[Not curable - Ramnit] Win32/zbot virus removal help

By bungeye
Apr 11, 2011
Topic Status:
Not open for further replies.
  1. Hello,

    I have the win32/zbot virus on my computer, and am requesting help with cleaning my computer. I have followed the instructions on your forum and have performed the various tests. Please see below the reports.

    I am not a computer expert although I would not call myself a beginner either, so I apologise in advance if I struggle to answer any questions or if the information is incorrect. Any help is greatly appreciated!

    MBAM log -

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6333

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    11/04/2011 17:46:42
    mbam-log-2011-04-11 (17-46-42).txt

    Scan type: Quick scan
    Objects scanned: 156035
    Time elapsed: 4 minute(s), 52 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER Log

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit quick scan 2011-04-11 18:51:06
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916082 rev.3.CD
    Running: jnd3hwwz.exe; Driver: C:\Users\Jeremy\AppData\Local\Temp\fxdiqpow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----


    DDS Log

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Jeremy at 18:57:52.93 on 11/04/2011
    Internet Explorer: 8.0.6001.19019
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3581.1655 [GMT 2:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\system32\STacSV.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\OEM02Mon.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files\AVG\AVG10\avgui.exe
    C:\Program Files\AVG\AVG10\avgcfgex.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Jeremy\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uSearch Bar = Preserve
    uWindow Title = Internet Explorer provided by Dell
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [googletalk] c:\users\jeremy\appdata\roaming\google\google talk\googletalk.exe /autostart
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\users\jeremy\appdata\roaming\microsoft\windows\start menu\programs\startup\wvviitys.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: DisableCAD = 1 (0x1)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: psfus - c:\windows\system32\psqlpwd.dll
    AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
    LSA: Notification Packages = scecli psqlpwd
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-4 59240]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-18 214664]
    R1 RapportCerberus_25641;RapportCerberus_25641;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\25641\RapportCerberus_25641.sys [2011-4-9 56888]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-4 169320]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-3-14 73728]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-14 21504]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-4 767208]
    R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-11-4 14336]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-11-30 517448]
    S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-11-12 7680]
    S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-18 79816]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-18 35272]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-18 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-18 40552]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2010-2-23 110080]
    S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2010-2-23 104960]
    S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-3-15 209408]
    .
    =============== Created Last 30 ================
    .
    2011-04-11 15:41:08 -------- d-----w- c:\users\jeremy\appdata\roaming\Malwarebytes
    2011-04-11 15:41:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-11 15:41:00 -------- d-----w- c:\progra~2\Malwarebytes
    2011-04-11 15:40:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-11 15:40:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-11 12:19:58 137731 --s---w- c:\users\jeremy\appdata\roaming\microsoft\windows\start menu\programs\startup\wvviitys.exe
    2011-04-01 21:11:05 -------- d-----w- c:\program files\iPod
    2011-04-01 21:11:03 -------- d-----w- c:\program files\iTunes
    2011-04-01 21:03:49 -------- d-----w- c:\program files\Bonjour
    2011-03-31 21:20:29 -------- d-----w- c:\users\jeremy\appdata\roaming\AVG
    2011-03-22 19:54:08 797696 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-22 19:54:08 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-03-22 19:54:08 1068544 ----a-w- c:\windows\system32\DWrite.dll
    .
    ==================== Find3M ====================
    .
    2011-02-18 14:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
    .
    ============= FINISH: 18:58:18.28 ===============

