Followed 8 Steps, still getting malware

Solved
By allclearhere
Jan 21, 2011
Topic Status:
Not open for further replies.
  1. Hi guys. I had a bit of a snowballing virus problem this week. So I tried the 8 Steps (including the Avira > Malwarebytes > GMER > DDS sequence) but I am still getting malware attacks, particularly while using internet explorer. But I'm not sure what else might be happening while I'm not connected to the internet.

    If it means anything, BEFORE I did the 8 Steps I tried to remove the problem(s) using Spybot, AVG, registered version of Malwarebytes (quick then full then flash scan) in that order both in safe and normal mode - it cleaned up a lot of things but whatever it is seems to be coming back.

    Then I did the 8 Steps.

    After the 8 Steps I did a HijackThis just FYI, not sure if that effects anything.

    Anyway here are my log files (MALWAREBYTES, GMER, DDS, ATTACH, HIJACKTHIS). Hopefully, you guys can help me fix this problem as I've had to restore this computer once in the past and I really really would like to not have to do that again. Thanks.


    MALWAREBYTES

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5564

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/21/2011 12:08:09 PM
    mbam-log-2011-01-21 (12-08-09).txt

    Scan type: Quick scan
    Objects scanned: 154512
    Time elapsed: 6 minute(s), 37 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-01-21 12:19:43
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 WDC_WD1600JS-75NCB1 rev.10.02E01
    Running: gmqf4psi.exe; Driver: C:\DOCUME~1\AL09C6~1\LOCALS~1\Temp\pwloapod.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

    ---- System - GMER 1.0.15 ----

    SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xB9E765DC]
    SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xB9E82120]

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A64339B
    Device \Driver\atapi \Device\Ide\IdePort0 8A5282E8
    Device \Driver\atapi \Device\Ide\IdePort0
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A64339B
    Device \Driver\atapi \Device\Ide\IdePort1 8A5282E8
    Device \Driver\atapi \Device\Ide\IdePort1
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-4 8A64339B
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 8A5282E8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A64339B
    Device \Driver\atapi \Device\Ide\IdePort2 8A5282E8
    Device \Driver\atapi \Device\Ide\IdePort2
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-c 8A64339B
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 8A5282E8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c
    Device \FileSystem\Ntfs \Ntfs 8A6DE1F8

    AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/McAfee Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
    AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
    AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
    AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
    AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

    Device \Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskWDC_WD1600JS-75NCB1_____________________10.02E01#5&289960e9&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Modules - GMER 1.0.15 ----

    Module _________ B9D03000-B9D1B000 (98304 bytes)

    ---- EOF - GMER 1.0.15 ----


    DDS


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by A L at 12:22:31.68 on Fri 01/21/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1345 [GMT -8:00]

    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall Plus *Enabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    svchost.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\mdm.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\A L\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp:///
    uSearch Page = hxxp://www.google.com/hws/sb/dell/en/side.html
    uSearch Bar = hxxp://www.google.com/hws/sb/dell/en/side.html
    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
    mSearchAssistant = hxxp://www.google.com/hws/sb/dell/en/side.html
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
    BHO: {823cf514-7815-4788-9db4-e6c7bdf6f4de} - pabipihe.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
    BHO: {f1edefe8-2c04-5f83-78a5-7d9bbc727d8e} - c:\windows\ifuhocozisijih.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SetDefaultMIDI] MIDIDef.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
    mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
    mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
    mRun: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe
    mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
    mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
    mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
    mRun: [CTRegRun] c:\windows\CTRegRun.EXE
    mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIARwA5AEIANwAtAEIARwA3AFcAQwAtAFAAWABSAEMAUgAtAEoASwBBAEgATAAtAEgARQBNAEIAUgA"&"inst=NwA2AC0ANgA5ADEANgAzADcAOQAzADgALQBEADMAOAAxAEwAKwA1AC0AWABPADMANgArADEALQBQAEwAKwA5AC0ATgAxAEQAKwAxAA"&"prod=54"&"ver=9.0.872
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    Trusted Zone: musicmatch.com\online
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SSODL: kozafohew - {a6d261b7-e2cf-4a87-9de9-5f96df1fe2b2} - c:\windows\system32\bekoduya.dll
    SSODL: sevehuyot - {00e0cad2-9479-4ba7-8aaf-bf317c78ab5a} - c:\windows\system32\huzivewe.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    STS: kupuhivus: {00932a9f-83e7-4273-aca6-72e0fe3f9f96} - c:\windows\system32\foweriyo.dll
    STS: {f00da279-ae5a-4ba6-8b1e-63f13e65f444} - No File
    STS: jugezatag: {a6d261b7-e2cf-4a87-9de9-5f96df1fe2b2} - c:\windows\system32\bekoduya.dll
    STS: mujuzedij: {00e0cad2-9479-4ba7-8aaf-bf317c78ab5a} - c:\windows\system32\huzivewe.dll
    LSA: Notification Packages = scecli waners.dll lepopoka.dll

    ============= SERVICES / DRIVERS ===============

    R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2010-3-13 160640]
    R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2010-3-13 5248]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-1-21 11608]
    R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2005-12-21 80640]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-21 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-21 267944]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-21 61960]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-19 363344]
    R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2005-12-21 126976]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2005-12-21 221184]
    R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2005-12-21 122368]
    R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-8-5 91456]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-19 20952]
    R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2005-12-21 114464]
    S0 wrkmlkcz;wrkmlkcz;c:\windows\system32\drivers\pmaaegsb.sys [2011-1-20 53888]
    S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\a l\desktop\ts-h492c_ci06.bin --> c:\documents and settings\a l\desktop\TS-H492C_CI06.bin [?]
    S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-12-21 245760]

    =============== Created Last 30 ================

    2011-01-21 17:36:49 -------- d-----w- c:\docume~1\al09c6~1\applic~1\Avira
    2011-01-21 17:27:08 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-01-21 17:27:05 -------- d-----w- c:\program files\Avira
    2011-01-21 17:27:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2011-01-21 08:03:17 -------- d-----w- c:\windows\pss
    2011-01-20 19:35:11 53888 ----a-w- c:\windows\system32\drivers\pmaaegsb.sys
    2011-01-20 11:37:22 838144 ----a-w- c:\windows\system32\dllcache\chtbrkr.dll
    2011-01-20 11:37:22 838144 ----a-w- c:\windows\system32\chtbrkr.dll
    2011-01-20 11:37:22 1677824 ----a-w- c:\windows\system32\dllcache\chsbrkr.dll
    2011-01-20 11:37:22 1677824 ----a-w- c:\windows\system32\chsbrkr.dll
    2011-01-20 11:37:21 98304 ----a-w- c:\windows\system32\msir3jp.dll
    2011-01-20 11:37:21 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
    2011-01-20 11:37:21 70656 ----a-w- c:\windows\system32\korwbrkr.dll
    2011-01-20 11:37:21 70656 ----a-w- c:\windows\system32\dllcache\korwbrkr.dll
    2011-01-20 11:37:21 1875968 ----a-w- c:\windows\system32\msir3jp.lex
    2011-01-20 11:37:18 10096640 ----a-w- c:\windows\system32\dllcache\hwxcht.dll
    2011-01-20 05:33:12 -------- d-----w- c:\docume~1\al09c6~1\applic~1\Malwarebytes
    2011-01-20 05:18:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-20 05:18:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-01-20 05:17:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-20 05:17:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-19 08:10:52 -------- d-----w- c:\program files\AVG
    2011-01-19 07:44:51 -------- d-----w- c:\docume~1\al09c6~1\locals~1\applic~1\{70147CF7-4ABF-4319-A34D-19C3ADF04F16}
    2011-01-18 04:48:21 -------- d-----w- c:\program files\Windows Media Connect 2
    2011-01-18 04:47:42 -------- d-----w- C:\1b83767d15ac5b981e43347c
    2011-01-18 04:46:45 -------- d-----w- C:\3f6cdbb3449a1ae57417e5c66f145759
    2011-01-18 04:46:36 -------- d-----w- c:\windows\system32\LogFiles
    2011-01-18 04:46:11 -------- d-----w- C:\205ebe4aa73d14f925
    2011-01-18 03:35:00 237568 ----a-w- c:\windows\system32\lame_enc.dll
    2011-01-18 03:34:57 -------- d-----w- c:\program files\FreeCDRipper
    2011-01-18 02:28:08 2560 ------w- c:\windows\system32\drivers\cdralw2k.sys
    2011-01-18 02:28:08 2432 ------w- c:\windows\system32\drivers\cdr4_xp.sys
    2011-01-18 02:28:08 110080 ------w- c:\windows\system32\pxinsi64.exe
    2011-01-18 02:28:08 109056 ------w- c:\windows\system32\pxcpyi64.exe
    2011-01-02 09:07:27 -------- d-----w- c:\documents and settings\a l\snap
    2011-01-02 09:07:27 -------- d-----w- c:\documents and settings\a l\sample
    2011-01-02 09:07:27 -------- d-----w- c:\documents and settings\a l\rom
    2011-01-02 09:07:27 -------- d-----w- c:\documents and settings\a l\nvram
    2011-01-02 09:07:27 -------- d-----w- c:\documents and settings\a l\memcard
    2011-01-02 09:07:27 -------- d-----w- c:\documents and settings\a l\inp
    2011-01-02 09:07:27 -------- d-----w- c:\documents and settings\a l\image
    2011-01-02 09:07:27 -------- d-----w- c:\documents and settings\a l\hi
    2011-01-02 09:07:27 -------- d-----w- c:\documents and settings\a l\diff
    2011-01-02 09:07:27 -------- d-----w- c:\documents and settings\a l\artwork

    ==================== Find3M ====================

    2011-01-19 08:01:36 0 ----a-w- c:\windows\Odacimaf.bin
    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD1600JS-75NCB1 rev.10.02E01 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-17

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A643555]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a6497b0]; MOV EAX, [0x8a64982c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A6C1AB8]
    3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A5CAD78]
    \Driver\atapi[0x8A6C6AB0] -> IRP_MJ_CREATE -> 0x8A643555
    kernel: MBR read successfully
    _asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
    detected disk devices:
    \Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskWDC_WD1600JS-75NCB1_____________________10.02E01#5&289960e9&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x8A64339B
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !

    ============= FINISH: 12:24:39.15 ===============
  2. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    Attach.txt part of DDS is missing.
    Please, post it.

    You're running two AV programs, McAfee and Avira.
    One of them has to go.
    If McAfee (preferably), make sure to use this tool to uninstall it: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml

    Now, you're infected with a rootkit...

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  3. allclearhere

    allclearhere Newcomer, in training Topic Starter Posts: 19

    Hi Broni, thanks for your reply. Here is the Attach.txt log and also the HijackThis if you need it (I couldn't include them originally because I was over the 50,000 posting limit and my thread wasn't quite cleared yet for me to append the other logs.)

    I'll get started right now on your instructions and get back to you. Here you go...



