[Not curable - Ramnit] Win32/zbot virus removal help

bungeye · Apr 11, 2011

Hello,

I have the win32/zbot virus on my computer, and am requesting help with cleaning my computer. I have followed the instructions on your forum and have performed the various tests. Please see below the reports.

I am not a computer expert although I would not call myself a beginner either, so I apologise in advance if I struggle to answer any questions or if the information is incorrect. Any help is greatly appreciated!

MBAM log -

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6333

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

11/04/2011 17:46:42
mbam-log-2011-04-11 (17-46-42).txt

Scan type: Quick scan
Objects scanned: 156035
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER Log

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-11 18:51:06
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916082 rev.3.CD
Running: jnd3hwwz.exe; Driver: C:\Users\Jeremy\AppData\Local\Temp\fxdiqpow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

DDS Log

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jeremy at 18:57:52.93 on 11/04/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3581.1655 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\Program Files\AVG\AVG10\avgcfgex.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jeremy\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [googletalk] c:\users\jeremy\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\jeremy\appdata\roaming\microsoft\windows\start menu\programs\startup\wvviitys.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
LSA: Notification Packages = scecli psqlpwd
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-4 59240]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-18 214664]
R1 RapportCerberus_25641;RapportCerberus_25641;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\25641\RapportCerberus_25641.sys [2011-4-9 56888]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-4 169320]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-3-14 73728]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-14 21504]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-4 767208]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-11-4 14336]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-11-30 517448]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-11-12 7680]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-18 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-18 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-18 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-18 40552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2010-2-23 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2010-2-23 104960]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-3-15 209408]
.
=============== Created Last 30 ================
.
2011-04-11 15:41:08 -------- d-----w- c:\users\jeremy\appdata\roaming\Malwarebytes
2011-04-11 15:41:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-11 15:41:00 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-11 15:40:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-11 15:40:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-11 12:19:58 137731 --s---w- c:\users\jeremy\appdata\roaming\microsoft\windows\start menu\programs\startup\wvviitys.exe
2011-04-01 21:11:05 -------- d-----w- c:\program files\iPod
2011-04-01 21:11:03 -------- d-----w- c:\program files\iTunes
2011-04-01 21:03:49 -------- d-----w- c:\program files\Bonjour
2011-03-31 21:20:29 -------- d-----w- c:\users\jeremy\appdata\roaming\AVG
2011-03-22 19:54:08 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-22 19:54:08 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-22 19:54:08 1068544 ----a-w- c:\windows\system32\DWrite.dll
.
==================== Find3M ====================
.
2011-02-18 14:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
.
============= FINISH: 18:58:18.28 ===============

Attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 14/03/2008 16:21:26
System Uptime: 11/04/2011 17:50:40 (1 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | Microprocessor | 1667/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 136 GiB total, 10.759 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 2.5 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP623: 11/04/2011 09:53:48 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
1-abc.net Cleaning Box (Remove only)
AAC Decoder
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.5
Advanced Audio FX Engine
Advanced Video FX Engine
Amazon MP3 Downloader 1.0.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AVG 2011
Bonjour
Browser Address Error Redirector
Codec Pack - All In 1 6.0.3.0
Compatibility Pack for the 2007 Office system
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
DirectVobSub (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DNA
DVD Decrypter (Remove Only)
EASEUS Deleted File Recovery 2.1.1
Fingerprint Reader Suite 5.6
Full Tilt Poker
Google Desktop
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
GSpot Codec Information Appliance
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) PROSet/Wireless Software
Intel® Matrix Storage Manager
Internet From BT
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Java(TM) SE Runtime Environment 6
Laptop Integrated Webcam Driver (1.03.02.0719)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes' Anti-Malware
mCore
MediaDirect
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MKV Splitter
mMHouse
MobileMe Control Panel
mPfMgr
mWMI
Nokia Connectivity Cable Driver
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OutlookAddinSetup
PokerStars
Quest for Glory II
QuickSet
QuickTime
Rapport
Real Alternative 2.0.0
RealPlayer
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skype Toolbars
Skype™ 5.1
Spelling Dictionaries Support For Adobe Reader 8
Spotify
Subtitles Plugin for RealPlayer 2005.03.21
The Ur-Quan Masters 0.6.2
Tiscali Internet
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User's Guides
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.6
Vodafone Mobile Connect Lite
WIDCOMM Bluetooth Software 6.0.1.3100
WinRAR archiver
YouSendIt Express
.
==== End Of File ===========================