    Attach log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 14/03/2008 16:21:26
    System Uptime: 11/04/2011 17:50:40 (1 hours ago)
    .
    Motherboard: Dell Inc. | |
    Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | Microprocessor | 1667/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 136 GiB total, 10.759 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 2.5 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP623: 11/04/2011 09:53:48 - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    1-abc.net Cleaning Box (Remove only)
    AAC Decoder
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.2.5
    Advanced Audio FX Engine
    Advanced Video FX Engine
    Amazon MP3 Downloader 1.0.9
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AutoUpdate
    AVG 2011
    Bonjour
    Browser Address Error Redirector
    Codec Pack - All In 1 6.0.3.0
    Compatibility Pack for the 2007 Office system
    Dell Getting Started Guide
    Dell Support Center (Support Software)
    Dell Touchpad
    Dell Webcam Center
    Dell Webcam Manager
    DirectVobSub (remove only)
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Version Checker
    DivX Web Player
    DNA
    DVD Decrypter (Remove Only)
    EASEUS Deleted File Recovery 2.1.1
    Fingerprint Reader Suite 5.6
    Full Tilt Poker
    Google Desktop
    Google Talk (remove only)
    Google Toolbar for Internet Explorer
    Google Update Helper
    GSpot Codec Information Appliance
    H.264 Decoder
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) PROSet/Wireless Software
    Intel® Matrix Storage Manager
    Internet From BT
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 23
    Java(TM) SE Runtime Environment 6
    Laptop Integrated Webcam Driver (1.03.02.0719)
    Live! Cam Avatar Creator
    Live! Cam Avatar v1.0
    Malwarebytes' Anti-Malware
    mCore
    MediaDirect
    mHelp
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office XP Professional with FrontPage
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    MKV Splitter
    mMHouse
    MobileMe Control Panel
    mPfMgr
    mWMI
    Nokia Connectivity Cable Driver
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    OutlookAddinSetup
    PokerStars
    Quest for Glory II
    QuickSet
    QuickTime
    Rapport
    Real Alternative 2.0.0
    RealPlayer
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Safari
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Skype Toolbars
    Skype™ 5.1
    Spelling Dictionaries Support For Adobe Reader 8
    Spotify
    Subtitles Plugin for RealPlayer 2005.03.21
    The Ur-Quan Masters 0.6.2
    Tiscali Internet
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    User's Guides
    VC80CRTRedist - 8.0.50727.4053
    VLC media player 1.1.6
    Vodafone Mobile Connect Lite
    WIDCOMM Bluetooth Software 6.0.1.3100
    WinRAR archiver
    YouSendIt Express
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 46,431   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  3. bungeye