    ATTACH


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/13/2009 9:38:25 PM
    System Uptime: 1/21/2011 11:52:12 AM (1 hours ago)

    Motherboard: Dell Inc. | | 0YC523
    Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Microprocessor | 2992/800mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 144 GiB total, 47.946 GiB free.
    D: is CDROM ()
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP493: 10/19/2010 11:22:09 PM - System Checkpoint
    RP494: 10/24/2010 6:24:59 PM - System Checkpoint
    RP495: 10/28/2010 1:47:31 AM - Software Distribution Service 3.0
    RP496: 10/29/2010 3:00:24 AM - Software Distribution Service 3.0
    RP497: 10/31/2010 10:29:56 AM - System Checkpoint
    RP498: 11/2/2010 1:22:02 AM - System Checkpoint
    RP499: 11/3/2010 2:35:37 AM - System Checkpoint
    RP500: 11/4/2010 7:33:23 PM - System Checkpoint
    RP501: 11/6/2010 12:22:36 PM - System Checkpoint
    RP502: 11/7/2010 8:16:13 PM - System Checkpoint
    RP503: 11/9/2010 8:52:24 PM - System Checkpoint
    RP504: 11/10/2010 1:27:38 AM - Software Distribution Service 3.0
    RP505: 11/11/2010 1:46:04 AM - System Checkpoint
    RP506: 11/12/2010 9:23:54 PM - System Checkpoint
    RP507: 11/14/2010 11:20:16 PM - System Checkpoint
    RP508: 11/18/2010 8:55:39 PM - System Checkpoint
    RP509: 11/20/2010 1:52:06 AM - System Checkpoint
    RP510: 11/21/2010 2:29:03 AM - System Checkpoint
    RP511: 11/22/2010 10:58:43 PM - System Checkpoint
    RP512: 11/24/2010 9:17:32 PM - System Checkpoint
    RP513: 11/26/2010 12:41:05 AM - System Checkpoint
    RP514: 11/27/2010 1:53:23 AM - System Checkpoint
    RP515: 11/28/2010 2:07:26 AM - System Checkpoint
    RP516: 11/29/2010 3:47:12 AM - System Checkpoint
    RP517: 12/1/2010 9:29:45 PM - System Checkpoint
    RP518: 12/2/2010 10:22:11 PM - System Checkpoint
    RP519: 12/5/2010 10:20:20 PM - System Checkpoint
    RP520: 12/7/2010 1:55:18 AM - System Checkpoint
    RP521: 12/8/2010 2:31:22 AM - System Checkpoint
    RP522: 12/11/2010 9:50:43 PM - System Checkpoint
    RP523: 12/13/2010 11:05:28 PM - System Checkpoint
    RP524: 12/15/2010 11:27:22 PM - Software Distribution Service 3.0
    RP525: 12/17/2010 6:19:50 AM - System Checkpoint
    RP526: 12/18/2010 6:58:24 AM - System Checkpoint
    RP527: 12/19/2010 7:40:15 AM - System Checkpoint
    RP528: 12/22/2010 11:51:06 AM - System Checkpoint
    RP529: 12/24/2010 1:50:31 AM - System Checkpoint
    RP530: 12/25/2010 2:42:27 AM - System Checkpoint
    RP531: 12/27/2010 12:09:04 PM - System Checkpoint
    RP532: 12/28/2010 6:49:21 PM - System Checkpoint
    RP533: 12/31/2010 1:33:24 AM - System Checkpoint
    RP534: 1/2/2011 3:29:20 AM - System Checkpoint
    RP535: 1/4/2011 10:47:55 PM - System Checkpoint
    RP536: 1/6/2011 3:00:18 AM - Software Distribution Service 3.0
    RP537: 1/8/2011 1:17:42 AM - System Checkpoint
    RP538: 1/9/2011 2:45:02 PM - System Checkpoint
    RP539: 1/11/2011 10:09:36 PM - System Checkpoint
    RP540: 1/12/2011 3:00:14 AM - Software Distribution Service 3.0
    RP541: 1/13/2011 5:13:54 PM - System Checkpoint
    RP542: 1/14/2011 9:13:34 PM - System Checkpoint
    RP543: 1/16/2011 12:19:24 PM - System Checkpoint
    RP544: 1/17/2011 5:11:40 PM - Installed HP USB Disk Storage Format Tool
    RP545: 1/17/2011 6:01:33 PM - Removed HP USB Disk Storage Format Tool
    RP546: 1/17/2011 8:40:38 PM - Installed Windows Media Player 10
    RP547: 1/17/2011 8:45:11 PM - Software Distribution Service 3.0
    RP548: 1/18/2011 1:20:44 AM - Software Distribution Service 3.0
    RP549: 1/18/2011 7:28:02 AM - Software Distribution Service 3.0
    RP550: 1/19/2011 12:10:47 AM - Installed AVG 9.0
    RP551: 1/19/2011 12:15:33 AM - Avg8 Update
    RP552: 1/19/2011 12:17:07 AM - Avg8 Update
    RP553: 1/19/2011 12:26:12 AM - Avg8 Update
    RP554: 1/19/2011 3:09:41 PM - Avg Update
    RP555: 1/19/2011 4:11:00 PM - Avg Update
    RP556: 1/19/2011 9:36:29 PM - Removed AVG 9.0
    RP557: 1/19/2011 9:39:00 PM - Installed AVG 9.0

    ==== Installed Programs ======================


    µTorrent
    Adobe Acrobat - Reader 6.0.2 Update
    Adobe Audition 3.0
    Adobe Flash Player 10 ActiveX
    Adobe Reader 6.0.1
    America Online (Choose which version to remove)
    Andrea VoiceCenter
    AOL Coach Version 1.0(Build:20040229.1 en)
    AOL Connectivity Services
    AOLIcon
    Apple Application Support
    Apple Software Update
    ASIO4ALL
    ATI Control Panel
    ATI Display Driver
    Avanquest update
    Avira AntiVir Personal - Free Antivirus
    Corel Photo Album 6
    Creative MediaSource
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Game Console
    Dell Support 3.1
    Dell System Restore
    Digital Content Portal
    DivX Setup
    Download Updater (AOL LLC)
    EarthLink setup files
    EducateU
    ESPNMotion
    FastStone Image Viewer 4.0
    FL Studio 9
    GemMaster Mystic
    Get High Speed Internet!
    GOM Player
    Google AFE
    Google Desktop
    Google Talk (remove only)
    Google Toolbar for Internet Explorer
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    IL Download Manager
    Intel Matrix Storage Manager
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet for Wired Connections
    Java 2 Runtime Environment, SE v1.4.2_03
    Learn2 Player (Uninstall Only)
    Macromedia Extension Manager
    Macromedia Flash 8
    Macromedia Flash 8 Video Encoder
    Macromedia Flash Player
    Malwarebytes' Anti-Malware
    McAfee Uninstaller
    MCU
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office XP Professional with FrontPage
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual Studio 6.0 Enterprise Edition
    Microsoft VM for Java
    Microsoft Web Publishing Wizard 1.53
    Modem Event Monitor
    Modem Helper
    Modem On Hold
    Motorola Driver Installation 4.6.5
    Motorola Phone Tools
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Musicmatch for Windows Media Player
    Musicmatch® Jukebox
    NetZeroInstallers
    Otto
    PoiZone
    PowerDVD 5.5
    QuickBooks Simple Start Special Edition
    QuickTime
    RealPlayer Basic
    Rose Online 1.0.254.123
    RPG Maker 95+ (Translated by Don Miguel)
    Sakura
    Sawer
    Scientific-Atlanta WebSTAR 2000 series Cable Modem
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Skype Toolbars
    Skype™ 4.2
    Sonic DLA
    Sonic Encoders
    Sonic MyDVD LE
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Sound Blaster Audigy ADVANCED MB
    Sound Blaster Audigy ADVANCED MB Product Registration
    Spybot - Search & Destroy
    Toxic Biohazard
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    USB Driver
    VC80CRTRedist - 8.0.50727.4053
    Viewpoint Media Player
    WebCyberCoach 3.2 Dell
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    Windows Media Player 11
    Windows XP Media Center Edition 2005 KB908246
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinRAR archiver
    WordPerfect Office 12
    Xvid 1.2.2 final uninstall
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    1/21/2011 9:35:20 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
    1/21/2011 9:25:13 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    1/21/2011 9:25:13 AM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\AL09C6~1\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
    1/21/2011 9:25:13 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    1/21/2011 7:41:23 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    1/21/2011 7:41:23 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/21/2011 12:16:08 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\spoolsv.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.6024.
    1/21/2011 11:46:49 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
    1/21/2011 11:46:49 AM, error: Service Control Manager [7034] - The McAfee WSC Integration service terminated unexpectedly. It has done this 1 time(s).
    1/21/2011 11:46:49 AM, error: Service Control Manager [7034] - The McAfee Task Scheduler service terminated unexpectedly. It has done this 1 time(s).
    1/21/2011 11:46:49 AM, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
    1/21/2011 11:46:49 AM, error: Service Control Manager [7031] - The MotoConnect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
    1/21/2011 11:46:49 AM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
    1/21/2011 11:44:19 AM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    1/21/2011 11:44:18 AM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
    1/21/2011 11:44:18 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
    1/21/2011 11:44:18 AM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
    1/21/2011 11:35:18 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file msmqocm.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
    1/21/2011 11:33:55 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqac.sys. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
    1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqutil.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
    1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqupgrd.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
    1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqtrig.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
    1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqtgsvc.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
    1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqsvc.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
    1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqsnap.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
    1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqsec.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
    1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqrtdep.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
    1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqrt.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
    1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqqm.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
    1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqoa.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
    1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqise.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
    1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqdscli.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
    1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqbkup.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
    1/21/2011 11:30:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqad.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
    1/21/2011 11:10:21 AM, information: Windows File Protection [64005] - The protected system file npwmsdrm.dll was not restored to its original, valid version because the Windows File Protection restoration process was cancelled by user interaction, user name is A L. The file version of the bad file is 1.0.0.1.
    1/21/2011 11:10:21 AM, information: Windows File Protection [64005] - The protected system file npdsplay.dll was not restored to its original, valid version because the Windows File Protection restoration process was cancelled by user interaction, user name is A L. The file version of the bad file is 3.0.2.625.
    1/20/2011 8:17:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MPFIREWL MRxSmb NetBIOS NetBT RasAcd Rdbss sptd Tcpip WS2IFSL
    1/20/2011 8:17:51 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    1/20/2011 8:17:51 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/20/2011 8:17:51 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/20/2011 8:17:51 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    1/20/2011 7:31:17 AM, error: Dhcp [1002] - The IP address lease 192.168.100.10 for the Network Card with network address 00252ED37C11 has been denied by the DHCP server 76.85.238.52 (The DHCP Server sent a DHCPNACK message).
    1/20/2011 12:19:43 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee.com McShield service to connect.
    1/20/2011 12:19:43 PM, error: Service Control Manager [7000] - The McAfee.com McShield service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/20/2011 11:54:04 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
    1/20/2011 11:49:32 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/20/2011 11:48:11 PM, error: PlugPlayManager [11] - The device Root\LEGACY_ATWPKT2\0000 disappeared from the system without first being prepared for removal.
    1/19/2011 9:33:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iastor
    1/19/2011 9:33:26 PM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
    1/19/2011 9:14:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm sptd
    1/19/2011 9:13:15 PM, error: sptd [4] - Driver detected an internal error in its data structures for .
    1/19/2011 8:18:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    1/19/2011 7:25:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    1/19/2011 7:25:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/19/2011 3:59:38 PM, error: System Error [1003] - Error code c0000d71, parameter1 00000000, parameter2 00000000, parameter3 00000000, parameter4 00000000.
    1/19/2011 3:38:02 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'avgupd.dll.old' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    1/19/2011 3:30:45 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    1/19/2011 3:30:15 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    1/19/2011 12:33:45 AM, error: Service Control Manager [7034] - The McAfee.com McShield service terminated unexpectedly. It has done this 1 time(s).
    1/17/2011 10:14:45 AM, error: System Error [1003] - Error code 100000d1, parameter1 00000006, parameter2 00000002, parameter3 00000000, parameter4 b9bee508.
    1/16/2011 8:21:49 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