Broni · Apr 11, 2011

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

bungeye · Apr 12, 2011

Thanks Broni,

Here is the MBR check report.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: XPS M1530
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 169):
0x84414000 \SystemRoot\system32\ntkrnlpa.exe
0x847CE000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80484000 \SystemRoot\system32\PSHED.dll
0x80495000 \SystemRoot\system32\BOOTVID.dll
0x8049D000 \SystemRoot\system32\CLFS.SYS
0x804DE000 \SystemRoot\system32\CI.dll
0x8060F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8068B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80698000 \SystemRoot\system32\drivers\acpi.sys
0x806DE000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E7000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EF000 \SystemRoot\system32\drivers\pci.sys
0x80716000 \SystemRoot\System32\drivers\partmgr.sys
0x80725000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80728000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80732000 \SystemRoot\system32\drivers\volmgr.sys
0x80741000 \SystemRoot\System32\drivers\volmgrx.sys
0x8078B000 \SystemRoot\system32\DRIVERS\intelide.sys
0x80792000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x807A0000 \SystemRoot\system32\drivers\pciide.sys
0x807A7000 \SystemRoot\System32\drivers\mountmgr.sys
0x84A01000 \SystemRoot\system32\drivers\iastorv.sys
0x84AA1000 \SystemRoot\system32\drivers\iastor.sys
0x84B7B000 \SystemRoot\system32\drivers\atapi.sys
0x84B83000 \SystemRoot\system32\drivers\ataport.SYS
0x84BA1000 \SystemRoot\system32\drivers\fltmgr.sys
0x84BD3000 \SystemRoot\system32\drivers\fileinfo.sys
0x84BE3000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x85409000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8547A000 \SystemRoot\system32\drivers\ndis.sys
0x85585000 \SystemRoot\system32\drivers\msrpc.sys
0x855B0000 \SystemRoot\system32\drivers\NETIO.SYS
0x8560A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8571A000 \SystemRoot\system32\drivers\volsnap.sys
0x85753000 \SystemRoot\System32\Drivers\spldr.sys
0x8575B000 \SystemRoot\System32\Drivers\RapportKELL.sys
0x85769000 \SystemRoot\System32\Drivers\USBD.SYS
0x8576B000 \SystemRoot\System32\Drivers\mup.sys
0x8577A000 \SystemRoot\System32\drivers\ecache.sys
0x857A1000 \SystemRoot\system32\drivers\disk.sys
0x857B2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x857D3000 \SystemRoot\system32\drivers\crcdisk.sys
0x857DC000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x857E1000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x920E9000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x920F4000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x920FD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9260A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x92D37000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x92DD7000 \SystemRoot\System32\drivers\watchdog.sys
0x92DE3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9210C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x92DEE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9214A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x92E08000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x93009000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x93238000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x93248000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x93256000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x93270000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x9327F000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x93293000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x932E4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x932F7000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x93323000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9332E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x93339000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x93351000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x93357000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x9335B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x93364000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x93393000 \SystemRoot\system32\DRIVERS\storport.sys
0x933D4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x933DF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x92E54000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x92E5F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x92E82000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x92E91000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x92EA5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x92EBA000 \SystemRoot\System32\Drivers\pcouffin.sys
0x92EC6000 \SystemRoot\system32\DRIVERS\termdd.sys
0x933F6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x92ED6000 \SystemRoot\system32\DRIVERS\ks.sys
0x92F00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x92F0A000 \SystemRoot\system32\DRIVERS\umbus.sys
0x92F17000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x92F4C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x92F5D000 \SystemRoot\system32\drivers\stwrt.sys
0x92FB2000 \SystemRoot\system32\drivers\portcls.sys
0x921D7000 \SystemRoot\system32\drivers\drmk.sys
0x92FDF000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x93000000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x933F8000 \SystemRoot\System32\Drivers\Null.SYS
0x92FEB000 \SystemRoot\System32\Drivers\Beep.SYS
0x92E00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x92FF2000 \SystemRoot\System32\drivers\vga.sys
0x807B7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x92600000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x92000000 \SystemRoot\system32\drivers\rdpencdd.sys
0x855EB000 \SystemRoot\System32\Drivers\Msfs.SYS
0x84BEC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x857F7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x93803000 \SystemRoot\System32\drivers\tcpip.sys
0x938ED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x93908000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9391F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x93935000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0x9396F000 \SystemRoot\system32\DRIVERS\smb.sys
0x93983000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0x93985000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x939CD000 \SystemRoot\System32\DRIVERS\netbt.sys
0x93C08000 \SystemRoot\system32\drivers\afd.sys
0x93C50000 \SystemRoot\system32\DRIVERS\pacer.sys
0x93C66000 \SystemRoot\system32\DRIVERS\netbios.sys
0x93C74000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x93C87000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x93CC3000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
0x93CEC000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\25641\RapportCerberus_25641.sys
0x93CF9000 \SystemRoot\system32\drivers\nsiproxy.sys
0x93D03000 \SystemRoot\system32\drivers\mfehidk.sys
0x93D36000 \SystemRoot\System32\Drivers\dfsc.sys
0x93D4D000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x93D89000 \SystemRoot\System32\Drivers\tcusb.sys
0x93D93000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x9460D000 \SystemRoot\System32\Drivers\bthport.sys
0x9468D000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x946B6000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x946C0000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x946DA000 \SystemRoot\system32\drivers\btwavdt.sys
0x94740000 \SystemRoot\system32\drivers\btwaudio.sys
0x947BB000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x947BE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x947CE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x947D7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x947E0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x947E8000 \SystemRoot\System32\Drivers\crashdmp.sys
0x92008000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9CAC0000 \SystemRoot\System32\win32k.sys
0x947F5000 \SystemRoot\System32\drivers\Dxapi.sys
0x93DA0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9CCE0000 \SystemRoot\System32\TSDDD.dll
0x9CD00000 \SystemRoot\System32\cdd.dll
0x93DAF000 \SystemRoot\system32\drivers\luafv.sys
0x83E01000 \SystemRoot\system32\drivers\spsys.sys
0x83EB1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x83EC1000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x83EEB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x83EF5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x83F08000 \SystemRoot\system32\drivers\HTTP.sys
0x83F75000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x83F92000 \SystemRoot\system32\DRIVERS\bowser.sys
0x83FAB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x83FC0000 \SystemRoot\system32\drivers\mrxdav.sys
0x83FE1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x805BE000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x93DCA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x807D8000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA3200000 \SystemRoot\System32\DRIVERS\srv.sys
0xA3266000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xA3271000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA3299000 \SystemRoot\system32\drivers\peauth.sys
0xA3377000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA3381000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA338D000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xA3397000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xA33BF000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77B90000 \Windows\System32\ntdll.dll