    bungeye Newcomer, in training Topic Starter

    Thanks Broni,

    Here is the MBR check report.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: XPS M1530
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 169):
    0x84414000 \SystemRoot\system32\ntkrnlpa.exe
    0x847CE000 \SystemRoot\system32\hal.dll
    0x8040D000 \SystemRoot\system32\kdcom.dll
    0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x80484000 \SystemRoot\system32\PSHED.dll
    0x80495000 \SystemRoot\system32\BOOTVID.dll
    0x8049D000 \SystemRoot\system32\CLFS.SYS
    0x804DE000 \SystemRoot\system32\CI.dll
    0x8060F000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8068B000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80698000 \SystemRoot\system32\drivers\acpi.sys
    0x806DE000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x806E7000 \SystemRoot\system32\drivers\msisadrv.sys
    0x806EF000 \SystemRoot\system32\drivers\pci.sys
    0x80716000 \SystemRoot\System32\drivers\partmgr.sys
    0x80725000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x80728000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x80732000 \SystemRoot\system32\drivers\volmgr.sys
    0x80741000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8078B000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x80792000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x807A0000 \SystemRoot\system32\drivers\pciide.sys
    0x807A7000 \SystemRoot\System32\drivers\mountmgr.sys
    0x84A01000 \SystemRoot\system32\drivers\iastorv.sys
    0x84AA1000 \SystemRoot\system32\drivers\iastor.sys
    0x84B7B000 \SystemRoot\system32\drivers\atapi.sys
    0x84B83000 \SystemRoot\system32\drivers\ataport.SYS
    0x84BA1000 \SystemRoot\system32\drivers\fltmgr.sys
    0x84BD3000 \SystemRoot\system32\drivers\fileinfo.sys
    0x84BE3000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x85409000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8547A000 \SystemRoot\system32\drivers\ndis.sys
    0x85585000 \SystemRoot\system32\drivers\msrpc.sys
    0x855B0000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8560A000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8571A000 \SystemRoot\system32\drivers\volsnap.sys
    0x85753000 \SystemRoot\System32\Drivers\spldr.sys
    0x8575B000 \SystemRoot\System32\Drivers\RapportKELL.sys
    0x85769000 \SystemRoot\System32\Drivers\USBD.SYS
    0x8576B000 \SystemRoot\System32\Drivers\mup.sys
    0x8577A000 \SystemRoot\System32\drivers\ecache.sys
    0x857A1000 \SystemRoot\system32\drivers\disk.sys
    0x857B2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x857D3000 \SystemRoot\system32\drivers\crcdisk.sys
    0x857DC000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
    0x857E1000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
    0x920E9000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x920F4000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x920FD000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x9260A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x92D37000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x92DD7000 \SystemRoot\System32\drivers\watchdog.sys
    0x92DE3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x9210C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x92DEE000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x9214A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x92E08000 \SystemRoot\system32\DRIVERS\yk60x86.sys
    0x93009000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
    0x93238000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x93248000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x93256000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x93270000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0x9327F000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
    0x93293000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
    0x932E4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x932F7000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0x93323000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x9332E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x93339000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x93351000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0x93357000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x9335B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x93364000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x93393000 \SystemRoot\system32\DRIVERS\storport.sys
    0x933D4000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x933DF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x92E54000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x92E5F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x92E82000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x92E91000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x92EA5000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x92EBA000 \SystemRoot\System32\Drivers\pcouffin.sys