    ==== End Of File ===========================


    HIJACKTHIS

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:43:47 PM, on 1/21/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\mdm.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Documents and Settings\A L\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:///
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {823cf514-7815-4788-9db4-e6c7bdf6f4de} - pabipihe.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
    O2 - BHO: (no name) - {f1edefe8-2c04-5f83-78a5-7d9bbc727d8e} - C:\WINDOWS\ifuhocozisijih.dll (file missing)
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIARwA5AEIANwAtAEIARwA3AFcAQwAtAFAAWABSAEMAUgAtAEoASwBBAEgATAAtAEgARQBNAEIAUgA"&"inst=NwA2AC0ANgA5ADEANgAzADcAOQAzADgALQBEADMAOAAxAEwAKwA1AC0AWABPADMANgArADEALQBQAEwAKwA5AC0ATgAxAEQAKwAxAA"&"prod=54"&"ver=9.0.872
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: kozafohew - {a6d261b7-e2cf-4a87-9de9-5f96df1fe2b2} - c:\windows\system32\bekoduya.dll (file missing)
    O21 - SSODL: sevehuyot - {00e0cad2-9479-4ba7-8aaf-bf317c78ab5a} - c:\windows\system32\huzivewe.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: kupuhivus - {00932a9f-83e7-4273-aca6-72e0fe3f9f96} - c:\windows\system32\foweriyo.dll (file missing)
    O22 - SharedTaskScheduler: mujuzedij - {f00da279-ae5a-4ba6-8b1e-63f13e65f444} - (no file)
    O22 - SharedTaskScheduler: jugezatag - {a6d261b7-e2cf-4a87-9de9-5f96df1fe2b2} - c:\windows\system32\bekoduya.dll (file missing)
    O22 - SharedTaskScheduler: mujuzedij - {00e0cad2-9479-4ba7-8aaf-bf317c78ab5a} - c:\windows\system32\huzivewe.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 12954 bytes
  4. allclearhere

    allclearhere Newcomer, in training Topic Starter Posts: 19

    Ok...

    1) I chose to keep Avira and removed McAfee (since McAfee was the one "protecting" my computer when it got infected) using the MCPR download you provided. This required a reboot to complete.

    2) Then I downloaded and ran TDSSKiller. After scanning, it required a reboot. Here is its log file:


    TDSSKiller


    2011/01/22 01:26:45.0640 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51
    2011/01/22 01:26:45.0640 ================================================================================
    2011/01/22 01:26:45.0640 SystemInfo:
    2011/01/22 01:26:45.0640
    2011/01/22 01:26:45.0640 OS Version: 5.1.2600 ServicePack: 3.0
    2011/01/22 01:26:45.0640 Product type: Workstation
    2011/01/22 01:26:45.0640 ComputerName: D4SMZ191
    2011/01/22 01:26:45.0640 UserName: A L
    2011/01/22 01:26:45.0640 Windows directory: C:\WINDOWS
    2011/01/22 01:26:45.0640 System windows directory: C:\WINDOWS
    2011/01/22 01:26:45.0640 Processor architecture: Intel x86
    2011/01/22 01:26:45.0640 Number of processors: 2
    2011/01/22 01:26:45.0640 Page size: 0x1000
    2011/01/22 01:26:45.0640 Boot type: Normal boot
    2011/01/22 01:26:45.0640 ================================================================================
    2011/01/22 01:26:46.0625 Initialize success
    2011/01/22 01:26:54.0359 ================================================================================
    2011/01/22 01:26:54.0359 Scan started
    2011/01/22 01:26:54.0359 Mode: Manual;
    2011/01/22 01:26:54.0359 ================================================================================
    2011/01/22 01:26:55.0046 a347bus (1f61cacacb521215f39061789147968c) C:\WINDOWS\system32\DRIVERS\a347bus.sys
    2011/01/22 01:26:55.0078 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\system32\Drivers\a347scsi.sys
    2011/01/22 01:26:55.0171 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2011/01/22 01:26:55.0250 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/01/22 01:26:55.0296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/01/22 01:26:55.0343 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2011/01/22 01:26:55.0406 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/01/22 01:26:55.0484 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/01/22 01:26:55.0531 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/01/22 01:26:55.0578 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2011/01/22 01:26:55.0593 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2011/01/22 01:26:55.0625 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2011/01/22 01:26:55.0640 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2011/01/22 01:26:55.0671 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2011/01/22 01:26:55.0718 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2011/01/22 01:26:55.0750 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2011/01/22 01:26:55.0781 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2011/01/22 01:26:55.0875 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/01/22 01:26:55.0953 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2011/01/22 01:26:55.0968 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2011/01/22 01:26:56.0031 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2011/01/22 01:26:56.0093 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
    2011/01/22 01:26:56.0156 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/01/22 01:26:56.0203 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/01/22 01:26:56.0203 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\atapi.sys. md5: 9f3a2f5aa6875c72bf062c712cfa2674
    2011/01/22 01:26:56.0203 atapi - detected Locked file (1)
    2011/01/22 01:26:56.0296 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2011/01/22 01:26:56.0375 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/01/22 01:26:56.0421 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/01/22 01:26:56.0562 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    2011/01/22 01:26:56.0687 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    2011/01/22 01:26:56.0796 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    2011/01/22 01:26:56.0859 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/01/22 01:26:56.0953 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2011/01/22 01:26:56.0968 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/01/22 01:26:57.0015 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2011/01/22 01:26:57.0062 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/01/22 01:26:57.0125 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/01/22 01:26:57.0156 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/01/22 01:26:57.0265 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2011/01/22 01:26:57.0359 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2011/01/22 01:26:57.0437 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
    2011/01/22 01:26:57.0468 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys
    2011/01/22 01:26:57.0531 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2011/01/22 01:26:57.0546 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2011/01/22 01:26:57.0593 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/01/22 01:26:57.0656 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/01/22 01:26:57.0734 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/01/22 01:26:57.0765 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/01/22 01:26:57.0796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/01/22 01:26:57.0828 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2011/01/22 01:26:57.0859 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/01/22 01:26:57.0921 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
    2011/01/22 01:26:58.0109 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
    2011/01/22 01:26:58.0156 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2011/01/22 01:26:58.0203 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    2011/01/22 01:26:58.0265 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/01/22 01:26:58.0312 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/01/22 01:26:58.0343 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/01/22 01:26:58.0359 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/01/22 01:26:58.0406 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/01/22 01:26:58.0437 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/01/22 01:26:58.0468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/01/22 01:26:58.0531 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/01/22 01:26:58.0609 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/01/22 01:26:58.0640 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/01/22 01:26:58.0703 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2011/01/22 01:26:58.0765 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/01/22 01:26:58.0812 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2011/01/22 01:26:58.0859 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2011/01/22 01:26:58.0890 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/01/22 01:26:58.0953 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys
    2011/01/22 01:26:59.0062 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/01/22 01:26:59.0140 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2011/01/22 01:26:59.0218 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
    2011/01/22 01:26:59.0390 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
    2011/01/22 01:26:59.0437 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
    2011/01/22 01:26:59.0468 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/01/22 01:26:59.0531 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/01/22 01:26:59.0562 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/01/22 01:26:59.0609 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/01/22 01:26:59.0640 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/01/22 01:26:59.0687 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/01/22 01:26:59.0750 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/01/22 01:26:59.0765 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/01/22 01:26:59.0796 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/01/22 01:26:59.0843 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/01/22 01:26:59.0875 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/01/22 01:26:59.0906 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/01/22 01:26:59.0968 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/01/22 01:27:00.0093 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys
    2011/01/22 01:27:00.0203 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    2011/01/22 01:27:00.0218 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/01/22 01:27:00.0250 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/01/22 01:27:00.0281 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2011/01/22 01:27:00.0312 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
    2011/01/22 01:27:00.0343 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/01/22 01:27:00.0406 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/01/22 01:27:00.0437 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/01/22 01:27:00.0484 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2011/01/22 01:27:00.0546 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/01/22 01:27:00.0625 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/01/22 01:27:00.0734 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/01/22 01:27:00.0812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/01/22 01:27:00.0859 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/01/22 01:27:00.0890 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/01/22 01:27:00.0921 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/01/22 01:27:00.0953 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/01/22 01:27:01.0015 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/01/22 01:27:01.0062 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/01/22 01:27:01.0093 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/01/22 01:27:01.0125 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/01/22 01:27:01.0187 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/01/22 01:27:01.0203 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/01/22 01:27:01.0234 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/01/22 01:27:01.0328 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/01/22 01:27:01.0343 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/01/22 01:27:01.0390 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/01/22 01:27:01.0468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/01/22 01:27:01.0578 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/01/22 01:27:01.0843 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/01/22 01:27:01.0953 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/01/22 01:27:02.0031 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/01/22 01:27:02.0109 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
    2011/01/22 01:27:02.0140 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/01/22 01:27:02.0171 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/01/22 01:27:02.0203 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/01/22 01:27:02.0250 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/01/22 01:27:02.0296 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/01/22 01:27:02.0343 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/01/22 01:27:02.0437 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2011/01/22 01:27:02.0468 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2011/01/22 01:27:02.0546 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/01/22 01:27:02.0578 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/01/22 01:27:02.0625 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/01/22 01:27:02.0640 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/01/22 01:27:02.0718 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2011/01/22 01:27:02.0765 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2011/01/22 01:27:02.0781 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2011/01/22 01:27:02.0812 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2011/01/22 01:27:02.0828 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2011/01/22 01:27:02.0875 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/01/22 01:27:02.0906 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/01/22 01:27:02.0937 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/01/22 01:27:02.0968 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/01/22 01:27:03.0000 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/01/22 01:27:03.0062 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/01/22 01:27:03.0109 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/01/22 01:27:03.0187 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/01/22 01:27:03.0234 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/01/22 01:27:03.0343 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/01/22 01:27:03.0406 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/01/22 01:27:03.0453 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/01/22 01:27:03.0500 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/01/22 01:27:03.0609 sigfilt (6bd3976b881888ac9a0ed3eb94e7fd38) C:\WINDOWS\system32\drivers\sigfilt.sys
    2011/01/22 01:27:03.0859 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2011/01/22 01:27:03.0953 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2011/01/22 01:27:04.0015 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/01/22 01:27:04.0125 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
    2011/01/22 01:27:04.0125 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    2011/01/22 01:27:04.0125 sptd - detected Locked file (1)
    2011/01/22 01:27:04.0140 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/01/22 01:27:04.0218 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/01/22 01:27:04.0281 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
    2011/01/22 01:27:04.0343 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    2011/01/22 01:27:04.0359 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
    2011/01/22 01:27:04.0390 STHDA (b95480c92c4c9c311be47b8a1ad73770) C:\WINDOWS\system32\drivers\sthda.sys
    2011/01/22 01:27:04.0468 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/01/22 01:27:04.0500 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/01/22 01:27:04.0578 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2011/01/22 01:27:04.0609 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2011/01/22 01:27:04.0625 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2011/01/22 01:27:04.0640 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2011/01/22 01:27:04.0687 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/01/22 01:27:04.0781 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/01/22 01:27:04.0859 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/01/22 01:27:04.0875 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/01/22 01:27:04.0921 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/01/22 01:27:05.0000 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
    2011/01/22 01:27:05.0015 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
    2011/01/22 01:27:05.0031 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
    2011/01/22 01:27:05.0062 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
    2011/01/22 01:27:05.0078 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
    2011/01/22 01:27:05.0109 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
    2011/01/22 01:27:05.0125 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
    2011/01/22 01:27:05.0156 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
    2011/01/22 01:27:05.0187 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
    2011/01/22 01:27:05.0343 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2011/01/22 01:27:05.0421 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/01/22 01:27:05.0437 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2011/01/22 01:27:05.0500 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/01/22 01:27:05.0625 usbcm (d21cde1c635bcc5053463579eee453cf) C:\WINDOWS\system32\DRIVERS\Sacm2A.sys
    2011/01/22 01:27:05.0640 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/01/22 01:27:05.0671 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/01/22 01:27:05.0718 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/01/22 01:27:05.0734 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/01/22 01:27:05.0765 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/01/22 01:27:05.0921 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/01/22 01:27:06.0015 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2011/01/22 01:27:06.0078 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/01/22 01:27:06.0171 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/01/22 01:27:06.0218 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/01/22 01:27:06.0281 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    2011/01/22 01:27:06.0328 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/01/22 01:27:06.0468 wrkmlkcz (9439d91885cf6c4c9e33ec7f522a2a40) C:\WINDOWS\system32\drivers\pmaaegsb.sys
    2011/01/22 01:27:06.0531 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2011/01/22 01:27:06.0703 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/01/22 01:27:06.0765 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/01/22 01:27:06.0859 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/01/22 01:27:06.0859 ================================================================================
    2011/01/22 01:27:06.0859 Scan finished
    2011/01/22 01:27:06.0859 ================================================================================
    2011/01/22 01:27:06.0875 Detected object count: 3
    2011/01/22 01:27:52.0109 Locked file(atapi) - User select action: Skip
    2011/01/22 01:27:52.0109 Locked file(sptd) - User select action: Skip
    2011/01/22 01:27:52.0156 \HardDisk0 - will be cured after reboot
    2011/01/22 01:27:52.0156 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/01/22 01:28:10.0296 Deinitialize success
  5. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Good job :)

