Inactive I think I have another virus :(

[MTilson]

I can't run the preliminary 5 steps because the computer is acting Wonky!

If it try to access the internet and try to enter a website address and click in the box the line (cursor) travels across the bar. If I enter a website address anyway it adds a lot of spaces (because it it traveling) and takes you to a search page but it takes you to the bottom portion of the page and if you try to scroll up it flickers and brings you back to the bottom of the page.

Any ideas?

Thanks!!

 

[Broni]

Which browser behaves like that?

 

[MTilson]

Mozilla and Internet Explorer.

 

[Broni]

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[MTilson]

Any suggestions on how I would go about doing that since I can't properly access any web pages or address bar?

 

[Broni]

Use the computer you're posting from and USB flash drive to transfer tools to bad computer.

 

[MTilson]

I'm getting
Run-time error '13':
Type mismatch

 

[Broni]

When doing what?
Remember, I'm not there.

 

[MTilson]

Well, I can't actually "Setup" on my computer because when it gets to the point where it says it will install in "this" location unless you would like it installed somewhere else and then gives you the Browse button the cursor travels across that bar, so it won't complete the install so I tried to place the complete program on the computer and when I try to perform the Quick Scan I get:
Run-time error '13':
Type mismatch

 

[Broni]

Are you talking about MBAM?

Remember, I'm not there so I can't see what you're referring to.

 

[MTilson]

Yes, MBAM.

 

[Broni]

Skip it for now and continue with other steps.

 

[MTilson]

I got GMER onto the system and it appeared to run, but I'm not sure if it completed it's scan. It did not appear to produce a log.

 

[Broni]

That's fine.
Go ahead with DDS.

 

[MTilson]

Okay. I will do that.

 

[MTilson]

I have a favor to ask. The computer I was using for the process (that was not infected) is now having problems. Can we continue with that computer and then go back to the original one?

 

[Broni]

I prefer you create new topic about different computer.

 

[MTilson]

Ok. Will do.

 

[MTilson]

I switched out the keyboard and am now able to run the programs. MBAM ran for more than 11 hours and then I aborted the scan. It did produce a log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.18.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mona Only :: TILSON-CC301A79 [administrator]

3/18/2012 6:21:32 PM
mbam-log-2012-03-18 (18-21-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 14680638
Time elapsed: 11 hour(s), 55 minute(s), 15 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Do you want me to try running it again?

 

[Broni]

No. Continue with other steps.

 

[MTilson]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-19 19:31:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\viamraid1Port4Path0Target0Lun0 Maxtor_6 rev.BACE
Running: 4220i8ug.exe; Driver: C:\Users\MONAON~1\LOCALS~1\Temp\pfncikow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

 

[MTilson]

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Mona Only at 19:35:47 on 2012-03-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.2237 [GMT -7:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
mWinlogon: UIHost=%SystemRoot%\System32\ultlogonui.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [CPN Notifier] c:\program files\cake poker 2.0\PokerNotifier.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\users\monaon~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\users\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
StartupFolder: c:\users\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
dPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FF70B19D-A2F0-4EA7-8A1A-19106E0D926A} : DhcpNameServer = 192.168.0.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mona only\application data\mozilla\firefox\profiles\act5fan8.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-17 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-17 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-17 110032]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-10-17 463824]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-17 74640]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-3-1 583640]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-13 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-13 399416]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-12-3 821592]
S3 gwiopm;gwiopm;\??\c:\program files\unknown device identifier\gwiopm.sys --> c:\program files\unknown device identifier\gwiopm.sys [?]
S3 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2010-6-10 201504]
S3 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2012-1-28 246816]
.
=============== Created Last 30 ================
.
2012-03-19 01:20:41 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 01:20:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-04 20:55:12 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-03-04 20:55:12 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2012-02-20 00:47:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-20 00:47:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-19 17:01:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:26:17 1869184 ----a-w- c:\windows\system32\win32k.sys
2012-01-12 16:54:47 1869056 ------w- c:\windows\system32\_000005_.tmp.dll
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 19:36:32.35 ===============

 