Processes (total 84):
0 System Idle Process
4 System
476 C:\Windows\System32\smss.exe
508 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
764 csrss.exe
828 C:\Windows\System32\wininit.exe
840 csrss.exe
872 C:\Windows\System32\services.exe
888 C:\Windows\System32\lsass.exe
900 C:\Windows\System32\lsm.exe
1072 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\nvvsvc.exe
1144 C:\Windows\System32\svchost.exe
1244 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
1256 C:\Windows\System32\winlogon.exe
1392 C:\Windows\System32\svchost.exe
1420 C:\Windows\System32\svchost.exe
1432 C:\Windows\System32\svchost.exe
1504 C:\Windows\System32\audiodg.exe
1532 C:\Windows\System32\svchost.exe
1560 C:\Windows\System32\SLsvc.exe
1604 C:\Windows\System32\svchost.exe
1708 C:\Windows\System32\rundll32.exe
1848 C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
1876 C:\Windows\System32\svchost.exe
1568 C:\Windows\System32\spoolsv.exe
1812 C:\Windows\System32\svchost.exe
740 C:\Windows\System32\AEstSrv.exe
788 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
948 C:\Program Files\AVG\AVG10\avgwdsvc.exe
880 C:\Program Files\Bonjour\mDNSResponder.exe
1064 C:\Windows\System32\svchost.exe
1804 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
2308 C:\Program Files\AVG\AVG10\avgnsx.exe
2516 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2576 C:\Windows\System32\svchost.exe
2644 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2720 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
2740 C:\Windows\System32\stacsv.exe
2928 C:\Windows\System32\svchost.exe
2996 C:\Windows\System32\svchost.exe
3020 C:\Windows\System32\SearchIndexer.exe
3352 C:\Windows\explorer.exe
3360 C:\Windows\System32\dwm.exe
3568 C:\Program Files\DellTPad\Apoint.exe
3576 C:\Windows\OEM02Mon.exe
3596 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3604 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
3620 C:\Windows\System32\rundll32.exe
3628 C:\Windows\System32\rundll32.exe
3636 C:\Program Files\AVG\AVG10\avgtray.exe
3644 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
3652 C:\Program Files\iTunes\iTunesHelper.exe
3676 C:\Windows\System32\taskeng.exe
3716 C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
3788 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
3928 C:\Windows\System32\taskeng.exe
3008 C:\Users\Jeremy\AppData\Roaming\Google\Google Talk\googletalk.exe
2596 C:\Windows\ehome\ehtray.exe
3200 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
784 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3016 C:\Windows\ehome\ehmsas.exe
3464 C:\Program Files\Dell\QuickSet\quickset.exe
4068 WmiPrvSE.exe
1220 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
4204 C:\Program Files\DellTPad\ApMsgFwd.exe
4424 C:\Program Files\DellTPad\hidfind.exe
4480 C:\Program Files\DellTPad\ApntEx.exe
4608 WmiPrvSE.exe
4744 C:\Program Files\Internet Explorer\iexplore.exe
5084 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
5360 C:\Program Files\Internet Explorer\iexplore.exe
5540 C:\Program Files\iPod\bin\iPodService.exe
5596 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
5940 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
4384 C:\Program Files\Internet Explorer\iexplore.exe
3036 C:\Windows\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe
4476 C:\Windows\System32\svchost.exe
1512 C:\Program Files\Internet Explorer\iexplore.exe
3564 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
2788 C:\Program Files\AVG\AVG10\avgcsrvx.exe
1576 dllhost.exe
4604 dllhost.exe
4844 C:\Users\Jeremy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`87600000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`07600000 (NTFS)

PhysicalDrive0 Model Number: ST9160821AS, Rev: 3.CDE

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

bungeye · Apr 12, 2011

Combofix report:

ComboFix 11-04-11.02 - Jeremy 12/04/2011 11:05:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3581.2402 [GMT 2:00]
Running from: c:\users\Jeremy\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\restoration\Restoration.exe
c:\users\Jeremy\AppData\Roaming\inst.exe
c:\users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wvviitys.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
.
.
((((((((((((((((((((((((( Files Created from 2011-03-12 to 2011-04-12 )))))))))))))))))))))))))))))))
.
.
2011-04-12 09:15 . 2011-04-12 09:19 -------- d-----w- c:\users\Jeremy\AppData\Local\temp
2011-04-12 09:15 . 2011-04-12 09:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-11 15:41 . 2011-04-12 08:52 -------- d-----w- c:\users\Jeremy\AppData\Roaming\Malwarebytes
2011-04-01 21:11 . 2011-04-01 21:11 -------- d-----w- c:\program files\iPod
2011-04-01 21:11 . 2011-04-01 21:12 -------- d-----w- c:\program files\iTunes
2011-04-01 21:03 . 2011-04-01 21:03 -------- d-----w- c:\program files\Bonjour
2011-03-31 21:20 . 2011-03-31 22:10 -------- d-----w- c:\users\Jeremy\AppData\Roaming\AVG
2011-03-22 19:54 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-22 19:54 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-22 19:54 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 14:36 . 2011-02-18 14:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 14:36 . 2011-02-18 14:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-01-20 16:37 . 2011-02-10 22:33 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-10 22:33 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-10 22:33 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-10 22:33 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-10 22:33 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-10 22:33 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-10 22:33 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-10 22:33 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-10 22:33 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-10 22:33 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-10 22:33 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-10 22:33 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-10 22:33 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-10 22:33 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-10 22:33 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-10 22:33 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-10 22:33 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-10 22:33 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-10 22:33 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-10 22:33 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-10 22:33 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-10 22:33 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-10 22:33 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-10 22:33 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-10 22:33 683008 ----a-w- c:\windows\system32\d2d1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 23:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 23:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"googletalk"="c:\users\Jeremy\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-14 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-06-09 96800]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-16 23:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-29 22:47 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-04-13 01:29 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-02-04 22:38 323392 ----a-w- c:\users\Jeremy\Program Files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 16:43 118784 ------w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 09:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-12-04 13:00 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 13:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-11-01 15:39 189736 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2007-04-16 22:50 49168 ----a-w- c:\program files\Fingerprint Reader Suite\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-08-25 20:59 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2008-11-12 7680]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2008-11-12 110080]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2008-11-12 104960]
R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2010-10-03 59240]
S1 RapportCerberus_25641;RapportCerberus_25641;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\25641\RapportCerberus_25641.sys [2011-04-09 56888]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-10-03 169320]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-03 767208]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-11-03 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 22:23]
.
2011-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 22:23]
.
2010-09-03 c:\windows\Tasks\User_Feed_Synchronization-{31B4A8E8-B6B6-4FBB-9C0C-CBA894CD497B}.job
- c:\windows\system32\msfeedssync.exe [2011-02-10 04:47]
.
2011-04-11 c:\windows\Tasks\User_Feed_Synchronization-{C1E16F6A-ADA2-420B-AC78-6737EDEDEE5F}.job
- c:\windows\system32\msfeedssync.exe [2011-02-10 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-12 11:21
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,91,83,75,40,e4,3d,42,ab,fa,73,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,91,83,75,40,e4,3d,42,ab,fa,73,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3392)
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Fingerprint Reader Suite\upeksvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\STacSV.exe
.
**************************************************************************
.
Completion time: 2011-04-12 11:26:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-12 09:26
.
Pre-Run: 13,593,780,224 bytes free
Post-Run: 13,093,621,760 bytes free
.
- - End Of File - - 6CAA056C5941960BDF723E6C64C322C0

Broni · Apr 12, 2011

Combofix log looks good now.