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  6. allclearhere

    allclearhere Newcomer, in training Topic Starter Posts: 19

    Ok...

    1) I downloaded and ran MBRCheck

    2) Then I downloaded ComboFix from your link, closed all browsers, disabled my AV software (Avira, Malwarebytes), and ran ComboFix.

    NOTE: ComboFix did install a Recovery Console update before running the scan. Then after the scan completed, it rebooted automatically. The ComboFix log was created upon restart.

    NOTE: I don't know if this is related but while ComboFix was creating the log, I got a Windows error that said "The instruction at "0x006e0075" referenced memory at "0x00000008". The memory could not be "written". Click OK to terminate the program. Clock on CANCEL to debug the program"

    I just tried to ignore it (if it interferes and forces me to choose something, I'll just click OK).

    Here are the MBRCheck and ComboFix logs:


    MBRCheck


    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000001d

    Kernel Drivers (total 153):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9EB4000 spnj.sys
    0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
    0xB9E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
    0xB9E74000 a347bus.sys
    0xB9E46000 ACPI.sys
    0xB9E35000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA0B8000 MountMgr.sys
    0xB9E16000 ftdisk.sys
    0xBA5AC000 dmload.sys
    0xB9DF0000 dmio.sys
    0xBA330000 PartMgr.sys
    0xBA0C8000 VolSnap.sys
    0xB9D1B000 iastor.sys
    0xB9D03000
    0xBA5AE000 a347scsi.sys
    0xBA0D8000 disk.sys
    0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9CE3000 fltmgr.sys
    0xB9CD1000 sr.sys
    0xB9CBC000 drvmcdb.sys
    0xBA0F8000 PxHelp20.sys
    0xB9CA5000 KSecDD.sys
    0xB9C18000 Ntfs.sys
    0xB9BEB000 NDIS.sys
    0xBA108000 ohci1394.sys
    0xBA118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xB9BD1000 Mup.sys
    0xBA138000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xBA258000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB8D00000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xB8CEC000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB8CC4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB8C97000 \SystemRoot\system32\DRIVERS\e1e5132.sys
    0xBA468000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB8C73000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA470000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xBA268000 \SystemRoot\system32\DRIVERS\IntelC53.sys
    0xB8C50000 \SystemRoot\system32\DRIVERS\ks.sys
    0xB8B29000 \SystemRoot\system32\DRIVERS\IntelC51.sys
    0xB8A94000 \SystemRoot\system32\DRIVERS\IntelC52.sys
    0xBA478000 \SystemRoot\system32\DRIVERS\mohfilt.sys
    0xBA480000 \SystemRoot\System32\Drivers\Modem.SYS
    0xBA488000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xBA278000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA288000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA298000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xBA688000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA2A8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB9B54000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB8A7D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBA2D8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA2E8000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBA490000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB8A6C000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA2F8000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA498000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA4A0000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xBA4A8000 \SystemRoot\system32\DRIVERS\wanatw4.sys
    0xB8A3C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xBA308000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA4B0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA340000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA5EC000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB89DE000 \SystemRoot\system32\DRIVERS\update.sys
    0xB8E65000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB8E49000 \SystemRoot\system32\drivers\MODEMCSA.sys
    0xBA148000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB0969000 \SystemRoot\system32\drivers\sthda.sys
    0xB0945000 \SystemRoot\system32\drivers\portcls.sys
    0xB957E000 \SystemRoot\system32\drivers\drmk.sys
    0xB07FB000 \SystemRoot\system32\drivers\sigfilt.sys
    0xB955E000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA5F2000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xBA348000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xBA5A0000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xBA5F4000 \SystemRoot\system32\drivers\sscdbhk5.sys
    0xBA5F6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA764000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA5F8000 \SystemRoot\System32\Drivers\Beep.SYS
    0xBA370000 \SystemRoot\system32\drivers\ssrtln.sys
    0xBA378000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xBA380000 \SystemRoot\System32\drivers\vga.sys
    0xBA5FA000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA5FC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xBA388000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBA390000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB9B98000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB0780000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB0727000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB06FF000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB06D9000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xB9B80000 \SystemRoot\System32\drivers\ws2ifsl.sys
    0xB068F000 \SystemRoot\System32\drivers\afd.sys
    0xB953E000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xB952E000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xBA398000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0xB950E000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xB0664000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB05F4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xBA158000 \SystemRoot\System32\Drivers\Fips.SYS
    0xB9B78000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xBA168000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xB9B74000 \SystemRoot\system32\DRIVERS\Sacm2A.sys
    0xB9B6C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xB9B68000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xB052E000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0xBA608000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    0xBA1C8000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB04EE000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xBA61E000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB07BF000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBA3B8000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA6AC000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF049000 \SystemRoot\System32\ati2cqag.dll
    0xBF07D000 \SystemRoot\System32\atikvmag.dll
    0xBF0B2000 \SystemRoot\System32\ati3duag.dll
    0xBF2F4000 \SystemRoot\System32\ativvaxx.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xAE399000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0xAE41E000 \??\C:\WINDOWS\system32\drivers\mbam.sys
    0xB0574000 \SystemRoot\system32\drivers\drvnddm.sys
    0xBA7A5000 \SystemRoot\system32\dla\tfsndres.sys
    0xAE383000 \SystemRoot\system32\dla\tfsnifs.sys
    0xAE412000 \SystemRoot\system32\dla\tfsnopio.sys
    0xBA65C000 \SystemRoot\system32\dla\tfsnpool.sys
    0xBA3D0000 \SystemRoot\system32\dla\tfsnboio.sys
    0xB0564000 \SystemRoot\system32\dla\tfsncofs.sys
    0xBA7A8000 \SystemRoot\system32\dla\tfsndrct.sys
    0xAE36A000 \SystemRoot\system32\dla\tfsnudf.sys
    0xAE351000 \SystemRoot\system32\dla\tfsnudfa.sys
    0xAE34D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xAE054000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xADFC7000 \SystemRoot\system32\drivers\wdmaud.sys
    0xAE1D9000 \SystemRoot\system32\drivers\sysaudio.sys
    0xADF52000 \SystemRoot\system32\drivers\ctusfsyn.sys
    0xADF22000 \SystemRoot\system32\DRIVERS\ctoss2k.sys
    0xADEFC000 \SystemRoot\system32\DRIVERS\ctsfm2k.sys
    0xBA62A000 \SystemRoot\System32\Drivers\ASCTRM.SYS
    0xADC8A000 \SystemRoot\System32\Drivers\HTTP.sys
    0xADC0A000 \SystemRoot\system32\DRIVERS\srv.sys
    0xAD2E9000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
    0xACCAA000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 59):
    0 System Idle Process
    4 System
    816 C:\WINDOWS\system32\smss.exe
    888 csrss.exe
    920 C:\WINDOWS\system32\winlogon.exe
    964 C:\WINDOWS\system32\services.exe
    976 C:\WINDOWS\system32\lsass.exe
    1180 C:\WINDOWS\system32\ati2evxx.exe
    1196 C:\WINDOWS\system32\svchost.exe
    1252 svchost.exe
    1400 C:\WINDOWS\system32\svchost.exe
    1528 svchost.exe
    1628 svchost.exe
    1808 C:\WINDOWS\system32\spoolsv.exe
    1876 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1928 svchost.exe
    348 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    400 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    408 C:\WINDOWS\explorer.exe
    452 C:\WINDOWS\system32\CTSVCCDA.EXE
    552 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    624 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    704 C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    712 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    980 svchost.exe
    1480 C:\WINDOWS\system32\svchost.exe
    1580 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    788 C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    2420 alg.exe
    2468 C:\WINDOWS\ehome\ehrecvr.exe
    2492 C:\WINDOWS\ehome\ehSched.exe
    2696 mcrdsvc.exe
    2968 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    3080 C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
    3120 C:\WINDOWS\stsystra.exe
    3128 C:\Program Files\Real\RealPlayer\realplay.exe
    3144 C:\WINDOWS\system32\dllhost.exe
    3280 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    3368 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    3532 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    3560 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    3696 C:\Program Files\Google\Google Talk\googletalk.exe
    3708 C:\WINDOWS\ehome\ehtray.exe
    3732 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    3740 C:\WINDOWS\system32\dla\tfswctrl.exe
    3780 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    3868 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    3880 C:\WINDOWS\ehome\ehmsas.exe
    3896 C:\WINDOWS\system32\MDM.EXE
    3916 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    3940 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3952 C:\WINDOWS\system32\ctfmon.exe
    3984 C:\Program Files\Dell Support\DSAgnt.exe
    3648 C:\WINDOWS\system32\wuauclt.exe
    3012 C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    1772 C:\Program Files\Internet Explorer\iexplore.exe
    3768 C:\Program Files\Internet Explorer\iexplore.exe
    2028 C:\Program Files\Internet Explorer\iexplore.exe
    2688 C:\Documents and Settings\A L\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD1600JS-75NCB1, Rev: 10.02E01

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: BF118E4CFC2D7C7489A85AC7AD11D2A979F74824


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!


    ComboFix


    ComboFix 11-01-22.01 - A L 01/22/2011 10:49:08.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1509 [GMT -8:00]
    Running from: c:\documents and settings\A L\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\A L\Local Settings\Application Data\{70147CF7-4ABF-4319-A34D-19C3ADF04F16}
    c:\documents and settings\A L\Local Settings\Application Data\{70147CF7-4ABF-4319-A34D-19C3ADF04F16}\chrome.manifest
    c:\documents and settings\A L\Local Settings\Application Data\{70147CF7-4ABF-4319-A34D-19C3ADF04F16}\chrome\content\_cfg.js
    c:\documents and settings\A L\Local Settings\Application Data\{70147CF7-4ABF-4319-A34D-19C3ADF04F16}\chrome\content\overlay.xul
    c:\documents and settings\A L\Local Settings\Application Data\{70147CF7-4ABF-4319-A34D-19C3ADF04F16}\install.rdf
    C:\Install.exe
    c:\windows\system32\bszip.dll
    c:\windows\system32\Data
    c:\windows\system32\drivers\pmaaegsb.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_6TO4
    -------\Legacy_SSHNAS
    -------\Service_6to4
    -------\Service_wrkmlkcz


    ((((((((((((((((((((((((( Files Created from 2010-12-22 to 2011-01-22 )))))))))))))))))))))))))))))))
    .