[MTilson]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/15/2009 8:33:37 PM
System Uptime: 3/18/2012 5:39:46 PM (26 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5VD2-X
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Socket 775 | 3011/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 190 GiB total, 143.023 GiB free.
D: is FIXED (NTFS) - 190 GiB total, 189.831 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: System Interrupt Controller
Device ID: PCI\VEN_1106&DEV_5327&SUBSYS_00000000&REV_00\3&2411E6FE&0&05
Manufacturer:
Name: System Interrupt Controller
PNP Device ID: PCI\VEN_1106&DEV_5327&SUBSYS_00000000&REV_00\3&2411E6FE&0&05
Service:
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMLITE-ON_DVDRW_LH-20A1L__________________BL02____\6&11FB6FEF&0&0.1.0
Manufacturer: (Standard CD-ROM drives)
Name: LITE-ON DVDRW LH-20A1L
PNP Device ID: IDE\CDROMLITE-ON_DVDRW_LH-20A1L__________________BL02____\6&11FB6FEF&0&0.1.0
Service: cdrom
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMSONY_DVD-ROM_DDU1632____________________AS20____\5&5CEE38F&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: SONY DVD-ROM DDU1632
PNP Device ID: IDE\CDROMSONY_DVD-ROM_DDU1632____________________AS20____\5&5CEE38F&0&0.0.0
Service: cdrom
.
Class GUID:
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
.
==== System Restore Points ===================
.
RP575: 12/21/2011 6:20:42 AM - System Checkpoint
RP576: 12/22/2011 6:46:27 AM - System Checkpoint
RP577: 12/23/2011 7:14:06 AM - System Checkpoint
RP578: 12/24/2011 7:28:01 AM - System Checkpoint
RP579: 12/24/2011 1:39:28 PM - No Virus/0 Hidden Objects/10 Warnings
RP580: 12/25/2011 10:52:40 AM - No Virus/0 Hidden Objects/12 Warnings
RP581: 12/25/2011 5:50:57 PM - Restore Operation
RP582: 12/26/2011 9:36:59 AM - No Virurs/0 Hidden Objects/10 Warnings
RP583: 12/28/2011 5:46:06 PM - System Checkpoint
RP584: 12/29/2011 1:42:35 PM - No Virus/No Hidden Objects/10 Warnings
RP585: 12/31/2011 11:54:22 AM - System Checkpoint
RP586: 12/31/2011 3:47:22 PM - No Virus/No Hidden Objects/10 Warnings
RP587: 1/1/2012 11:38:08 AM - No Virus/No Hidden Objects/10 Warnings
RP588: 1/2/2012 11:00:06 AM - No Virus/No Hidden Objects/12 Warnings
RP589: 1/2/2012 11:03:54 AM - Software Distribution Service 3.0
RP590: 1/3/2012 6:27:04 PM - System Checkpoint
RP591: 1/5/2012 6:50:26 AM - System Checkpoint
RP592: 1/6/2012 7:13:11 AM - System Checkpoint
RP593: 1/7/2012 9:39:04 AM - System Checkpoint
RP594: 1/7/2012 11:32:45 AM - No Virus/No Hidden Objects/14 Warnings
RP595: 1/8/2012 8:21:51 PM - System Checkpoint
RP596: 1/10/2012 6:40:04 AM - System Checkpoint
RP597: 1/11/2012 6:00:20 AM - Software Distribution Service 3.0
RP598: 1/12/2012 6:49:18 AM - System Checkpoint
RP599: 1/13/2012 7:20:22 AM - System Checkpoint
RP600: 1/14/2012 8:19:54 AM - System Checkpoint
RP601: 1/15/2012 9:23:45 AM - System Checkpoint
RP602: 1/15/2012 10:23:30 AM - No Virus/No Hidden Objects/14 Warnings
RP603: 1/16/2012 10:50:52 AM - No Virus/No Hidden Objects/14 Warnings
RP604: 1/18/2012 6:25:24 AM - System Checkpoint
RP605: 1/19/2012 6:35:11 AM - System Checkpoint
RP606: 1/20/2012 6:41:33 AM - System Checkpoint
RP607: 1/21/2012 12:16:57 PM - System Checkpoint
RP608: 1/22/2012 9:19:18 AM - No Virus/No Hidden Objects/17 Warnings
RP609: 1/24/2012 6:53:51 AM - System Checkpoint
RP610: 1/25/2012 7:20:36 AM - System Checkpoint
RP611: 1/25/2012 9:23:05 PM - Software Distribution Service 3.0
RP612: 1/26/2012 9:55:13 PM - System Checkpoint
RP613: 1/28/2012 6:20:49 AM - System Checkpoint
RP614: 1/28/2012 10:03:00 AM - no virus/no hidden objects/14 warnings
RP615: 1/29/2012 10:49:48 AM - System Checkpoint
RP616: 1/29/2012 10:54:58 AM - no virus/no hidden objects/14 warnings
RP617: 1/30/2012 11:20:49 AM - System Checkpoint
RP618: 2/1/2012 6:44:17 AM - System Checkpoint
RP619: 2/2/2012 6:48:47 AM - System Checkpoint
RP620: 2/3/2012 6:50:26 AM - System Checkpoint
RP621: 2/4/2012 9:45:08 AM - no v/ no h.o./ 14 warnings
RP622: 2/5/2012 9:36:09 AM - No Virus/No Hidden Objects/14 Warnings
RP623: 2/7/2012 6:40:54 AM - System Checkpoint