    0x92EC6000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x933F6000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x92ED6000 \SystemRoot\system32\DRIVERS\ks.sys
    0x92F00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x92F0A000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x92F17000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x92F4C000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x92F5D000 \SystemRoot\system32\drivers\stwrt.sys
    0x92FB2000 \SystemRoot\system32\drivers\portcls.sys
    0x921D7000 \SystemRoot\system32\drivers\drmk.sys
    0x92FDF000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
    0x93000000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x933F8000 \SystemRoot\System32\Drivers\Null.SYS
    0x92FEB000 \SystemRoot\System32\Drivers\Beep.SYS
    0x92E00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x92FF2000 \SystemRoot\System32\drivers\vga.sys
    0x807B7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x92600000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x92000000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x855EB000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x84BEC000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x857F7000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x93803000 \SystemRoot\System32\drivers\tcpip.sys
    0x938ED000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x93908000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x9391F000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x93935000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
    0x9396F000 \SystemRoot\system32\DRIVERS\smb.sys
    0x93983000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
    0x93985000 \SystemRoot\system32\DRIVERS\avgtdix.sys
    0x939CD000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x93C08000 \SystemRoot\system32\drivers\afd.sys
    0x93C50000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x93C66000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x93C74000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x93C87000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x93CC3000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
    0x93CEC000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\25641\RapportCerberus_25641.sys
    0x93CF9000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x93D03000 \SystemRoot\system32\drivers\mfehidk.sys
    0x93D36000 \SystemRoot\System32\Drivers\dfsc.sys
    0x93D4D000 \SystemRoot\system32\DRIVERS\avgldx86.sys
    0x93D89000 \SystemRoot\System32\Drivers\tcusb.sys
    0x93D93000 \SystemRoot\System32\Drivers\BTHUSB.sys
    0x9460D000 \SystemRoot\System32\Drivers\bthport.sys
    0x9468D000 \SystemRoot\system32\DRIVERS\rfcomm.sys
    0x946B6000 \SystemRoot\system32\DRIVERS\BthEnum.sys
    0x946C0000 \SystemRoot\system32\DRIVERS\bthpan.sys
    0x946DA000 \SystemRoot\system32\drivers\btwavdt.sys
    0x94740000 \SystemRoot\system32\drivers\btwaudio.sys
    0x947BB000 \SystemRoot\system32\DRIVERS\btwrchid.sys
    0x947BE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x947CE000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x947D7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x947E0000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x947E8000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x92008000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x9CAC0000 \SystemRoot\System32\win32k.sys
    0x947F5000 \SystemRoot\System32\drivers\Dxapi.sys
    0x93DA0000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x9CCE0000 \SystemRoot\System32\TSDDD.dll
    0x9CD00000 \SystemRoot\System32\cdd.dll
    0x93DAF000 \SystemRoot\system32\drivers\luafv.sys
    0x83E01000 \SystemRoot\system32\drivers\spsys.sys
    0x83EB1000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x83EC1000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x83EEB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x83EF5000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x83F08000 \SystemRoot\system32\drivers\HTTP.sys
    0x83F75000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x83F92000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x83FAB000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x83FC0000 \SystemRoot\system32\drivers\mrxdav.sys
    0x83FE1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x805BE000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x93DCA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x807D8000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA3200000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA3266000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
    0xA3271000 \SystemRoot\System32\Drivers\fastfat.SYS
    0xA3299000 \SystemRoot\system32\drivers\peauth.sys
    0xA3377000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA3381000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA338D000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
    0xA3397000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
    0xA33BF000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x77B90000 \Windows\System32\ntdll.dll