    2011-01-22 01:14 . 2011-01-22 01:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
    2011-01-21 17:36 . 2011-01-21 17:36 -------- d-----w- c:\documents and settings\A L\Application Data\Avira
    2011-01-21 17:27 . 2010-12-13 16:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-01-21 17:27 . 2010-12-13 16:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-01-21 17:27 . 2010-06-17 22:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-01-21 17:27 . 2010-06-17 22:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-01-21 17:27 . 2011-01-21 17:27 -------- d-----w- c:\program files\Avira
    2011-01-21 17:27 . 2011-01-21 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-01-20 11:37 . 2004-08-10 11:00 838144 ----a-w- c:\windows\system32\dllcache\chtbrkr.dll
    2011-01-20 11:37 . 2004-08-10 11:00 838144 ----a-w- c:\windows\system32\chtbrkr.dll
    2011-01-20 11:37 . 2004-08-10 11:00 1677824 ----a-w- c:\windows\system32\dllcache\chsbrkr.dll
    2011-01-20 11:37 . 2004-08-10 11:00 1677824 ----a-w- c:\windows\system32\chsbrkr.dll
    2011-01-20 11:37 . 2004-08-10 11:00 98304 ----a-w- c:\windows\system32\msir3jp.dll
    2011-01-20 11:37 . 2004-08-10 11:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
    2011-01-20 11:37 . 2004-08-10 11:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll
    2011-01-20 11:37 . 2004-08-10 11:00 70656 ----a-w- c:\windows\system32\dllcache\korwbrkr.dll
    2011-01-20 11:37 . 2004-08-10 11:00 1875968 ----a-w- c:\windows\system32\msir3jp.lex
    2011-01-20 11:37 . 2004-08-10 11:00 10096640 ----a-w- c:\windows\system32\dllcache\hwxcht.dll
    2011-01-20 05:33 . 2011-01-20 05:33 -------- d-----w- c:\documents and settings\A L\Application Data\Malwarebytes
    2011-01-20 05:18 . 2011-01-20 05:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2011-01-20 05:18 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-20 05:18 . 2011-01-20 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-01-20 05:17 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-20 05:17 . 2011-01-20 05:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-20 05:15 . 2011-01-20 05:15 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2011-01-20 03:26 . 2011-01-20 03:26 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2011-01-19 16:19 . 2011-01-19 16:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2011-01-19 08:10 . 2011-01-19 08:10 -------- d-----w- c:\program files\AVG
    2011-01-19 03:40 . 2011-01-19 03:40 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2011-01-18 07:05 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
    2011-01-18 04:48 . 2011-01-18 04:48 -------- d-----w- c:\program files\Windows Media Connect 2
    2011-01-18 04:47 . 2011-01-18 04:48 -------- d-----w- C:\1b83767d15ac5b981e43347c
    2011-01-18 04:46 . 2011-01-18 04:47 -------- d-----w- C:\3f6cdbb3449a1ae57417e5c66f145759
    2011-01-18 04:46 . 2011-01-18 04:47 -------- d-----w- c:\windows\system32\drivers\UMDF
    2011-01-18 04:46 . 2011-01-18 04:46 -------- d-----w- c:\windows\system32\LogFiles
    2011-01-18 04:46 . 2011-01-18 04:46 -------- d-----w- C:\205ebe4aa73d14f925
    2011-01-18 03:35 . 2003-08-07 22:01 237568 ----a-w- c:\windows\system32\lame_enc.dll
    2011-01-18 03:34 . 2011-01-21 16:49 -------- d-----w- c:\program files\FreeCDRipper
    2011-01-18 02:28 . 2005-11-15 09:00 109056 ------w- c:\windows\system32\pxcpyi64.exe
    2011-01-18 02:28 . 2005-11-03 11:00 2560 ------w- c:\windows\system32\drivers\cdralw2k.sys
    2011-01-18 02:28 . 2005-11-03 11:00 2432 ------w- c:\windows\system32\drivers\cdr4_xp.sys
    2011-01-18 02:28 . 2005-11-03 11:00 110080 ------w- c:\windows\system32\pxinsi64.exe
    2011-01-06 08:17 . 2011-01-06 08:17 -------- d-----w- c:\documents and settings\A L\Application Data\GRETECH
    2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\snap
    2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\sample
    2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\rom
    2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\nvram
    2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\memcard
    2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\inp
    2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\image
    2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\hi
    2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\diff
    2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\artwork

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-18 18:12 . 2005-08-16 10:40 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52 . 2005-08-16 10:18 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2005-08-16 10:18 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2005-08-16 10:18 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25 . 2005-08-16 10:18 1853312 ----a-w- c:\windows\system32\win32k.sys
    .

    ------- Sigcheck -------

    [7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
    [-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
    [7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
    [7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
    "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2005-05-15 332800]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]
    "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
    "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-12-22 26112]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
    "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
    "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
    "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
    "CTRegRun"="c:\windows\CTRegRun.EXE" [1999-10-11 41984]
    "Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http:" [X]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-12-21 156784]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"=
    "c:\\WINDOWS\\system32\\dla\\tfswctrl.exe"=
    "c:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"=
    "c:\\Program Files\\MUSICMATCH\\Musicmatch Jukebox\\mim.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [3/13/2010 1:46 AM 160640]
    R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [3/13/2010 1:46 AM 5248]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/25/2010 11:34 PM 691696]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/21/2011 9:27 AM 135336]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/19/2011 9:18 PM 363344]
    R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [8/5/2010 10:47 PM 91456]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/19/2011 9:17 PM 20952]
    S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\A L\Desktop\TS-H492C_CI06.bin --> c:\documents and settings\A L\Desktop\TS-H492C_CI06.bin [?]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp:///
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
    Trusted Zone: musicmatch.com\online
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{823cf514-7815-4788-9db4-e6c7bdf6f4de} - pabipihe.dll
    BHO-{f1edefe8-2c04-5f83-78a5-7d9bbc727d8e} - c:\windows\ifuhocozisijih.dll
    SharedTaskScheduler-{00932a9f-83e7-4273-aca6-72e0fe3f9f96} - c:\windows\system32\foweriyo.dll
    SharedTaskScheduler-{f00da279-ae5a-4ba6-8b1e-63f13e65f444} - (no file)
    SharedTaskScheduler-{a6d261b7-e2cf-4a87-9de9-5f96df1fe2b2} - c:\windows\system32\bekoduya.dll
    SharedTaskScheduler-{00e0cad2-9479-4ba7-8aaf-bf317c78ab5a} - c:\windows\system32\huzivewe.dll
    SSODL-kozafohew-{a6d261b7-e2cf-4a87-9de9-5f96df1fe2b2} - c:\windows\system32\bekoduya.dll
    SSODL-sevehuyot-{00e0cad2-9479-4ba7-8aaf-bf317c78ab5a} - c:\windows\system32\huzivewe.dll
    AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-22 11:05
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vcdrom]
    "ImagePath"="\??\c:\documents and settings\A L\Desktop\TS-H492C_CI06.bin"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @DACL=(02 0010)
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @DACL=(02 0010)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @DACL=(02 0010)
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Ôw*]
    "AB141C35E9F4BF344B9FC010BB17F68A"=""
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(2708)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
    c:\windows\system32\CTsvcCDA.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\windows\system32\dllhost.exe
    c:\windows\stsystra.exe
    c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    c:\windows\eHome\ehmsas.exe
    c:\program files\Motorola\MotoConnectService\MotoConnect.exe
    c:\windows\system32\mdm.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-22 11:11:57 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-22 19:11

    Pre-Run: 51,114,590,208 bytes free
    Post-Run: 51,415,265,280 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    - - End Of File - - E646E80157B13FD87A5D7007C14F3D77
  7. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    We need to double check your MBR.

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  8. allclearhere

    allclearhere Newcomer, in training Topic Starter Posts: 19

    Ok...

    I downloaded Bootkit Remover from your link, extracted it, and ran it. Here is the output from it:


    BOOTKIT REMOVER


    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00
    Boot sector MD5 is: 75152e63358aab67ac253ae2f28ef97a

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
  9. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    We need to fix your MBR...

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.

    **Important note to Dell users - fixing the MBR may prevent access to the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. If this is Dell computer, let me know before proceeding.
  10. allclearhere

    allclearhere Newcomer, in training Topic Starter Posts: 19

    My computer is actually a DELL XPS 400.

    I didn't see your note (at the bottom of your post) about that earlier so I accidentally went ahead with your instructions but didn't get all the way through...perhaps a good thing. Here's what happened:

    1) I downloaded NTBR from your link and opened it.

    2) I placed the blank CD and ran BurnItCD.cmd

    NOTE: The burn failed at 16x write speed so I had to reburn it on a new CD at 1x.

    3) I rebooted the computer, set CD-Rom as the first boot device, and booted the CD.

    4) I pressed ENTER, then it went to the warning screen:

    naohdfear's Tiny Bootable Repair CD
    with MBR and boot.ini tools
    WARNING! The tools available on this disc can leave your system unbootable and/or data inaccessible if used improperly. Be sure you know what you're doing or follow instructions exactly as given if being helped. Press any key to continue . . .


    ...but then it halted at that point and pressing any key didn't continue in any way.

    I rebooted and tried the disc in my other CD drive to no avail. I rebooted the computer normally and burned a new CD at 8x speed but it too also halted.

    Now, I realize the more important thing was to let you know that I have a DELL. So, maybe it was good that I couldn't go through the process but at least now you know I did run into a problem with the process.

    What would you suggest next?
  11. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    We'll leave MBR for now....

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    FCopy::
    c:\windows\ServicePackFiles\i386\atapi.sys | c:\windows\system32\drivers\atapi.sys
    
    Folder::
    c:\program files\AVG
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"=-
    
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  12. allclearhere

    allclearhere Newcomer, in training Topic Starter Posts: 19

    Ok...

    1) I copied and save the script as CFScript.txt

    2) I disabled my AV (Avira, Malwarebytes) and dragged CFScript.txt onto ComboFix

    NOTE: When ComboFix started, it asked if I wanted to update it and I picked Yes.

    After reboot, here is the ComboFix log:


    COMBOFIX


    ComboFix 11-01-22.02 - A L 01/22/2011 20:45:23.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1517 [GMT -8:00]
    Running from: c:\documents and settings\A L\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\A L\Desktop\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\AVG
    c:\program files\AVG\AVG9\force_restart.txt

    .
    --------------- FCopy ---------------

    c:\windows\ServicePackFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
    .
    ((((((((((((((((((((((((( Files Created from 2010-12-23 to 2011-01-23 )))))))))))))))))))))))))))))))
    .