RP624: 2/8/2012 7:17:44 AM - System Checkpoint
RP625: 2/8/2012 7:45:43 AM - no V/no HO/14 W
RP626: 2/9/2012 8:17:36 AM - System Checkpoint
RP627: 2/11/2012 10:11:23 AM - System Checkpoint
RP628: 2/11/2012 11:17:04 AM - no v/ no h.o./14 wa
RP629: 2/17/2012 7:22:45 PM - Software Distribution Service 3.0
RP630: 2/19/2012 9:19:45 AM - System Checkpoint
RP631: 2/19/2012 10:18:21 AM - No Virus/No Hidden Objects/14 Warnings
RP632: 2/19/2012 4:47:03 PM - Removed Java(TM) 6 Update 13
RP633: 2/19/2012 4:47:29 PM - Installed Java(TM) 6 Update 31
RP634: 2/19/2012 4:52:42 PM - Software Distribution Service 3.0
RP635: 2/19/2012 4:58:32 PM - Software Distribution Service 3.0
RP636: 2/20/2012 5:00:48 PM - System Checkpoint
RP637: 2/21/2012 5:15:56 PM - System Checkpoint
RP638: 2/22/2012 6:30:22 PM - System Checkpoint
RP639: 2/24/2012 6:52:58 AM - System Checkpoint
RP640: 2/25/2012 8:09:37 AM - System Checkpoint
RP641: 2/26/2012 8:24:05 AM - System Checkpoint
RP642: 2/27/2012 12:44:46 PM - System Checkpoint
RP643: 2/28/2012 10:02:03 PM - System Checkpoint
RP644: 3/1/2012 10:16:30 PM - System Checkpoint
RP645: 3/3/2012 7:43:43 AM - No Virus/No Hidden Objects/14 Warnings
RP646: 3/4/2012 12:27:00 PM - Restore Operation
RP647: 3/4/2012 12:54:22 PM - Restore Operation
RP648: 3/19/2012 3:03:51 AM - System Checkpoint
RP649: 3/19/2012 6:00:16 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
PPA Calculator version 2.0.0.225
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0
Adobe Shockwave Player 11.6
Alky for Applications (Windows XP)
Amazon Kindle For PC v1.0
Amazon MP3 Uploader
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Display Driver
Avira Free Antivirus
Bodog Poker
Bonjour
Cake Poker 2.0
CCleaner
CDisplay 1.8
ClubWPT
ClueFinders(R) 6th Grade Adventures
Comcast Desktop Software (v1.2.0.9)
Coupon Printer for Windows
Deskcalc Pro
Desktop Doctor
Dragon NaturallySpeaking 8
Driver Robot
File Extension Finder
Gadget Installer
Gimp 2.6.2 Debug
Google Talk Plugin
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hoyle Board Games 2003
Hoyle Card Games 2003
Hoyle Casino 2007
Hoyle Demo
Hoyle Table Games 2004
HP Officejet 6500 E710n-z Basic Device Software
HP Officejet 6500 E710n-z Help
HP Officejet 6500 E710n-z Product Improvement Study
I.R.I.S. OCR
IObit Malware Fighter
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 31
Junk Mail filter update
Luvin Poker
Mabinogi
Malwarebytes Anti-Malware version 1.60.1.1000
MapleStory
Microsoft .NET Framework (English)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WinUsb 1.0
MobileMe Control Panel
Mozilla Firefox 10.0.2 (x86 en-US)
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Next Generation Visualisations
O Dream Board
OpenOffice.org 3.3
Performance Platform Voguecash
Players Only
Poker4ever
PokerStars
Protected Folder
Quicken 2011
Ralink Wireless LAN
Realtek High Definition Audio Driver
Registry Mechanic 9.0
Secunia PSI (2.0.0.4003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SpadeClub Poker
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
SpywareBlaster 4.5
Stamps.com
SUPERAntiSpyware
swMSM
TBS WMP Plug-in
The ClueFinders 4th Grade Adventures
The Sims™ 2 Double Deluxe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VCRedistSetup
WebFldrs XP
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/18/2012 5:43:04 PM, error: Service Control Manager [7024] - The Workstation service terminated with service-specific error 2250 (0x8CA).
3/18/2012 5:43:04 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMF Service service to connect.
3/18/2012 5:43:04 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service has returned a service-specific error code.
3/18/2012 5:43:04 PM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
3/18/2012 5:43:04 PM, error: Service Control Manager [7000] - The IMF Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/18/2012 5:42:49 PM, error: ati2mtag [45062] - CRT invalid display type
3/18/2012 5:42:39 PM, error: Workstation [5727] - Could not load RDR device driver.
.
==== End Of File ===========================