    Processes (total 84):
    0 System Idle Process
    4 System
    476 C:\Windows\System32\smss.exe
    508 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    764 csrss.exe
    828 C:\Windows\System32\wininit.exe
    840 csrss.exe
    872 C:\Windows\System32\services.exe
    888 C:\Windows\System32\lsass.exe
    900 C:\Windows\System32\lsm.exe
    1072 C:\Windows\System32\svchost.exe
    1116 C:\Windows\System32\nvvsvc.exe
    1144 C:\Windows\System32\svchost.exe
    1244 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    1256 C:\Windows\System32\winlogon.exe
    1392 C:\Windows\System32\svchost.exe
    1420 C:\Windows\System32\svchost.exe
    1432 C:\Windows\System32\svchost.exe
    1504 C:\Windows\System32\audiodg.exe
    1532 C:\Windows\System32\svchost.exe
    1560 C:\Windows\System32\SLsvc.exe
    1604 C:\Windows\System32\svchost.exe
    1708 C:\Windows\System32\rundll32.exe
    1848 C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
    1876 C:\Windows\System32\svchost.exe
    1568 C:\Windows\System32\spoolsv.exe
    1812 C:\Windows\System32\svchost.exe
    740 C:\Windows\System32\AEstSrv.exe
    788 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    948 C:\Program Files\AVG\AVG10\avgwdsvc.exe
    880 C:\Program Files\Bonjour\mDNSResponder.exe
    1064 C:\Windows\System32\svchost.exe
    1804 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    2308 C:\Program Files\AVG\AVG10\avgnsx.exe
    2516 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2576 C:\Windows\System32\svchost.exe
    2644 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    2720 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    2740 C:\Windows\System32\stacsv.exe
    2928 C:\Windows\System32\svchost.exe
    2996 C:\Windows\System32\svchost.exe
    3020 C:\Windows\System32\SearchIndexer.exe
    3352 C:\Windows\explorer.exe
    3360 C:\Windows\System32\dwm.exe
    3568 C:\Program Files\DellTPad\Apoint.exe
    3576 C:\Windows\OEM02Mon.exe
    3596 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3604 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    3620 C:\Windows\System32\rundll32.exe
    3628 C:\Windows\System32\rundll32.exe
    3636 C:\Program Files\AVG\AVG10\avgtray.exe
    3644 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    3652 C:\Program Files\iTunes\iTunesHelper.exe
    3676 C:\Windows\System32\taskeng.exe
    3716 C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    3788 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    3928 C:\Windows\System32\taskeng.exe
    3008 C:\Users\Jeremy\AppData\Roaming\Google\Google Talk\googletalk.exe
    2596 C:\Windows\ehome\ehtray.exe
    3200 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    784 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    3016 C:\Windows\ehome\ehmsas.exe
    3464 C:\Program Files\Dell\QuickSet\quickset.exe
    4068 WmiPrvSE.exe
    1220 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    4204 C:\Program Files\DellTPad\ApMsgFwd.exe
    4424 C:\Program Files\DellTPad\hidfind.exe
    4480 C:\Program Files\DellTPad\ApntEx.exe
    4608 WmiPrvSE.exe
    4744 C:\Program Files\Internet Explorer\iexplore.exe
    5084 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    5360 C:\Program Files\Internet Explorer\iexplore.exe
    5540 C:\Program Files\iPod\bin\iPodService.exe
    5596 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    5940 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    4384 C:\Program Files\Internet Explorer\iexplore.exe
    3036 C:\Windows\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe
    4476 C:\Windows\System32\svchost.exe
    1512 C:\Program Files\Internet Explorer\iexplore.exe
    3564 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    2788 C:\Program Files\AVG\AVG10\avgcsrvx.exe
    1576 dllhost.exe
    4604 dllhost.exe
    4844 C:\Users\Jeremy\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`87600000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`07600000 (NTFS)