How is computer doing?

You can reinstall AVG now.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

bungeye · Apr 12, 2011

Thanks, my computer is working well. AVG scan came up with nothing also...

OTL report is too big so i will post it in two replies if that is okay.

First half here:

OTL logfile created on: 12/04/2011 17:41:27 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jeremy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.43 Gb Total Space | 11.57 Gb Free Space | 8.48% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.50 Gb Free Space | 25.00% Space Free | Partition Type: NTFS
Drive F: | 148.79 Gb Total Space | 134.33 Gb Free Space | 90.28% Space Free | Partition Type: FAT32

Computer Name: JEREMY-PC | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/12 17:38:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
PRC - [2011/03/09 10:16:18 | 000,234,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe
PRC - [2011/02/28 16:10:20 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/02/17 06:21:58 | 002,190,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/11 06:25:52 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:48 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/08 05:32:46 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/10/04 00:43:16 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/10/04 00:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2009/05/21 11:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/04 15:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/11/04 00:39:20 | 000,014,336 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008/08/13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/12/03 06:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/12/03 06:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/07 18:27:08 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/09/07 10:51:00 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/07 10:50:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/07 10:50:56 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/09/07 10:50:54 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/08/28 07:51:42 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/04/17 01:05:52 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
PRC - [2006/11/03 19:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 19:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

========== Modules (SafeList) ==========

MOD - [2011/04/12 17:38:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
MOD - [2010/10/04 00:43:42 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2010/08/31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/04 00:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2008/12/04 15:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/11/04 00:39:20 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008/08/13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 06:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/12/03 06:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)

========== Driver Services (SafeList) ==========

DRV - [2011/04/09 08:22:05 | 000,056,888 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\25641\RapportCerberus_25641.sys -- (RapportCerberus_25641)
DRV - [2011/03/30 17:16:52 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:54:00 | 000,296,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/19 04:32:56 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/10/04 00:43:44 | 000,169,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/10/04 00:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2009/09/16 11:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 11:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 11:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 11:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 11:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/11/12 02:50:48 | 000,110,080 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2008/11/12 02:50:48 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/11/12 02:50:48 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2008/11/12 02:50:48 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/11/12 02:50:48 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/11/12 02:50:48 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/06/09 08:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/02 11:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/02 11:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/02 11:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/02 11:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/12/03 06:28:08 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/09/07 11:27:32 | 000,209,408 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ianvstor.sys -- (iaNvStor) Intel(R)
DRV - [2007/09/07 10:50:54 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/07 08:35:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/07 08:35:44 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/07 08:35:42 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/28 07:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 07:51:40 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2006/11/02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1467130767-3964406044-1211724845-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1467130767-3964406044-1211724845-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1467130767-3964406044-1211724845-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/25 22:59:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/12 11:41:37 | 000,000,000 | ---D | M]

[2009/02/08 17:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Extensions
[2009/02/08 17:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2011/04/12 11:17:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1467130767-3964406044-1211724845-1000..\Run: [googletalk] C:\Users\Jeremy\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-1467130767-3964406044-1211724845-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1467130767-3964406044-1211724845-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1467130767-3964406044-1211724845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1467130767-3964406044-1211724845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/03/24 11:43:58 | 000,045,056 | R--- | M] () - D:\AutoUpdate.dll -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

bungeye · Apr 12, 2011

second half of OTL report:

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/04/12 17:38:21 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
[2011/04/12 11:44:24 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\AVG10
[2011/04/12 11:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2011/04/12 11:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/04/12 11:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/04/12 11:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/04/12 11:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/04/12 11:26:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/12 11:26:07 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\temp
[2011/04/12 11:17:50 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/04/12 11:01:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/12 11:01:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/12 11:01:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/12 11:01:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/12 11:00:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/12 11:00:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/12 10:38:35 | 006,238,248 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Jeremy\Desktop\AppRemover.exe
[2011/04/11 17:41:08 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Malwarebytes
[2011/04/11 17:39:31 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jeremy\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/11 15:33:32 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\TFC.exe
[2011/04/01 23:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/01 23:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/01 23:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/01 23:03:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/03/31 23:20:29 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\AVG
[2011/03/30 17:16:52 | 000,134,480 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSDriver.sys
[2011/03/21 18:12:44 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Skifahren Golm
[2009/06/21 16:04:18 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Jeremy\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/04/12 17:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/12 17:38:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
[2011/04/12 17:24:19 | 000,027,934 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/04/12 17:23:36 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/12 17:23:31 | 000,027,934 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/12 17:23:06 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/12 17:23:06 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/12 17:22:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/12 17:22:40 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/12 17:18:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/04/12 14:47:29 | 000,237,056 | ---- | M] () -- C:\Users\Jeremy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/12 11:50:06 | 112,233,269 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/04/12 11:41:41 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/04/12 11:17:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/04/12 10:38:45 | 006,238,248 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Jeremy\Desktop\AppRemover.exe
[2011/04/12 10:18:15 | 004,318,978 | R--- | M] () -- C:\Users\Jeremy\Desktop\ComboFix.exe
[2011/04/12 10:12:26 | 000,080,384 | ---- | M] () -- C:\Users\Jeremy\Desktop\MBRCheck.exe
[2011/04/12 00:38:34 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C1E16F6A-ADA2-420B-AC78-6737EDEDEE5F}.job
[2011/04/11 19:01:07 | 000,001,889 | ---- | M] () -- C:\Users\Jeremy\Desktop\Attach.rar
[2011/04/11 18:53:20 | 000,625,664 | ---- | M] () -- C:\Users\Jeremy\Desktop\dds.scr
[2011/04/11 17:47:29 | 000,301,568 | ---- | M] () -- C:\Users\Jeremy\Desktop\jnd3hwwz.exe
[2011/04/11 17:39:33 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jeremy\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/11 17:17:13 | 000,057,915 | ---- | M] () -- C:\Users\Jeremy\Desktop\4716-malwarebytes-anti-malware.htm
[2011/04/11 15:55:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\TFC.exe
[2011/04/11 15:27:14 | 000,000,042 | ---- | M] () -- C:\Windows\System32\scud.udf
[2011/04/11 14:10:43 | 000,009,620 | ---- | M] () -- C:\Users\Jeremy\AppData\Local\d3d9caps.dat
[2011/04/06 22:49:59 | 012,866,943 | ---- | M] () -- C:\Users\Jeremy\Desktop\Social Studies (Plastic Plates Remix.mp3
[2011/04/01 23:12:08 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/31 23:31:09 | 003,480,346 | ---- | M] () -- C:\Users\Jeremy\Desktop\Rasmus-Folk-Pavel.mp3
[2011/03/30 17:16:52 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSDriver.sys
[2011/03/29 20:46:03 | 000,005,660 | ---- | M] () -- C:\WirelessDiagLog.csv
[2011/03/29 17:53:29 | 014,337,425 | ---- | M] () -- C:\Users\Jeremy\Desktop\Black Cat.mp3
[2011/03/20 07:01:24 | 007,951,368 | ---- | M] () -- C:\Users\Jeremy\Desktop\02 Earthy Powers.mp3

