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys
[2010/03/13 01:46:58 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2010/03/13 01:46:58 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
 
OTL (cont'd)


========== Files - Modified Within 30 Days ==========

[2011/01/22 23:13:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A L\Desktop\OTL.exe
[2011/01/22 22:39:33 | 000,004,324 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\Amateur First Timers 380 Live Video Stream.htm
[2011/01/22 20:52:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/22 20:41:09 | 004,159,369 | R--- | M] () -- C:\Documents and Settings\A L\Desktop\ComboFix.exe
[2011/01/22 16:44:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/22 16:44:08 | 2145,554,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/22 15:51:54 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\NTBR_CD.exe
[2011/01/22 10:46:48 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/01/22 01:00:59 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/21 17:44:55 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\A L\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/21 08:42:07 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/01/20 19:24:20 | 000,224,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/19 22:57:07 | 000,019,310 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\The_Town_2010_720p_BRRip_x264_[Team_QrG].6088453.TPB.torrent
[2011/01/19 19:05:01 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Qsetomizihawagur.dat
[2011/01/19 00:01:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Odacimaf.bin
[2011/01/18 20:19:34 | 000,001,394 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\Media Center.lnk
[2011/01/18 16:27:26 | 000,087,040 | ---- | M] () -- C:\Documents and Settings\A L\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/18 07:29:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/17 23:05:57 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\A L\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/01/17 23:05:56 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\Windows Media Player.lnk
[2011/01/17 23:05:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/17 22:28:25 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/01/17 22:28:25 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/01/17 20:47:28 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/01/17 20:46:44 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/01/16 17:54:21 | 000,014,510 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\Whispering Corridors 2 - Memento Mori.torrent
[2011/01/06 12:16:05 | 000,056,635 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\[TNTVillage.org]Yeogo+goedam+-+Whispering+corridors.torrent
[2011/01/06 02:50:34 | 000,018,084 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\WHISPERING_CORRIDORS_Title01_2.avi.5101514.TPB.torrent
[2011/01/05 21:00:41 | 000,012,325 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\The.Girl.Who.Leapt.Through.Time.2006.720p.BluRay.x264-THORA.5730566.TPB.torrent
[2011/01/04 20:42:05 | 000,000,517 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\Google Translate.url
[2011/01/02 01:07:27 | 000,017,499 | ---- | M] () -- C:\Documents and Settings\A L\advmame.rc
[2010/12/29 17:28:12 | 000,404,288 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\12-29-10_1714.jpg
[2010/12/24 22:28:47 | 003,966,125 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\LackeyCCGBetaWin.zip

========== Files Created - No Company Name ==========

[2011/01/22 21:16:08 | 000,004,324 | ---- | C] () -- C:\Documents and Settings\A L\Desktop\Amateur First Timers 380 Live Video Stream.htm
[2011/01/22 15:51:37 | 002,565,432 | ---- | C] () -- C:\Documents and Settings\A L\Desktop\NTBR_CD.exe
[2011/01/22 10:46:48 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/01/22 10:46:46 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/01/22 10:42:19 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/22 10:42:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/22 10:42:19 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/22 10:42:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/22 10:42:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/22 10:39:07 | 004,159,369 | R--- | C] () -- C:\Documents and Settings\A L\Desktop\ComboFix.exe
[2011/01/21 17:34:40 | 2145,554,432 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/21 08:42:06 | 000,002,109 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/01/21 08:42:06 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/01/21 08:42:06 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
[2011/01/20 03:37:22 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2011/01/20 03:37:21 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2011/01/20 03:37:21 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/01/20 03:37:21 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2011/01/20 03:37:16 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2011/01/20 03:37:16 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2011/01/20 03:37:16 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2011/01/20 03:37:16 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2011/01/20 03:37:16 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2011/01/20 03:37:16 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2011/01/20 03:37:16 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2011/01/20 03:37:16 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2011/01/20 03:37:16 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2011/01/20 03:37:16 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2011/01/20 03:37:16 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2011/01/20 03:37:16 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2011/01/20 03:37:16 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2011/01/20 03:37:15 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2011/01/20 03:37:15 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2011/01/19 22:57:07 | 000,019,310 | ---- | C] () -- C:\Documents and Settings\A L\Desktop\The_Town_2010_720p_BRRip_x264_[Team_QrG].6088453.TPB.torrent
[2011/01/18 19:41:09 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/17 23:06:44 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\A L\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2011/01/17 20:46:44 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/01/17 19:35:00 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2011/01/16 17:54:23 | 000,014,510 | ---- | C] () -- C:\Documents and Settings\A L\Desktop\Whispering Corridors 2 - Memento Mori.torrent
[2011/01/06 12:16:05 | 000,056,635 | ---- | C] () -- C:\Documents and Settings\A L\Desktop\[TNTVillage.org]Yeogo+goedam+-+Whispering+corridors.torrent
[2011/01/06 02:50:34 | 000,018,084 | ---- | C] () -- C:\Documents and Settings\A L\Desktop\WHISPERING_CORRIDORS_Title01_2.avi.5101514.TPB.torrent
[2011/01/05 21:00:41 | 000,012,325 | ---- | C] () -- C:\Documents and Settings\A L\Desktop\The.Girl.Who.Leapt.Through.Time.2006.720p.BluRay.x264-THORA.5730566.TPB.torrent
[2011/01/02 01:07:27 | 000,017,499 | ---- | C] () -- C:\Documents and Settings\A L\advmame.rc
[2010/12/29 17:28:12 | 000,404,288 | ---- | C] () -- C:\Documents and Settings\A L\Desktop\12-29-10_1714.jpg
[2010/12/24 22:27:44 | 003,966,125 | ---- | C] () -- C:\Documents and Settings\A L\Desktop\LackeyCCGBetaWin.zip
[2010/08/16 19:13:11 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/16 19:13:11 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/06/27 02:17:22 | 000,357,472 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/05 17:48:34 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2010/04/09 14:30:49 | 000,000,181 | -HS- | C] () -- C:\WINDOWS\System32\dubipoja.dll
[2010/03/14 20:19:17 | 000,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2010/03/14 20:19:06 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/25 23:34:50 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/01/09 14:30:08 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\disovibu.dll
[2010/01/08 02:18:07 | 000,087,040 | ---- | C] () -- C:\Documents and Settings\A L\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/08 22:56:47 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\A L\Application Data\PFP120JPR.{PB
[2009/10/08 22:56:47 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\A L\Application Data\PFP120JCM.{PB
[2005/12/21 20:25:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/21 20:14:25 | 000,004,343 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/21 20:08:23 | 000,005,811 | R--- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2005/12/21 19:46:14 | 000,004,969 | ---- | C] () -- C:\WINDOWS\System32\Sigfilt.ini
[2005/12/21 19:46:14 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/12/21 19:44:52 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 02:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 02:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 12:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 15:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[1998/06/09 23:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/17 23:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/23 23:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI

========== LOP Check ==========

[2010/03/13 00:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A L\Application Data\DAEMON Tools Lite
[2010/02/25 23:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A L\Application Data\DAEMON Tools Pro
[2010/05/15 17:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A L\Application Data\fltk.org
[2010/04/15 06:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A L\Application Data\Leadertech
[2010/04/03 02:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A L\Application Data\Mael
[2011/01/21 00:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A L\Application Data\uTorrent
[2009/09/26 21:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A L\Application Data\Viewpoint
[2010/08/19 19:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/03/13 00:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/02/25 23:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2005/08/16 18:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2005/12/21 20:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/11/22 00:12:18 | 000,000,000 | ---- | M] () -- C:\asoutput.log
[2005/08/16 02:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/01/21 08:42:07 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/01/22 10:46:48 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/01/22 20:55:30 | 000,013,634 | ---- | M] () -- C:\ComboFix.txt
[2005/08/16 02:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/04/03 02:08:37 | 009,970,817 | ---- | M] () -- C:\DEFAULT.TLE
[2005/12/21 19:50:26 | 000,006,827 | RH-- | M] () -- C:\dell.sdr
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/01/22 16:44:08 | 2145,554,432 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/15 13:48:42 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2005/08/16 02:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/08/16 02:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/10 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/02/22 17:21:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/01/22 16:44:07 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2005/12/21 20:13:16 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2011/01/22 01:28:10 | 000,052,080 | ---- | M] () -- C:\TDSSKiller.2.4.14.0_22.01.2011_01.26.45_log.txt
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/08/16 02:42:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/08/16 02:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 02:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 02:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2005/06/09 09:33:42 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\3 Months Free NetZero.exe
[2010/02/22 17:26:46 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/09/13 20:38:44 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\A L\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/08/16 02:50:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\A L\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/01/22 20:41:09 | 004,159,369 | R--- | M] () -- C:\Documents and Settings\A L\Desktop\ComboFix.exe
[2010/09/26 20:44:43 | 007,958,521 | ---- | M] (James Garner ) -- C:\Documents and Settings\A L\Desktop\Install49.exe
[2011/01/22 15:51:54 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\NTBR_CD.exe
[2011/01/22 23:13:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A L\Desktop\OTL.exe
[2007/05/05 14:56:00 | 000,028,672 | ---- | M] (Doug Knox) -- C:\Documents and Settings\A L\Desktop\XP_CD-DVD-Fix.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/10 03:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/09/13 20:38:43 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\A L\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
No captured output from command...

< dir /b "%systemroot%\*.exe" | find /i " " /c >
No captured output from command...