    2011-01-22 01:14 . 2011-01-22 01:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
    2011-01-21 17:36 . 2011-01-21 17:36 -------- d-----w- c:\documents and settings\A L\Application Data\Avira
    2011-01-21 17:27 . 2010-12-13 16:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-01-21 17:27 . 2010-12-13 16:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-01-21 17:27 . 2010-06-17 22:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-01-21 17:27 . 2010-06-17 22:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-01-21 17:27 . 2011-01-21 17:27 -------- d-----w- c:\program files\Avira
    2011-01-21 17:27 . 2011-01-21 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-01-20 11:37 . 2004-08-10 11:00 838144 ----a-w- c:\windows\system32\dllcache\chtbrkr.dll
    2011-01-20 11:37 . 2004-08-10 11:00 838144 ----a-w- c:\windows\system32\chtbrkr.dll
    2011-01-20 11:37 . 2004-08-10 11:00 1677824 ----a-w- c:\windows\system32\dllcache\chsbrkr.dll
    2011-01-20 11:37 . 2004-08-10 11:00 1677824 ----a-w- c:\windows\system32\chsbrkr.dll
    2011-01-20 11:37 . 2004-08-10 11:00 98304 ----a-w- c:\windows\system32\msir3jp.dll
    2011-01-20 11:37 . 2004-08-10 11:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
    2011-01-20 11:37 . 2004-08-10 11:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll
    2011-01-20 11:37 . 2004-08-10 11:00 70656 ----a-w- c:\windows\system32\dllcache\korwbrkr.dll
    2011-01-20 11:37 . 2004-08-10 11:00 1875968 ----a-w- c:\windows\system32\msir3jp.lex
    2011-01-20 11:37 . 2004-08-10 11:00 10096640 ----a-w- c:\windows\system32\dllcache\hwxcht.dll
    2011-01-20 05:33 . 2011-01-20 05:33 -------- d-----w- c:\documents and settings\A L\Application Data\Malwarebytes
    2011-01-20 05:18 . 2011-01-20 05:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2011-01-20 05:18 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-20 05:18 . 2011-01-20 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-01-20 05:17 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-20 05:17 . 2011-01-20 05:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-20 05:15 . 2011-01-20 05:15 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2011-01-20 03:26 . 2011-01-20 03:26 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2011-01-19 16:19 . 2011-01-19 16:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2011-01-19 03:40 . 2011-01-19 03:40 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2011-01-18 07:05 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
    2011-01-18 04:48 . 2011-01-18 04:48 -------- d-----w- c:\program files\Windows Media Connect 2
    2011-01-18 04:47 . 2011-01-18 04:48 -------- d-----w- C:\1b83767d15ac5b981e43347c
    2011-01-18 04:46 . 2011-01-18 04:47 -------- d-----w- C:\3f6cdbb3449a1ae57417e5c66f145759
    2011-01-18 04:46 . 2011-01-18 04:47 -------- d-----w- c:\windows\system32\drivers\UMDF
    2011-01-18 04:46 . 2011-01-18 04:46 -------- d-----w- c:\windows\system32\LogFiles
    2011-01-18 04:46 . 2011-01-18 04:46 -------- d-----w- C:\205ebe4aa73d14f925
    2011-01-18 03:35 . 2003-08-07 22:01 237568 ----a-w- c:\windows\system32\lame_enc.dll
    2011-01-18 03:34 . 2011-01-21 16:49 -------- d-----w- c:\program files\FreeCDRipper
    2011-01-18 02:28 . 2005-11-15 09:00 109056 ------w- c:\windows\system32\pxcpyi64.exe
    2011-01-18 02:28 . 2005-11-03 11:00 2560 ------w- c:\windows\system32\drivers\cdralw2k.sys
    2011-01-18 02:28 . 2005-11-03 11:00 2432 ------w- c:\windows\system32\drivers\cdr4_xp.sys
    2011-01-18 02:28 . 2005-11-03 11:00 110080 ------w- c:\windows\system32\pxinsi64.exe
    2011-01-06 08:17 . 2011-01-06 08:17 -------- d-----w- c:\documents and settings\A L\Application Data\GRETECH
    2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\snap
    2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\sample
    2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\rom
    2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\nvram
    2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\memcard
    2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\inp
    2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\image
    2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\hi
    2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\diff
    2011-01-02 09:07 . 2011-01-02 09:07 -------- d-----w- c:\documents and settings\A L\artwork

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-18 18:12 . 2005-08-16 10:40 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52 . 2005-08-16 10:18 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2005-08-16 10:18 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2005-08-16 10:18 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25 . 2005-08-16 10:18 1853312 ----a-w- c:\windows\system32\win32k.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
    "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2005-05-15 332800]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]
    "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
    "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-12-22 26112]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
    "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
    "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
    "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
    "CTRegRun"="c:\windows\CTRegRun.EXE" [1999-10-11 41984]
    "Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-12-21 156784]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"=
    "c:\\WINDOWS\\system32\\dla\\tfswctrl.exe"=
    "c:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"=
    "c:\\Program Files\\MUSICMATCH\\Musicmatch Jukebox\\mim.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [3/13/2010 1:46 AM 160640]
    R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [3/13/2010 1:46 AM 5248]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/25/2010 11:34 PM 691696]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/21/2011 9:27 AM 135336]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/19/2011 9:18 PM 363344]
    R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [8/5/2010 10:47 PM 91456]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/19/2011 9:17 PM 20952]
    S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\A L\Desktop\TS-H492C_CI06.bin --> c:\documents and settings\A L\Desktop\TS-H492C_CI06.bin [?]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp:///
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
    Trusted Zone: musicmatch.com\online
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-22 20:53
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vcdrom]
    "ImagePath"="\??\c:\documents and settings\A L\Desktop\TS-H492C_CI06.bin"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @DACL=(02 0010)
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @DACL=(02 0010)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @DACL=(02 0010)
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Ôw*]
    "AB141C35E9F4BF344B9FC010BB17F68A"=""
    .
    Completion time: 2011-01-22 20:55:29
    ComboFix-quarantined-files.txt 2011-01-23 04:55
    ComboFix2.txt 2011-01-22 19:11

    Pre-Run: 51,341,725,696 bytes free
    Post-Run: 51,385,217,024 bytes free

    - - End Of File - - EBE66F789E2B4B50B596EF3FD05AD352
  13. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Good job :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  14. allclearhere

    allclearhere Newcomer, in training Topic Starter Posts: 19

    Hi. My computer seems to be doing much better than before. I can access my USB flash drive again, that's good. Not getting pop-ups. And the computer's attempts to access "malicious websites" seem to be much less frequent now. So I did what you said:

    1) I downloaded OTL, closed all windows, and ran it

    2) I checked SCAN ALL USERS and pasted your text under CUSTOM SCAN and and ran a QUICK SCAN

    Here are the logs for OTL and Extras (I'm splitting OTL in half because it is over the 50,000 post limit):


    OTL


    OTL Extras logfile created on: 1/22/2011 11:17:14 PM - Run 1
    OTL by OldTimer - Version 3.2.20.4 Folder = C:\Documents and Settings\A L\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 144.31 Gb Total Space | 47.87 Gb Free Space | 33.17% Space Free | Partition Type: NTFS

    Computer Name: D4SMZ191 | User Name: A L | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" = C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe:*:Enabled:MediaDetect -- (Corel, Inc.)
    "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe" = C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe:*:Enabled:mim -- (Musicmatch, Inc.)
  15. allclearhere

    allclearhere Newcomer, in training Topic Starter Posts: 19

    OTL (cont'd)



    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
    "{07473686-FC3A-4825-9CA9-97D269145F62}" = Motorola Phone Tools
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
    "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Google AFE
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel(R) PROSet for Wired Connections
    "{53454A1C-26F6-4599-A410-847B6AAD0009}" = Motorola Driver Installation 4.6.5
    "{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
    "{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
    "{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
    "{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
    "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
    "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
    "{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
    "{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
    "{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
    "{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
    "{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
    "{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
    "{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
    "{AE1F1599-1496-4402-B5E4-B1F68C6854CD}" = Rose Online 1.0.254.123
    "{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C8F7C1E5-0150-11D6-A96C-00D05908F85D}" = USB Driver
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
    "{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
    "{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =
    "{EF2AA69F-67E4-4721-89F9-04F4A177F9C5}" = Motorola Phone Tools
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
    "Adobe Audition 3.0" = Adobe Audition 3.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "America Online us" = America Online (Choose which version to remove)
    "AOL Connectivity Services" = AOL Connectivity Services
    "AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
    "ASIO4ALL" = ASIO4ALL
    "ATI Display Driver" = ATI Display Driver
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "Dell Game Console" = Dell Game Console
    "DivX Setup.divx.com" = DivX Setup
    "EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    "ESPNMotion" = ESPNMotion
    "FastStone Image Viewer" = FastStone Image Viewer 4.0
    "FL Studio 9" = FL Studio 9
    "GOM Player" = GOM Player
    "Google Desktop" = Google Desktop
    "ie8" = Windows Internet Explorer 8
    "IL Download Manager" = IL Download Manager
    "Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MsJavaVM" = Microsoft VM for Java
    "PoiZone" = PoiZone
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RealPlayer 6.0" = RealPlayer Basic
    "RPG Maker 95+ (Translated by Don Miguel)" = RPG Maker 95+ (Translated by Don Miguel)
    "Sakura" = Sakura
    "Sawer" = Sawer
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "Toxic Biohazard" = Toxic Biohazard
    "uTorrent" = µTorrent
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
    "WebPost" = Microsoft Web Publishing Wizard 1.53
    "WebSTAR DPC2100 Uninstall" = Scientific-Atlanta WebSTAR 2000 series Cable Modem
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Xvid_is1" = Xvid 1.2.2 final uninstall
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/21/2011 9:50:41 PM | Computer Name = D4SMZ191 | Source = Application Hang | ID = 1001
    Description = Fault bucket 1180947459.

    Error - 1/21/2011 10:49:01 PM | Computer Name = D4SMZ191 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 1/21/2011 10:49:02 PM | Computer Name = D4SMZ191 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 1/22/2011 12:00:08 AM | Computer Name = D4SMZ191 | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
    module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

    Error - 1/22/2011 12:00:13 AM | Computer Name = D4SMZ191 | Source = Application Error | ID = 1001
    Description = Fault bucket 1271752061.

    Error - 1/22/2011 4:58:24 AM | Computer Name = D4SMZ191 | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
    module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

    Error - 1/22/2011 5:22:02 AM | Computer Name = D4SMZ191 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 1/22/2011 5:22:06 AM | Computer Name = D4SMZ191 | Source = Application Hang | ID = 1001
    Description = Fault bucket 1180947459.

    Error - 1/22/2011 5:22:53 AM | Computer Name = D4SMZ191 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 1/22/2011 5:22:55 AM | Computer Name = D4SMZ191 | Source = Application Hang | ID = 1001
    Description = Fault bucket 1180947459.

    [ System Events ]
    Error - 1/22/2011 8:18:29 PM | Computer Name = D4SMZ191 | Source = Cdrom | ID = 262151
    Description = The device, \Device\CdRom1, has a bad block.

    Error - 1/22/2011 8:18:39 PM | Computer Name = D4SMZ191 | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 1/22/2011 8:18:48 PM | Computer Name = D4SMZ191 | Source = Cdrom | ID = 262151
    Description = The device, \Device\CdRom1, has a bad block.

    Error - 1/22/2011 8:18:58 PM | Computer Name = D4SMZ191 | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 1/22/2011 8:19:08 PM | Computer Name = D4SMZ191 | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 1/22/2011 8:19:19 PM | Computer Name = D4SMZ191 | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 1/22/2011 8:19:30 PM | Computer Name = D4SMZ191 | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 1/22/2011 8:19:45 PM | Computer Name = D4SMZ191 | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 1/22/2011 8:19:56 PM | Computer Name = D4SMZ191 | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 1/22/2011 8:20:07 PM | Computer Name = D4SMZ191 | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.


    < End of report >
  16. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Good news :)

    Does it still happen sometimes? I need more details.