========== Files Created - No Company Name ==========

[2011/04/12 11:41:41 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/04/12 11:01:39 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/12 11:01:38 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/12 11:01:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/12 11:01:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/12 11:01:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/12 10:18:07 | 004,318,978 | R--- | C] () -- C:\Users\Jeremy\Desktop\ComboFix.exe
[2011/04/12 10:12:24 | 000,080,384 | ---- | C] () -- C:\Users\Jeremy\Desktop\MBRCheck.exe
[2011/04/11 19:00:11 | 000,001,889 | ---- | C] () -- C:\Users\Jeremy\Desktop\Attach.rar
[2011/04/11 18:53:18 | 000,625,664 | ---- | C] () -- C:\Users\Jeremy\Desktop\dds.scr
[2011/04/11 17:47:27 | 000,301,568 | ---- | C] () -- C:\Users\Jeremy\Desktop\jnd3hwwz.exe
[2011/04/11 17:16:59 | 000,057,915 | ---- | C] () -- C:\Users\Jeremy\Desktop\4716-malwarebytes-anti-malware.htm
[2011/04/11 15:27:14 | 000,000,042 | ---- | C] () -- C:\Windows\System32\scud.udf
[2011/04/06 22:52:54 | 012,866,943 | ---- | C] () -- C:\Users\Jeremy\Desktop\Social Studies (Plastic Plates Remix.mp3
[2011/04/06 22:43:55 | 014,337,425 | ---- | C] () -- C:\Users\Jeremy\Desktop\Black Cat.mp3
[2011/04/06 22:41:20 | 007,951,368 | ---- | C] () -- C:\Users\Jeremy\Desktop\02 Earthy Powers.mp3
[2011/04/06 22:36:04 | 003,480,346 | ---- | C] () -- C:\Users\Jeremy\Desktop\Rasmus-Folk-Pavel.mp3
[2011/04/01 23:12:08 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/29 20:46:03 | 000,005,660 | ---- | C] () -- C:\WirelessDiagLog.csv
[2011/03/23 21:26:11 | 004,395,521 | ---- | C] () -- C:\Users\Jeremy\Desktop\Double - The Captain of Her Heart.mp3
[2009/09/24 23:44:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 23:44:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/24 23:41:38 | 000,668,938 | ---- | C] () -- C:\Windows\unins000.exe
[2009/09/24 23:41:38 | 000,000,825 | ---- | C] () -- C:\Windows\unins000.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/21 16:23:59 | 000,001,044 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\vso_ts_preview.xml
[2009/06/21 16:04:19 | 000,007,887 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\pcouffin.cat
[2009/06/21 16:04:18 | 000,001,144 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\pcouffin.inf
[2009/04/17 01:16:31 | 000,027,934 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/04/17 01:16:18 | 000,027,934 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/01/24 13:50:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/01/21 01:03:53 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/11/12 02:51:04 | 000,135,882 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008/08/20 04:45:46 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2008/07/26 10:15:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/24 00:24:24 | 000,009,620 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\d3d9caps.dat
[2008/04/12 10:23:45 | 000,000,844 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\wklnhst.dat
[2008/03/20 23:13:57 | 000,027,430 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\nvModes.001
[2008/03/19 00:52:18 | 000,027,430 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\nvModes.dat
[2008/03/18 14:42:44 | 000,237,056 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/15 01:12:54 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/03/15 01:12:53 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/03/14 17:36:00 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/03/14 17:20:13 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/07/25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/11/10 15:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/03 19:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:47:37 | 000,314,816 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:33:01 | 000,608,706 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,109,542 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/10/14 11:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2005/10/14 11:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2005/10/14 11:56:50 | 000,778,240 | ---- | C] () -- C:\Windows\System32\DivXsm.exe
[2005/10/14 11:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2005/10/14 11:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2005/10/14 11:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2005/10/14 11:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2005/10/14 11:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2005/10/14 11:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/04/25 23:59:29 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2010/04/25 23:59:29 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2009/11/09 23:50:13 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Amazon
[2011/04/01 00:10:18 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\AVG
[2011/04/12 11:44:24 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\AVG10
[2011/04/11 18:42:25 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\BitTorrent
[2011/02/13 16:57:12 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\DNA
[2010/11/07 17:48:04 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\LimeWire
[2011/03/06 17:18:29 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Spotify
[2009/06/30 22:33:36 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\StarOffice8
[2008/04/12 10:23:47 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Template
[2010/02/07 11:59:40 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Trusteer
[2010/06/27 19:32:55 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\uqm
[2010/02/23 07:10:50 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Vodafone
[2010/06/28 12:37:03 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Vso
[2010/06/28 12:37:03 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\YouSendIt
[2011/04/12 17:18:39 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/09/04 00:08:02 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{31B4A8E8-B6B6-4FBB-9C0C-CBA894CD497B}.job
[2011/04/12 00:38:34 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C1E16F6A-ADA2-420B-AC78-6737EDEDEE5F}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/04/12 11:26:05 | 000,015,894 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/03/15 01:13:05 | 000,004,643 | RH-- | M] () -- C:\dell.sdr
[2011/04/12 17:22:40 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/07 14:50:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/07 14:50:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/09/04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2011/04/12 17:22:38 | 4069,675,008 | -HS- | M] () -- C:\pagefile.sys
[2011/03/29 20:46:03 | 000,005,660 | ---- | M] () -- C:\WirelessDiagLog.csv