    PhysicalDrive0 Model Number: ST9160821AS, Rev: 3.CDE

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!
  4. bungeye

    bungeye Newcomer, in training Topic Starter

    Combofix report:

    ComboFix 11-04-11.02 - Jeremy 12/04/2011 11:05:40.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3581.2402 [GMT 2:00]
    Running from: c:\users\Jeremy\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\restoration\Restoration.exe
    c:\users\Jeremy\AppData\Roaming\inst.exe
    c:\users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wvviitys.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_RKHIT
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-12 to 2011-04-12 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-12 09:15 . 2011-04-12 09:19 -------- d-----w- c:\users\Jeremy\AppData\Local\temp
    2011-04-12 09:15 . 2011-04-12 09:15 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-04-11 15:41 . 2011-04-12 08:52 -------- d-----w- c:\users\Jeremy\AppData\Roaming\Malwarebytes
    2011-04-01 21:11 . 2011-04-01 21:11 -------- d-----w- c:\program files\iPod
    2011-04-01 21:11 . 2011-04-01 21:12 -------- d-----w- c:\program files\iTunes
    2011-04-01 21:03 . 2011-04-01 21:03 -------- d-----w- c:\program files\Bonjour
    2011-03-31 21:20 . 2011-03-31 22:10 -------- d-----w- c:\users\Jeremy\AppData\Roaming\AVG
    2011-03-22 19:54 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-03-22 19:54 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-22 19:54 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-18 14:36 . 2011-02-18 14:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-02-18 14:36 . 2011-02-18 14:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-01-20 16:37 . 2011-02-10 22:33 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-01-20 16:08 . 2011-02-10 22:33 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08 . 2011-02-10 22:33 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08 . 2011-02-10 22:33 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08 . 2011-02-10 22:33 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:08 . 2011-02-10 22:33 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:07 . 2011-02-10 22:33 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07 . 2011-02-10 22:33 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07 . 2011-02-10 22:33 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06 . 2011-02-10 22:33 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06 . 2011-02-10 22:33 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04 . 2011-02-10 22:33 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 16:04 . 2011-02-10 22:33 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 14:28 . 2011-02-10 22:33 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27 . 2011-02-10 22:33 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26 . 2011-02-10 22:33 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25 . 2011-02-10 22:33 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24 . 2011-02-10 22:33 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15 . 2011-02-10 22:33 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14 . 2011-02-10 22:33 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14 . 2011-02-10 22:33 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14 . 2011-02-10 22:33 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12 . 2011-02-10 22:33 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11 . 2011-02-10 22:33 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47 . 2011-02-10 22:33 683008 ----a-w- c:\windows\system32\d2d1.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
    @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
    [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
    2007-04-16 23:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
    @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
    [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
    2007-04-16 23:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
    "googletalk"="c:\users\Jeremy\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-14 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-06-09 96800]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableCAD"= 1 (0x1)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2007-04-16 23:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-11-29 22:47 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-04-13 01:29 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
    2010-02-04 22:38 323392 ----a-w- c:\users\Jeremy\Program Files\DNA\btdna.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
    2007-07-27 16:43 118784 ------w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
    2009-05-21 09:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
    2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2008-12-04 13:00 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-03-07 13:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    2007-11-01 15:39 189736 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
    2007-04-16 22:50 49168 ----a-w- c:\program files\Fingerprint Reader Suite\launcher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2008-08-25 20:59 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
    R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2008-11-12 7680]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2008-11-12 110080]
    R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2008-11-12 104960]
    R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
    S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2010-10-03 59240]
    S1 RapportCerberus_25641;RapportCerberus_25641;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\25641\RapportCerberus_25641.sys [2011-04-09 56888]
    S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-10-03 169320]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
    S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-03 767208]
    S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-11-03 14336]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 22:23]
    .
    2011-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 22:23]
    .
    2010-09-03 c:\windows\Tasks\User_Feed_Synchronization-{31B4A8E8-B6B6-4FBB-9C0C-CBA894CD497B}.job
    - c:\windows\system32\msfeedssync.exe [2011-02-10 04:47]
    .
    2011-04-11 c:\windows\Tasks\User_Feed_Synchronization-{C1E16F6A-ADA2-420B-AC78-6737EDEDEE5F}.job
    - c:\windows\system32\msfeedssync.exe [2011-02-10 04:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    MSConfigStartUp-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-12 11:21
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,91,83,75,40,e4,3d,42,ab,fa,73,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,91,83,75,40,e4,3d,42,ab,fa,73,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3392)
    c:\program files\Trusteer\Rapport\bin\rooksbas.dll
    c:\program files\Fingerprint Reader Suite\farchns.dll
    c:\program files\Fingerprint Reader Suite\infra.dll
    c:\windows\system32\btncopy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Fingerprint Reader Suite\upeksvr.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\windows\system32\STacSV.exe
    .
    **************************************************************************
    .
    Completion time: 2011-04-12 11:26:04 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-04-12 09:26
    .
    Pre-Run: 13,593,780,224 bytes free
    Post-Run: 13,093,621,760 bytes free
    .
    - - End Of File - - 6CAA056C5941960BDF723E6C64C322C0
  5. Broni

    Broni Malware Annihilator Posts: 46,431   +252

    Combofix log looks good now.

    How is computer doing?

    You can reinstall AVG now.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  6. bungeye

    bungeye Newcomer, in training Topic Starter

    Thanks, my computer is working well. AVG scan came up with nothing also...

    OTL report is too big so i will post it in two replies if that is okay.

    First half here:

    OTL logfile created on: 12/04/2011 17:41:27 - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jeremy\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19019)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 136.43 Gb Total Space | 11.57 Gb Free Space | 8.48% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 2.50 Gb Free Space | 25.00% Space Free | Partition Type: NTFS
    Drive F: | 148.79 Gb Total Space | 134.33 Gb Free Space | 90.28% Space Free | Partition Type: FAT32