    You posted Extras.txt twice.
    I still need OTL.txt log.
  17. allclearhere

    allclearhere Newcomer, in training Topic Starter Posts: 19

    Hi. The "malicious website" thing seems to happen very sporadically (sometimes once, twice, three times within an hour, sometimes zero times during an hour) and it shows up as a balloon pop up from the windows taskbar saying:

    "(!) Malwarebytes' Anti-Malware
    Successfully blocked access to a potentially malicious website: 125.45.109.166"


    I've also gotten one saying website 221.192.199.49. I'm not sure if it's the same numbers every time. And I'm not sure if I'm doing anything to cause them as they seem to pop up randomly.

    My apologies for the missing OTL log file (and I still need to split it into 2 posts because of length). Here it is:


    OTL


    OTL logfile created on: 1/22/2011 11:17:14 PM - Run 1
    OTL by OldTimer - Version 3.2.20.4 Folder = C:\Documents and Settings\A L\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 144.31 Gb Total Space | 47.87 Gb Free Space | 33.17% Space Free | Partition Type: NTFS

    Computer Name: D4SMZ191 | User Name: A L | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/22 23:13:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A L\Desktop\OTL.exe
    PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/06/24 13:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    PRC - [2010/06/24 13:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    PRC - [2010/06/02 16:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/12/21 20:12:55 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
    PRC - [2005/09/19 05:42:06 | 001,159,168 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
    PRC - [2005/09/15 07:47:22 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    PRC - [2005/09/08 17:20:46 | 000,464,384 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    PRC - [2005/08/31 09:06:18 | 000,106,496 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    PRC - [2005/06/17 05:56:14 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2005/06/17 05:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    PRC - [2005/06/10 08:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    PRC - [2005/05/15 00:04:12 | 000,332,800 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
    PRC - [2005/03/22 22:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
    PRC - [2004/04/07 10:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    PRC - [1998/05/28 23:00:00 | 000,119,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MDM.EXE


    ========== Modules (SafeList) ==========

    MOD - [2011/01/22 23:13:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A L\Desktop\OTL.exe
    MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/06/24 13:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
    SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2005/12/21 20:07:58 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
    SRV - [2005/06/17 05:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)
    SRV - [2004/04/07 10:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
    SRV - [1998/06/05 23:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2010/02/25 23:34:51 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2005/12/21 20:12:58 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2005/08/04 02:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/06/17 10:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor)
    DRV - [2005/06/06 19:40:48 | 000,180,736 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
    DRV - [2005/05/25 20:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS -- (CTUSFSYN)
    DRV - [2005/03/31 21:04:52 | 000,180,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
    DRV - [2005/03/25 14:11:00 | 001,350,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sigfilt.sys -- (sigfilt)
    DRV - [2005/01/10 22:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
    DRV - [2005/01/10 22:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS -- (ossrv)
    DRV - [2004/12/05 23:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
    DRV - [2004/12/05 23:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
    DRV - [2004/12/05 23:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
    DRV - [2004/12/05 23:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
    DRV - [2004/12/05 23:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
    DRV - [2004/12/05 23:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
    DRV - [2004/12/05 23:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
    DRV - [2004/12/05 23:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
    DRV - [2004/12/05 23:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
    DRV - [2004/12/01 01:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
    DRV - [2004/11/23 00:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
    DRV - [2004/08/03 20:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2004/07/14 09:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
    DRV - [2004/07/14 09:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
    DRV - [2004/06/16 01:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
    DRV - [2004/06/10 06:42:38 | 000,015,429 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sacm2A.sys -- (usbcm)
    DRV - [2004/04/30 09:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus)
    DRV - [2004/04/30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi)
    DRV - [2004/03/06 02:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
    DRV - [2004/03/06 02:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
    DRV - [2004/03/06 02:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
    DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1609724981-4002481501-578937507-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:///
    IE - HKU\S-1-5-21-1609724981-4002481501-578937507-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
    IE - HKU\S-1-5-21-1609724981-4002481501-578937507-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2011/01/22 20:52:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\S-1-5-21-1609724981-4002481501-578937507-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
    O4 - HKLM..\Run: [CTRegRun] C:\WINDOWS\Ctregrun.exe (Creative Technology Ltd )
    O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
    O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
    O4 - HKU\S-1-5-21-1609724981-4002481501-578937507-1005..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
    O4 - HKU\S-1-5-21-1609724981-4002481501-578937507-1005..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1609724981-4002481501-578937507-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1609724981-4002481501-578937507-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1609724981-4002481501-578937507-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1609724981-4002481501-578937507-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
    O15 - HKU\S-1-5-21-1609724981-4002481501-578937507-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (17183584330711040)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/22 23:13:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\A L\Desktop\OTL.exe
    [2011/01/22 21:17:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/01/22 20:55:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/01/22 20:41:56 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/01/22 16:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\Desktop\NTBR_CD
    [2011/01/22 10:46:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/01/22 10:42:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/01/22 10:42:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/01/22 10:42:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/01/22 10:42:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/01/22 10:42:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/01/22 10:41:30 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/01/22 10:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\Desktop\software
    [2011/01/21 13:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\Desktop\Favorites
    [2011/01/21 09:36:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\Application Data\Avira
    [2011/01/21 09:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
    [2011/01/21 09:27:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2011/01/21 09:27:08 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2011/01/21 09:27:08 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2011/01/21 09:27:08 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2011/01/21 09:27:08 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2011/01/21 09:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2011/01/21 09:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2011/01/21 00:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
    [2011/01/21 00:03:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2011/01/20 12:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2011/01/20 12:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2011/01/20 11:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2011/01/19 21:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\Application Data\Malwarebytes
    [2011/01/19 21:18:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/01/19 21:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/01/19 21:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/01/19 21:17:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/01/19 21:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/01/19 21:13:14 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
    [2011/01/19 08:19:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2011/01/18 19:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2011/01/18 19:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2011/01/17 23:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\Desktop\Shots
    [2011/01/17 20:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
    [2011/01/17 20:47:42 | 000,000,000 | ---D | C] -- C:\1b83767d15ac5b981e43347c
    [2011/01/17 20:46:45 | 000,000,000 | ---D | C] -- C:\3f6cdbb3449a1ae57417e5c66f145759
    [2011/01/17 20:46:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
    [2011/01/17 20:46:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2011/01/17 20:46:11 | 000,000,000 | ---D | C] -- C:\205ebe4aa73d14f925
    [2011/01/17 19:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\FreeCDRipper
    [2011/01/17 19:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\My Documents\Alcohol 120%
    [2011/01/17 11:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\Desktop\Valentine Cards
    [2011/01/09 17:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\Desktop\Dragon Quest - Yuusha Aberu Densetsu
    [2011/01/09 17:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\Desktop\Dragon Quest - Dai no Daibouken
    [2011/01/06 00:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\Application Data\GRETECH
    [2011/01/06 00:11:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GOM Player
    [2011/01/02 01:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\snap
    [2011/01/02 01:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\sample
    [2011/01/02 01:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\rom
    [2011/01/02 01:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\nvram
    [2011/01/02 01:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\memcard
    [2011/01/02 01:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\inp
    [2011/01/02 01:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\image
    [2011/01/02 01:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\hi
    [2011/01/02 01:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\diff
    [2011/01/02 01:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A L\artwork
    [2010/05/05 17:48:34 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys
    [2010/03/13 01:46:58 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
    [2010/03/13 01:46:58 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
  18. allclearhere

    allclearhere Newcomer, in training Topic Starter Posts: 19

    OTL (cont'd)


    ========== Files - Modified Within 30 Days ==========

    [2011/01/22 23:13:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A L\Desktop\OTL.exe
    [2011/01/22 22:39:33 | 000,004,324 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\Amateur First Timers 380 Live Video Stream.htm
    [2011/01/22 20:52:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/01/22 20:41:09 | 004,159,369 | R--- | M] () -- C:\Documents and Settings\A L\Desktop\ComboFix.exe
    [2011/01/22 16:44:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/01/22 16:44:08 | 2145,554,432 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/22 15:51:54 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\NTBR_CD.exe
    [2011/01/22 10:46:48 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2011/01/22 01:00:59 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/01/21 17:44:55 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\A L\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/01/21 08:42:07 | 000,000,209 | ---- | M] () -- C:\Boot.bak
    [2011/01/20 19:24:20 | 000,224,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/01/19 22:57:07 | 000,019,310 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\The_Town_2010_720p_BRRip_x264_[Team_QrG].6088453.TPB.torrent
    [2011/01/19 19:05:01 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Qsetomizihawagur.dat
    [2011/01/19 00:01:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Odacimaf.bin
    [2011/01/18 20:19:34 | 000,001,394 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\Media Center.lnk
    [2011/01/18 16:27:26 | 000,087,040 | ---- | M] () -- C:\Documents and Settings\A L\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/01/18 07:29:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/01/17 23:05:57 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\A L\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011/01/17 23:05:56 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\Windows Media Player.lnk
    [2011/01/17 23:05:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/01/17 22:28:25 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2011/01/17 22:28:25 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2011/01/17 20:47:28 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
    [2011/01/17 20:46:44 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
    [2011/01/16 17:54:21 | 000,014,510 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\Whispering Corridors 2 - Memento Mori.torrent
    [2011/01/06 12:16:05 | 000,056,635 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\[TNTVillage.org]Yeogo+goedam+-+Whispering+corridors.torrent
    [2011/01/06 02:50:34 | 000,018,084 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\WHISPERING_CORRIDORS_Title01_2.avi.5101514.TPB.torrent
    [2011/01/05 21:00:41 | 000,012,325 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\The.Girl.Who.Leapt.Through.Time.2006.720p.BluRay.x264-THORA.5730566.TPB.torrent
    [2011/01/04 20:42:05 | 000,000,517 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\Google Translate.url
    [2011/01/02 01:07:27 | 000,017,499 | ---- | M] () -- C:\Documents and Settings\A L\advmame.rc
    [2010/12/29 17:28:12 | 000,404,288 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\12-29-10_1714.jpg
    [2010/12/24 22:28:47 | 003,966,125 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\LackeyCCGBetaWin.zip