< %systemroot%\Fonts\*.com >
[2006/11/02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/09/25 09:34:00 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/19 09:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/06/21 11:46:33 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/03 23:48:07 | 000,000,636 | -HS- | M] () -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/04/12 10:38:45 | 006,238,248 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Jeremy\Desktop\AppRemover.exe
[2011/04/12 10:18:15 | 004,318,978 | R--- | M] () -- C:\Users\Jeremy\Desktop\ComboFix.exe
[2008/03/29 01:09:48 | 001,478,696 | ---- | M] (Microsoft Corporation) -- C:\Users\Jeremy\Desktop\GenuineCheck.exe
[2010/02/03 23:24:13 | 042,461,120 | ---- | M] (Intel(R) Corporation) -- C:\Users\Jeremy\Desktop\ICS_s64.exe
[2011/04/11 17:47:29 | 000,301,568 | ---- | M] () -- C:\Users\Jeremy\Desktop\jnd3hwwz.exe
[2011/04/11 17:39:33 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jeremy\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/12 10:12:26 | 000,080,384 | ---- | M] () -- C:\Users\Jeremy\Desktop\MBRCheck.exe
[2011/04/12 17:38:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
[2011/04/11 15:55:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\TFC.exe
[2008/03/28 18:52:33 | 025,755,448 | ---- | M] (Microsoft Corporation) -- C:\Users\Jeremy\Desktop\wmp11-windowsxp-x86-enu.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/09/28 21:38:14 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2009/09/28 21:37:43 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2009/09/28 21:37:43 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2009/09/28 21:37:44 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/02/23 07:08:51 | 000,000,402 | -HS- | M] () -- C:\Users\Jeremy\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2008/08/20 04:45:46 | 000,020,270 | ---- | M] () -- C:\ProgramData\DeviceInstaller.xml
[2008/11/12 02:51:04 | 000,135,882 | R--- | M] () -- C:\ProgramData\DeviceManager.xml.rc4
[2011/04/12 17:24:19 | 000,027,934 | ---- | M] () -- C:\ProgramData\nvModes.001

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >
[2007/08/13 11:05:24 | 000,600,328 | ---- | M] (Intel Corporation) -- C:\Windows\Installer\iProInst.exe
[4 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0F8F5844

< End of report >

bungeye · Apr 12, 2011

Here is the extras report:

OTL Extras logfile created on: 12/04/2011 17:41:27 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jeremy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.43 Gb Total Space | 11.57 Gb Free Space | 8.48% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.50 Gb Free Space | 25.00% Space Free | Partition Type: NTFS
Drive F: | 148.79 Gb Total Space | 134.33 Gb Free Space | 90.28% Space Free | Partition Type: FAT32