 

[Broni]

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

-============================================================

Download Bootkit Remover to your desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[MTilson]

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-19 20:03:44
-----------------------------
20:03:44.136 OS Version: Windows 5.1.2600 Service Pack 3
20:03:44.136 Number of processors: 2 586 0x602
20:03:44.136 ComputerName: TILSON-CC301A79 UserName: Mona Only
20:03:44.871 Initialize success
20:05:44.433 AVAST engine defs: 12031700
20:07:00.543 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\viamraid1Port4Path0Target0Lun0
20:07:00.543 Disk 0 Vendor: Maxtor_6 BACE Size: 194481MB BusType: 8
20:07:00.543 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\viamraid1Port4Path0Target2Lun0
20:07:00.558 Disk 1 Vendor: Maxtor_6 VA11 Size: 194481MB BusType: 8
20:07:00.558 Disk 0 MBR read successfully
20:07:00.558 Disk 0 MBR scan
20:07:00.605 Disk 0 Windows XP default MBR code
20:07:00.605 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 194466 MB offset 63
20:07:00.636 Disk 0 scanning sectors +398267415
20:07:00.683 Disk 0 scanning C:\WINDOWS\system32\drivers
20:07:11.261 Service scanning
20:07:11.855 Service .InCDPass \* **LOCKED** 123
20:07:30.886 Modules scanning
20:08:01.183 Disk 0 trace - called modules:
20:08:01.214 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS viamraid.sys
20:08:01.214 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b093ab8]
20:08:01.214 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000079[0x8b0d3920]
20:08:01.214 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Scsi\viamraid1Port4Path0Target0Lun0[0x8aff9a38]
20:08:01.871 AVAST engine scan C:\WINDOWS
20:08:09.386 AVAST engine scan C:\WINDOWS\system32
20:12:08.121 AVAST engine scan C:\WINDOWS\system32\drivers
20:12:44.824 AVAST engine scan C:\Users\Mona Only
20:31:45.199 AVAST engine scan C:\Users\All Users
20:36:43.902 Scan finished successfully
20:44:19.511 Disk 0 MBR has been saved successfully to "C:\Users\Mona Only\Desktop\MBR.dat"
20:44:19.511 The log file has been saved successfully to "C:\Users\Mona Only\Desktop\aswMBR.txt"