    Computer Name: JEREMY-PC | User Name: Jeremy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/04/12 17:38:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
    PRC - [2011/03/09 10:16:18 | 000,234,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe
    PRC - [2011/02/28 16:10:20 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    PRC - [2011/02/17 06:21:58 | 002,190,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
    PRC - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2011/02/11 06:25:52 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
    PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
    PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    PRC - [2011/02/08 05:32:48 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
    PRC - [2011/02/08 05:32:46 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
    PRC - [2010/10/04 00:43:16 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2010/10/04 00:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2009/05/21 11:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/12/04 15:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/11/04 00:39:20 | 000,014,336 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    PRC - [2008/08/13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2007/12/03 06:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
    PRC - [2007/12/03 06:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
    PRC - [2007/09/07 18:27:08 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
    PRC - [2007/09/07 10:51:00 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2007/09/07 10:50:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2007/09/07 10:50:56 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
    PRC - [2007/09/07 10:50:54 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2007/08/28 07:51:42 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
    PRC - [2007/04/17 01:05:52 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
    PRC - [2006/11/03 19:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2006/11/03 19:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/04/12 17:38:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
    MOD - [2010/10/04 00:43:42 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
    MOD - [2010/08/31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
    SRV - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/10/04 00:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2008/12/04 15:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2008/11/04 00:39:20 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
    SRV - [2008/08/13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
    SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/12/03 06:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
    SRV - [2007/12/03 06:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/04/09 08:22:05 | 000,056,888 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\25641\RapportCerberus_25641.sys -- (RapportCerberus_25641)
    DRV - [2011/03/30 17:16:52 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2011/02/10 07:54:00 | 000,296,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/01/19 04:32:56 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2010/10/04 00:43:44 | 000,169,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
    DRV - [2010/10/04 00:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
    DRV - [2009/09/16 11:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2009/09/16 11:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2009/09/16 11:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2009/09/16 11:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2009/09/16 11:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2008/11/12 02:50:48 | 000,110,080 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
    DRV - [2008/11/12 02:50:48 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
    DRV - [2008/11/12 02:50:48 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
    DRV - [2008/11/12 02:50:48 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
    DRV - [2008/11/12 02:50:48 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
    DRV - [2008/11/12 02:50:48 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
    DRV - [2008/06/09 08:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2008/05/02 11:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2008/05/02 11:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2008/05/02 11:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2008/05/02 11:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2007/12/03 06:28:08 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/09/26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
    DRV - [2007/09/07 11:27:32 | 000,209,408 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ianvstor.sys -- (iaNvStor) Intel(R)
    DRV - [2007/09/07 10:50:54 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2007/09/07 08:35:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/09/07 08:35:44 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/09/07 08:35:42 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2007/08/28 07:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
    DRV - [2007/08/28 07:51:40 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
    DRV - [2006/11/02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2006/11/02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    IE - HKU\S-1-5-21-1467130767-3964406044-1211724845-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKU\S-1-5-21-1467130767-3964406044-1211724845-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1467130767-3964406044-1211724845-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/25 22:59:22 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/12 11:41:37 | 000,000,000 | ---D | M]

    [2009/02/08 17:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Extensions
    [2009/02/08 17:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

    O1 HOSTS File: ([2011/04/12 11:17:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1467130767-3964406044-1211724845-1000..\Run: [googletalk] C:\Users\Jeremy\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
    O4 - HKU\S-1-5-21-1467130767-3964406044-1211724845-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1467130767-3964406044-1211724845-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1467130767-3964406044-1211724845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKU\S-1-5-21-1467130767-3964406044-1211724845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
    O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
    O24 - Desktop WallPaper: C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2008/03/24 11:43:58 | 000,045,056 | R--- | M] () - D:\AutoUpdate.dll -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
  7. bungeye

    bungeye Newcomer, in training Topic Starter

    second half of OTL report:


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/04/12 17:38:21 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
    [2011/04/12 11:44:24 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\AVG10
    [2011/04/12 11:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
    [2011/04/12 11:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
    [2011/04/12 11:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
    [2011/04/12 11:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2011/04/12 11:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2011/04/12 11:26:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/04/12 11:26:07 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\temp
    [2011/04/12 11:17:50 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2011/04/12 11:01:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/04/12 11:01:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/04/12 11:01:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/04/12 11:01:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/04/12 11:00:45 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/04/12 11:00:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/04/12 10:38:35 | 006,238,248 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Jeremy\Desktop\AppRemover.exe
    [2011/04/11 17:41:08 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Malwarebytes
    [2011/04/11 17:39:31 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jeremy\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/04/11 15:33:32 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\TFC.exe
    [2011/04/01 23:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/04/01 23:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/04/01 23:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/04/01 23:03:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/03/31 23:20:29 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\AVG
    [2011/03/30 17:16:52 | 000,134,480 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSDriver.sys
    [2011/03/21 18:12:44 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Skifahren Golm
    [2009/06/21 16:04:18 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Jeremy\AppData\Roaming\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========