Computer Name: JEREMY-PC | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1467130767-3964406044-1211724845-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1106E80F-BD26-4C8D-BDCD-E8ED172EC569}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{110BC466-79AE-43CC-BBB2-B689185CFCC9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{146331BC-1DF4-4F3B-B3C5-2B1160E858BA}" = lport=138 | protocol=17 | dir=in | app=system |
"{45879AC5-D79B-4FAC-B58B-4A19B5BD7136}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5512E147-1B18-4D3B-BFA5-7BF2B0EDC92B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{608290D5-19AC-4A80-AFD2-770793F60EA5}" = lport=137 | protocol=17 | dir=in | app=system |
"{7F76EECB-7ED3-4C16-90A6-05E5E235DFA6}" = rport=139 | protocol=6 | dir=out | app=system |
"{82CAE90F-3CD4-4237-BA07-A20351D5679F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{94338D91-6A38-40ED-85D7-5042FAA03CEE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{989907CA-747B-4952-BBE7-C6661B92B38A}" = rport=138 | protocol=17 | dir=out | app=system |
"{B29816E3-2AD5-4BE4-8B04-702468C48070}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BF6AF120-6F65-4625-8E79-F7F1E704A8AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1F92AEE-DAB9-4D66-BC87-C0D6DD48D8EC}" = rport=137 | protocol=17 | dir=out | app=system |
"{C27CC947-6321-435C-917D-28EEDEB5688A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C5E78DE6-FCF4-4259-BDE1-A61A862673C1}" = rport=445 | protocol=6 | dir=out | app=system |
"{F8433EDE-B6BD-442E-9363-E235DB140371}" = lport=139 | protocol=6 | dir=in | app=system |
"{F99EAD50-7767-4A81-AF43-8A0775E0D104}" = lport=445 | protocol=6 | dir=in | app=system |
"{FBA4D0F5-A37C-4DAC-A430-78C959547883}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1141F058-18B0-4515-B1C8-EEC171A55DEF}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{14432234-DD04-44AB-9F71-630895A84B93}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{2D297F2D-0F55-4BDB-8C05-C964D58F01BA}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{34A5F4C0-B72D-4FBA-AFA6-DE08126F2407}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{34D48BD0-938C-46AF-B577-5C3CF9966F81}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{43557D2E-6D7B-42D2-B8C5-75E5E3BAD999}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{45D3E568-293A-4445-880F-FBB7449AFE96}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{502AA3B5-6F36-4F9F-846F-2D09718EE379}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{61324FBA-ADE2-430C-978B-ACA856610BAE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6AB02B13-D2A0-4FA9-B1DF-CD242C9105E4}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{737F4738-B46A-4910-A145-CB9C237D9E32}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7F332BD2-9C27-4EBD-B473-D2529D92D105}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7F87B009-23DD-481E-A804-1089D05830BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{87827417-0DE4-419D-A013-4DAF0E16EBB1}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{94B8ED7F-CC9B-4712-A78A-DDFB15EE2D35}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{9F199A32-7F02-4C0D-971D-A9C9A3F2C306}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AAAA8BF3-7FE6-4A85-9166-EC254DD3EDF7}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{ABBCDD64-D558-4FB2-A6CB-5AF36D806BD3}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{B8BCCE2B-A188-4A45-B405-06CA4AE9E600}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{BC9254A9-B4C0-40F7-BD15-34B7D9B2A82A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{CCF02794-9596-4618-92E0-0B46E201EAE8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D991D444-FE4B-4552-BE06-53E1FFA246DE}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{D9E93BCD-9552-4A5F-957C-0030898B4B8F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{E686EAC2-B606-4F80-8F99-F864EFBC09CC}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{E848FA89-05FC-483E-B37A-920BB5EEE574}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EC99D254-1506-4D60-9B69-301A1673A34D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD045EE7-5FD8-4566-A02A-8ECC9F7A15CB}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{49CB45AA-01FB-4CC1-84D0-3D4D86BAA7A5}C:\users\jeremy\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\jeremy\program files\dna\btdna.exe |
"TCP Query User{639AED9C-050B-48BA-863C-CCD401ED752E}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{778A7DFA-BA95-47F0-8591-26C0F854ED78}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{7CE21B2F-4112-4FF4-9166-3275799C056B}C:\users\jeremy\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\users\jeremy\program files\bittorrent\bittorrent.exe |
"TCP Query User{8DB4BB73-4904-4412-98C2-72C6FE9DA56F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B47D70D1-A60F-4D24-9780-8B45F89AE8B1}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{B4A683C0-12BF-4BFB-8D55-2AC2B0653200}C:\users\jeremy\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\jeremy\program files\dna\btdna.exe |
"TCP Query User{BA2FF4CA-1B7C-4FBD-821E-22100D8E5EA5}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{BC5E2ED4-0839-40A9-B5DE-3B938E37F12E}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{C77995C5-854F-4231-A030-BF4DE92F30E6}C:\users\jeremy\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\users\jeremy\program files\bittorrent\bittorrent.exe |
"UDP Query User{1D3E6A92-F9F3-4551-9F9F-9026881D04FF}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{228F22C3-C34D-4D3F-A74D-A1CD5D56630F}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{342E5327-D098-42AE-A016-229D1E803010}C:\users\jeremy\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\jeremy\program files\dna\btdna.exe |
"UDP Query User{3651C557-DC93-4776-BEB8-A7BAFD34E393}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{ACF014B5-2C3F-4348-A02D-C001E499417B}C:\users\jeremy\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\jeremy\program files\dna\btdna.exe |
"UDP Query User{C060A752-97E0-4FA0-8E7C-626B51FC6726}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{C1822419-2013-413B-BE26-B9702D061E55}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"UDP Query User{E873F6EE-67B4-41F0-83F6-5FAA2CC552A4}C:\users\jeremy\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\users\jeremy\program files\bittorrent\bittorrent.exe |
"UDP Query User{FACA8AFB-DD1E-43F1-9E5E-8BE9BA28C602}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FFD7989D-A04F-4754-866D-C9A930B78C99}C:\users\jeremy\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\users\jeremy\program files\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 23
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40589552-3892-409E-B92C-9F5032A4B2F0}" = Safari
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6003F12D-6DAF-4C3F-9FFA-F4A721DC6BBF}" = AVG 2011
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{865A8951-8D9A-46CB-84A2-3D67BA38B923}" = EASEUS Deleted File Recovery 2.1.1
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B3776EC-5F0A-4996-A7DF-BB5DA95B240E}" = Vodafone Mobile Connect Lite
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"1-abc.net Cleaning Box" = 1-abc.net Cleaning Box (Remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"AVG" = AVG 2011
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DirectVobSub" = DirectVobSub (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Google Desktop" = Google Desktop
"GSpot" = GSpot Codec Information Appliance
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"ProInst" = Intel(R) PROSet/Wireless Software
"Rapport_msi" = Rapport
"RealAlt_is1" = Real Alternative 2.0.0
"RealPlayer 6.0" = RealPlayer
"Spotify" = Spotify
"Subtitles Plugin for RealPlayer_is1" = Subtitles Plugin for RealPlayer 2005.03.21
"The Ur-Quan Masters" = The Ur-Quan Masters 0.6.2
"VLC media player" = VLC media player 1.1.6
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1467130767-3964406044-1211724845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"BitTorrent DNA" = DNA
"Quest for Glory II" = Quest for Glory II

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/12/2010 15:16:37 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 109575

Error - 26/12/2010 15:16:37 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 109575

Error - 26/12/2010 15:16:53 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 26/12/2010 15:16:53 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 125175

Error - 26/12/2010 15:16:53 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 125175

Error - 26/12/2010 15:17:08 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 26/12/2010 15:17:08 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 140776

Error - 26/12/2010 15:17:08 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 140776

Error - 26/12/2010 15:17:24 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 26/12/2010 15:17:24 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 156376

[ Media Center Events ]
Error - 16/04/2008 14:55:45 | Computer Name = Jeremy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 18/04/2008 08:46:57 | Computer Name = Jeremy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 26/05/2008 12:21:03 | Computer Name = Jeremy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ System Events ]
Error - 10/12/2008 19:15:27 | Computer Name = Jeremy-PC | Source = HTTP | ID = 15016
Description =

Error - 14/12/2008 13:37:51 | Computer Name = Jeremy-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001F3C17917F. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 16/12/2008 20:04:51 | Computer Name = Jeremy-PC | Source = bowser | ID = 8003
Description =

Error - 21/12/2008 16:33:48 | Computer Name = Jeremy-PC | Source = HTTP | ID = 15016
Description =

Error - 08/01/2009 01:02:26 | Computer Name = Jeremy-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 04:59:48 on 08/01/2009 was unexpected.