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/10/11 00:02:42 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\A L\Cookies\desktop.ini
[2011/01/22 23:16:20 | 000,671,744 | ---- | M] () -- C:\Documents and Settings\A L\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 16:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/03 23:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/03 23:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 06:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 09:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 16:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/03 23:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/03 23:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/03 23:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/03 23:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/03 23:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Files - Unicode (All) ==========
[2010/07/25 12:22:46 | 000,000,214 | ---- | M] ()(C:\Documents and Settings\A L\Desktop\YouTube - ?THE HIGH LOWS? - ????????????.url) -- C:\Documents and Settings\A L\Desktop\YouTube - ↑THE HIGH LOWS↓ - 夏の朝にキャッチボールを.url
[2010/02/09 07:32:05 | 000,000,214 | ---- | C] ()(C:\Documents and Settings\A L\Desktop\YouTube - ?THE HIGH LOWS? - ????????????.url) -- C:\Documents and Settings\A L\Desktop\YouTube - ↑THE HIGH LOWS↓ - 夏の朝にキャッチボールを.url

< End of report >
 
I just wanted to add that I've had at least 5 of those "malicious website" attempts so far today (2 more from that address 125.45.109.166). Even while I'm not doing anything on the computer (though I am connected to the internet).

Also, under the web address at the bottom of the Malwarebytes' Anti-Malware balloon, it reads:

Type: incoming
 
Those messages may simply mean, that your MBAM is working, but we'll keep checking.

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

========================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
    O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
    O15 - HKU\S-1-5-21-1609724981-4002481501-578937507-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    [2010/04/09 14:30:49 | 000,000,181 | -HS- | C] () -- C:\WINDOWS\System32\dubipoja.dll
    [2010/01/09 14:30:08 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\disovibu.dll
    [2009/09/26 21:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A L\Application Data\Viewpoint
    [2005/12/21 20:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Just a note...I've noticed ever since these problems came up, everytime I try to download something (including these programs), the address bar on internet explorer briefly says "http://redirectingat.com/..." It never used to do that before. Is that something I should be concerned about?

Ok...So...

1) I downloaded Java (it gave me VER 6 UPDATE 23) and installed it (it didn't prompt me for any add-ons/toolbar/software, etc.)

2) I unchecked Java Quick Starter under Control Panel just to be safe and then restarted the computer

3) I downloaded JavaRa, ran it, and picked Remove Older Versions (let me know if you want the JavaRa log)

4) I ran OTL and pasted your text under the Custom Scans/Fixes box

5) I picked RUN FIX

NOTE: midway through the RUN FIX I got an error window saying "Access violation at address 005CC7ED in module 'OTL.exe'. Read of address 00000000."

I clicked OK. It was halted there so I clicked on RUN FIX again and it finished the rest of the list and rebooted with a log.

Do you still want me to continue with the rest of the scans?


OTL RUN FIX


All processes killed
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)> in the current context!
Error: Unable to interpret <O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)> in the current context!
Error: Unable to interpret <O15 - HKU\S-1-5-21-1609724981-4002481501-578937507-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)> in the current context!
Error: Unable to interpret <[2010/04/09 14:30:49 | 000,000,181 | -HS- | C] () -- C:\WINDOWS\System32\dubipoja.dll> in the current context!
Error: Unable to interpret <[2010/01/09 14:30:08 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\disovibu.dll> in the current context!
Error: Unable to interpret <[2009/09/26 21:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A L\Application Data\Viewpoint> in the current context!
Error: Unable to interpret <[2005/12/21 20:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: A L
->Temp folder emptied: 10275018 bytes
->Temporary Internet Files folder emptied: 117311029 bytes
->Java cache emptied: 1900 bytes
->Flash cache emptied: 5411 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 1212550 bytes
->Flash cache emptied: 6048 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 41553 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 123.00 mb


[EMPTYFLASH]

User: A L
->Flash cache emptied: 0 bytes

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.4 log created on 01232011_145735

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
You didn't copy a whole OTL script.
Most likely, you missed a "colon" in front of "OTL" (1st line).
Please, redo.
 
Ok...I tried copying, pasting , and running OTL 2 more times. I keep getting the same error.

Here's what the text looks like when I copy it from your post. Is there something missing:


:OTL
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKU\S-1-5-21-1609724981-4002481501-578937507-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
[2010/04/09 14:30:49 | 000,000,181 | -HS- | C] () -- C:\WINDOWS\System32\dubipoja.dll
[2010/01/09 14:30:08 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\disovibu.dll
[2009/09/26 21:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A L\Application Data\Viewpoint
[2005/12/21 20:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
 
OK, we can leave it for now.
It's a minor issue. Nothing malicious there.

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Ok...

1) I downloaded Security Check and ran it

Here is the log for Checkup.txt:


CHECKUP


Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Microsoft VM for Java
Java(TM) 6 Update 23
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player
Adobe Reader 6.0.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````
 
Status
Not open for further replies.
Back