    ========== Files Created - No Company Name ==========

    [2011/01/22 21:16:08 | 000,004,324 | ---- | C] () -- C:\Documents and Settings\A L\Desktop\Amateur First Timers 380 Live Video Stream.htm
    [2011/01/22 15:51:37 | 002,565,432 | ---- | C] () -- C:\Documents and Settings\A L\Desktop\NTBR_CD.exe
    [2011/01/22 10:46:48 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2011/01/22 10:46:46 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/01/22 10:42:19 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/01/22 10:42:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/01/22 10:42:19 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/01/22 10:42:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/01/22 10:42:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/01/22 10:39:07 | 004,159,369 | R--- | C] () -- C:\Documents and Settings\A L\Desktop\ComboFix.exe
    [2011/01/21 17:34:40 | 2145,554,432 | -HS- | C] () -- C:\hiberfil.sys
    [2011/01/21 08:42:06 | 000,002,109 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    [2011/01/21 08:42:06 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    [2011/01/21 08:42:06 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
    [2011/01/20 03:37:22 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
    [2011/01/20 03:37:21 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
    [2011/01/20 03:37:21 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
    [2011/01/20 03:37:21 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
    [2011/01/20 03:37:16 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
    [2011/01/20 03:37:16 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
    [2011/01/20 03:37:16 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
    [2011/01/20 03:37:16 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
    [2011/01/20 03:37:16 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
    [2011/01/20 03:37:16 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
    [2011/01/20 03:37:16 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
    [2011/01/20 03:37:16 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
    [2011/01/20 03:37:16 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
    [2011/01/20 03:37:16 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
    [2011/01/20 03:37:16 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
    [2011/01/20 03:37:16 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
    [2011/01/20 03:37:16 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
    [2011/01/20 03:37:15 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
    [2011/01/20 03:37:15 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
    [2011/01/19 22:57:07 | 000,019,310 | ---- | C] () -- C:\Documents and Settings\A L\Desktop\The_Town_2010_720p_BRRip_x264_[Team_QrG].6088453.TPB.torrent
    [2011/01/18 19:41:09 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/01/17 23:06:44 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\A L\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
    [2011/01/17 20:46:44 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
    [2011/01/17 19:35:00 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2011/01/16 17:54:23 | 000,014,510 | ---- | C] () -- C:\Documents and Settings\A L\Desktop\Whispering Corridors 2 - Memento Mori.torrent
    [2011/01/06 12:16:05 | 000,056,635 | ---- | C] () -- C:\Documents and Settings\A L\Desktop\[TNTVillage.org]Yeogo+goedam+-+Whispering+corridors.torrent
    [2011/01/06 02:50:34 | 000,018,084 | ---- | C] () -- C:\Documents and Settings\A L\Desktop\WHISPERING_CORRIDORS_Title01_2.avi.5101514.TPB.torrent
    [2011/01/05 21:00:41 | 000,012,325 | ---- | C] () -- C:\Documents and Settings\A L\Desktop\The.Girl.Who.Leapt.Through.Time.2006.720p.BluRay.x264-THORA.5730566.TPB.torrent
    [2011/01/02 01:07:27 | 000,017,499 | ---- | C] () -- C:\Documents and Settings\A L\advmame.rc
    [2010/12/29 17:28:12 | 000,404,288 | ---- | C] () -- C:\Documents and Settings\A L\Desktop\12-29-10_1714.jpg
    [2010/12/24 22:27:44 | 003,966,125 | ---- | C] () -- C:\Documents and Settings\A L\Desktop\LackeyCCGBetaWin.zip
    [2010/08/16 19:13:11 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2010/08/16 19:13:11 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2010/06/27 02:17:22 | 000,357,472 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/05/05 17:48:34 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys
    [2010/04/09 14:30:49 | 000,000,181 | -HS- | C] () -- C:\WINDOWS\System32\dubipoja.dll
    [2010/03/14 20:19:17 | 000,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini
    [2010/03/14 20:19:06 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2010/02/25 23:34:50 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
    [2010/01/09 14:30:08 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\disovibu.dll
    [2010/01/08 02:18:07 | 000,087,040 | ---- | C] () -- C:\Documents and Settings\A L\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/10/08 22:56:47 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\A L\Application Data\PFP120JPR.{PB
    [2009/10/08 22:56:47 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\A L\Application Data\PFP120JCM.{PB
    [2005/12/21 20:25:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/12/21 20:14:25 | 000,004,343 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2005/12/21 20:08:23 | 000,005,811 | R--- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
    [2005/12/21 19:46:14 | 000,004,969 | ---- | C] () -- C:\WINDOWS\System32\Sigfilt.ini
    [2005/12/21 19:46:14 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2005/12/21 19:44:52 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/08/16 02:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2005/08/16 02:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/08/05 12:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/04/09 15:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [1998/06/09 23:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
    [1998/05/17 23:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
    [1998/04/23 23:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI

    ========== LOP Check ==========

    [2010/03/13 00:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A L\Application Data\DAEMON Tools Lite
    [2010/02/25 23:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A L\Application Data\DAEMON Tools Pro
    [2010/05/15 17:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A L\Application Data\fltk.org
    [2010/04/15 06:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A L\Application Data\Leadertech
    [2010/04/03 02:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A L\Application Data\Mael
    [2011/01/21 00:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A L\Application Data\uTorrent
    [2009/09/26 21:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A L\Application Data\Viewpoint
    [2010/08/19 19:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2010/03/13 00:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2010/02/25 23:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
    [2005/08/16 18:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
    [2005/12/21 20:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/11/22 00:12:18 | 000,000,000 | ---- | M] () -- C:\asoutput.log
    [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/01/21 08:42:07 | 000,000,209 | ---- | M] () -- C:\Boot.bak
    [2011/01/22 10:46:48 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/01/22 20:55:30 | 000,013,634 | ---- | M] () -- C:\ComboFix.txt
    [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/04/03 02:08:37 | 009,970,817 | ---- | M] () -- C:\DEFAULT.TLE
    [2005/12/21 19:50:26 | 000,006,827 | RH-- | M] () -- C:\dell.sdr
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2011/01/22 16:44:08 | 2145,554,432 | -HS- | M] () -- C:\hiberfil.sys
    [2009/09/15 13:48:42 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2005/08/16 02:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2005/08/16 02:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/10 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010/02/22 17:21:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/01/22 16:44:07 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2005/12/21 20:13:16 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
    [2011/01/22 01:28:10 | 000,052,080 | ---- | M] () -- C:\TDSSKiller.2.4.14.0_22.01.2011_01.26.45_log.txt
    [2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2005/08/16 02:42:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2005/08/16 02:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2005/08/16 02:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2005/08/16 02:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2005/06/09 09:33:42 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\3 Months Free NetZero.exe
    [2010/02/22 17:26:46 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/09/13 20:38:44 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\A L\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2005/08/16 02:50:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\A L\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/01/22 20:41:09 | 004,159,369 | R--- | M] () -- C:\Documents and Settings\A L\Desktop\ComboFix.exe
    [2010/09/26 20:44:43 | 007,958,521 | ---- | M] (James Garner ) -- C:\Documents and Settings\A L\Desktop\Install49.exe
    [2011/01/22 15:51:54 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\A L\Desktop\NTBR_CD.exe
    [2011/01/22 23:13:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A L\Desktop\OTL.exe
    [2007/05/05 14:56:00 | 000,028,672 | ---- | M] (Doug Knox) -- C:\Documents and Settings\A L\Desktop\XP_CD-DVD-Fix.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/10 03:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/09/13 20:38:43 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\A L\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
    No captured output from command...

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    No captured output from command...

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/10/11 00:02:42 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\A L\Cookies\desktop.ini
    [2011/01/22 23:16:20 | 000,671,744 | ---- | M] () -- C:\Documents and Settings\A L\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 16:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/03 23:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/03 23:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 06:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 09:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 16:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/03 23:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/03 23:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/03 23:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/03 23:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/03 23:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Files - Unicode (All) ==========
    [2010/07/25 12:22:46 | 000,000,214 | ---- | M] ()(C:\Documents and Settings\A L\Desktop\YouTube - ?THE HIGH LOWS? - ????????????.url) -- C:\Documents and Settings\A L\Desktop\YouTube - ↑THE HIGH LOWS↓ - 夏の朝にキャッチボールを.url
    [2010/02/09 07:32:05 | 000,000,214 | ---- | C] ()(C:\Documents and Settings\A L\Desktop\YouTube - ?THE HIGH LOWS? - ????????????.url) -- C:\Documents and Settings\A L\Desktop\YouTube - ↑THE HIGH LOWS↓ - 夏の朝にキャッチボールを.url

    < End of report >
  19. allclearhere

    allclearhere Newcomer, in training Topic Starter Posts: 19

    I just wanted to add that I've had at least 5 of those "malicious website" attempts so far today (2 more from that address 125.45.109.166). Even while I'm not doing anything on the computer (though I am connected to the internet).

    Also, under the web address at the bottom of the Malwarebytes' Anti-Malware balloon, it reads:

    Type: incoming
  20. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Those messages may simply mean, that your MBAM is working, but we'll keep checking.

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
      O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
      O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
      O15 - HKU\S-1-5-21-1609724981-4002481501-578937507-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
      [2010/04/09 14:30:49 | 000,000,181 | -HS- | C] () -- C:\WINDOWS\System32\dubipoja.dll
      [2010/01/09 14:30:08 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\disovibu.dll
      [2009/09/26 21:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A L\Application Data\Viewpoint
      [2005/12/21 20:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  21. allclearhere

    allclearhere Newcomer, in training Topic Starter Posts: 19

    Just a note...I've noticed ever since these problems came up, everytime I try to download something (including these programs), the address bar on internet explorer briefly says "http://redirectingat.com/..." It never used to do that before. Is that something I should be concerned about?

    Ok...So...

    1) I downloaded Java (it gave me VER 6 UPDATE 23) and installed it (it didn't prompt me for any add-ons/toolbar/software, etc.)

    2) I unchecked Java Quick Starter under Control Panel just to be safe and then restarted the computer

    3) I downloaded JavaRa, ran it, and picked Remove Older Versions (let me know if you want the JavaRa log)

    4) I ran OTL and pasted your text under the Custom Scans/Fixes box

    5) I picked RUN FIX

    NOTE: midway through the RUN FIX I got an error window saying "Access violation at address 005CC7ED in module 'OTL.exe'. Read of address 00000000."

    I clicked OK. It was halted there so I clicked on RUN FIX again and it finished the rest of the list and rebooted with a log.

    Do you still want me to continue with the rest of the scans?


    OTL RUN FIX


    All processes killed
    Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.> in the current context!
    Error: Unable to interpret <O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)> in the current context!
    Error: Unable to interpret <O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)> in the current context!
    Error: Unable to interpret <O15 - HKU\S-1-5-21-1609724981-4002481501-578937507-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)> in the current context!
    Error: Unable to interpret <[2010/04/09 14:30:49 | 000,000,181 | -HS- | C] () -- C:\WINDOWS\System32\dubipoja.dll> in the current context!
    Error: Unable to interpret <[2010/01/09 14:30:08 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\disovibu.dll> in the current context!
    Error: Unable to interpret <[2009/09/26 21:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A L\Application Data\Viewpoint> in the current context!
    Error: Unable to interpret <[2005/12/21 20:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint> in the current context!
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: A L
    ->Temp folder emptied: 10275018 bytes
    ->Temporary Internet Files folder emptied: 117311029 bytes
    ->Java cache emptied: 1900 bytes
    ->Flash cache emptied: 5411 bytes

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 456 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 1212550 bytes
    ->Flash cache emptied: 6048 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 41553 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 123.00 mb


    [EMPTYFLASH]

    User: A L
    ->Flash cache emptied: 0 bytes

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.4 log created on 01232011_145735

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
  22. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    You didn't copy a whole OTL script.
    Most likely, you missed a "colon" in front of "OTL" (1st line).
    Please, redo.
  23. allclearhere

    allclearhere Newcomer, in training Topic Starter Posts: 19

    Ok...I tried copying, pasting , and running OTL 2 more times. I keep getting the same error.

    Here's what the text looks like when I copy it from your post. Is there something missing:


    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
    O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
    O15 - HKU\S-1-5-21-1609724981-4002481501-578937507-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    [2010/04/09 14:30:49 | 000,000,181 | -HS- | C] () -- C:\WINDOWS\System32\dubipoja.dll
    [2010/01/09 14:30:08 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\disovibu.dll
    [2009/09/26 21:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A L\Application Data\Viewpoint
    [2005/12/21 20:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  24. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    OK, we can leave it for now.
    It's a minor issue. Nothing malicious there.

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  25. allclearhere

    allclearhere Newcomer, in training Topic Starter Posts: 19

    Ok...

    1) I downloaded Security Check and ran it

    Here is the log for Checkup.txt:


    CHECKUP


    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Microsoft VM for Java
    Java(TM) 6 Update 23
    Java 2 Runtime Environment, SE v1.4.2_03
    Out of date Java installed!
    Adobe Flash Player
    Adobe Reader 6.0.1
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ``````````End of Log````````````
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.