Error - 08/01/2009 01:02:29 | Computer Name = Jeremy-PC | Source = HTTP | ID = 15016
Description =

Error - 08/01/2009 09:17:49 | Computer Name = Jeremy-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 13:15:19 on 08/01/2009 was unexpected.

Error - 08/01/2009 09:17:51 | Computer Name = Jeremy-PC | Source = HTTP | ID = 15016
Description =

Error - 14/01/2009 18:38:14 | Computer Name = Jeremy-PC | Source = HTTP | ID = 15016
Description =

Error - 15/01/2009 17:40:45 | Computer Name = Jeremy-PC | Source = HTTP | ID = 15016
Description =

< End of report >

Broni · Apr 12, 2011

Good news

You have some McAfee leftovers.
Please, run this tool to remove them: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml

===================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

====================================================================

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0F8F5844

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
=====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

bungeye · Apr 13, 2011

great! New OTL report:

All processes killed
========== OTL ==========
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:0F8F5844 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes

User: Jeremy
->Temp folder emptied: 13092718 bytes
->Java cache emptied: 3879 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 9444 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 235724 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1137750780 bytes

Total Files Cleaned = 1,098.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jeremy
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04132011_233734

Files\Folders moved on Reboot...
File\Folder C:\Users\Jeremy\AppData\Local\Temp\~DF52EB.tmp not found!
File\Folder C:\Users\Jeremy\AppData\Local\Temp\~DF5307.tmp not found!
File\Folder C:\Users\Jeremy\AppData\Local\Temp\~DF53F3.tmp not found!
File\Folder C:\Users\Jeremy\AppData\Local\Temp\~DF5425.tmp not found!
File\Folder C:\Users\Jeremy\AppData\Local\Temp\~DF5891.tmp not found!
File\Folder C:\Users\Jeremy\AppData\Local\Temp\~DF6040.tmp not found!

Registry entries deleted on Reboot...

bungeye · Apr 13, 2011

security check results:

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 24
Java(TM) SE Runtime Environment 6
Out of date Java installed!
Adobe Flash Player 10.0.12.36
Adobe Reader 8.2.5
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

Broni · Apr 13, 2011

Uninstall Java(TM) SE Runtime Environment 6 .

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

...and Eset...

bungeye · Apr 13, 2011

i tried to uninstall java se runtime environment 6 but a message came up saying:

the system adminstrator has set policies to prevent this installation

then it says i do not have sufficient access to uninstall Java SE runtime envinroment 6. please contact system administrator.

ESET is still running and it has found (so far) 25 infected files: win32/ramnit.A virus...

Broni · Apr 13, 2011

Ramnit is really bad news.
Let me see the log first, when you're done.

bungeye · Apr 14, 2011

ah, i want to swear...

okay, first a few questions. assuming i have to start from scratch, the only really important things i have are music files. can i copy these and start again or are they possibly compromised? second, i have an ipod - does this count as an 'external hardrive' - do i have to wipe this as well? (i ask because my backup doesnt have a lot of my new and most favourite music on it).

second, i am moving cities and might not be online for a few days or longer. can you please keep this post open indefinitely or for a week or 2? i will probably be back soon but i dont know as i am moving...

here is the log from ESET.

PS thank you for all of your help an patience. I appreciate your time and effort on this, it has been very helpful...

C:\Qoobox\Quarantine\C\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wvviitys.exe.vir Win32/Ramnit.A virus
C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\26_tabswelcome_ie7footer.htm Win32/Ramnit.A virus
C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\29_tabswelcome_ie7footer.htm Win32/Ramnit.A virus
C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\41_tabswelcome_ie7footer.htm Win32/Ramnit.A virus
C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\42_tabswelcome_ie7footer.htm Win32/Ramnit.A virus
C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\45_tabswelcome_ie7footer.htm Win32/Ramnit.A virus
C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\46_tabswelcome_ie7footer.htm Win32/Ramnit.A virus
C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\49_tabswelcome_ie7footer.htm Win32/Ramnit.A virus
C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\50_tabswelcome_ie7footer.htm Win32/Ramnit.A virus
C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\58_tabswelcome_ie7footer.htm Win32/Ramnit.A virus
C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\59_tabswelcome_ie7footer.htm Win32/Ramnit.A virus
C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_general.htm Win32/Ramnit.A virus
C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\Facebook_error.htm Win32/Ramnit.A virus
C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\Facebook_notifier.htm Win32/Ramnit.A virus
C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\Facebook_status.htm Win32/Ramnit.A virus
C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_simple.htm Win32/Ramnit.A virus
C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_dangerous.html Win32/Ramnit.A virus
C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_questionable.html Win32/Ramnit.A virus
C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_risky.html Win32/Ramnit.A virus
C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_safe.html Win32/Ramnit.A virus
C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_unknown.html Win32/Ramnit.A virus
C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_waiting.html Win32/Ramnit.A virus
C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie7footer.htm Win32/Ramnit.A virus
C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\weather_error.htm Win32/Ramnit.A virus
C:\Users\Jeremy\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\110331232030461.rsc multiple threats

Broni · Apr 15, 2011

I'm afraid I have very bad news.

You're infected with Ramnit file infector virus.

Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.

Understanding virus names

Threat aliases for Win32/Ramnit.A

With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

When should I re-format? How should I reinstall?

Where to draw the line? When to recommend a format and reinstall?

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

Important Note:: If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to to include those used for banking, email, eBay, paypal and any online activities which require a username and password. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.

TechSpot

[Not curable - Ramnit] Win32/zbot virus removal help

bungeye Newcomer, in training

Broni Malware Annihilator

bungeye Newcomer, in training

bungeye Newcomer, in training

Broni Malware Annihilator

bungeye Newcomer, in training

bungeye Newcomer, in training

bungeye Newcomer, in training

Broni Malware Annihilator

bungeye Newcomer, in training

bungeye Newcomer, in training

Broni Malware Annihilator

bungeye Newcomer, in training

Broni Malware Annihilator

bungeye Newcomer, in training

Broni Malware Annihilator