    [2011/04/12 17:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/04/12 17:38:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
    [2011/04/12 17:24:19 | 000,027,934 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2011/04/12 17:23:36 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/04/12 17:23:31 | 000,027,934 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2011/04/12 17:23:06 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/04/12 17:23:06 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/04/12 17:22:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/04/12 17:22:40 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys
    [2011/04/12 17:18:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2011/04/12 14:47:29 | 000,237,056 | ---- | M] () -- C:\Users\Jeremy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/04/12 11:50:06 | 112,233,269 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
    [2011/04/12 11:41:41 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
    [2011/04/12 11:17:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/04/12 10:38:45 | 006,238,248 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Jeremy\Desktop\AppRemover.exe
    [2011/04/12 10:18:15 | 004,318,978 | R--- | M] () -- C:\Users\Jeremy\Desktop\ComboFix.exe
    [2011/04/12 10:12:26 | 000,080,384 | ---- | M] () -- C:\Users\Jeremy\Desktop\MBRCheck.exe
    [2011/04/12 00:38:34 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C1E16F6A-ADA2-420B-AC78-6737EDEDEE5F}.job
    [2011/04/11 19:01:07 | 000,001,889 | ---- | M] () -- C:\Users\Jeremy\Desktop\Attach.rar
    [2011/04/11 18:53:20 | 000,625,664 | ---- | M] () -- C:\Users\Jeremy\Desktop\dds.scr
    [2011/04/11 17:47:29 | 000,301,568 | ---- | M] () -- C:\Users\Jeremy\Desktop\jnd3hwwz.exe
    [2011/04/11 17:39:33 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jeremy\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/04/11 17:17:13 | 000,057,915 | ---- | M] () -- C:\Users\Jeremy\Desktop\4716-malwarebytes-anti-malware.htm
    [2011/04/11 15:55:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\TFC.exe
    [2011/04/11 15:27:14 | 000,000,042 | ---- | M] () -- C:\Windows\System32\scud.udf
    [2011/04/11 14:10:43 | 000,009,620 | ---- | M] () -- C:\Users\Jeremy\AppData\Local\d3d9caps.dat
    [2011/04/06 22:49:59 | 012,866,943 | ---- | M] () -- C:\Users\Jeremy\Desktop\Social Studies (Plastic Plates Remix.mp3
    [2011/04/01 23:12:08 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/03/31 23:31:09 | 003,480,346 | ---- | M] () -- C:\Users\Jeremy\Desktop\Rasmus-Folk-Pavel.mp3
    [2011/03/30 17:16:52 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSDriver.sys
    [2011/03/29 20:46:03 | 000,005,660 | ---- | M] () -- C:\WirelessDiagLog.csv
    [2011/03/29 17:53:29 | 014,337,425 | ---- | M] () -- C:\Users\Jeremy\Desktop\Black Cat.mp3
    [2011/03/20 07:01:24 | 007,951,368 | ---- | M] () -- C:\Users\Jeremy\Desktop\02 Earthy Powers.mp3

    ========== Files Created - No Company Name ==========

    [2011/04/12 11:41:41 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
    [2011/04/12 11:01:39 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/04/12 11:01:38 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/04/12 11:01:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/04/12 11:01:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/04/12 11:01:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/04/12 10:18:07 | 004,318,978 | R--- | C] () -- C:\Users\Jeremy\Desktop\ComboFix.exe
    [2011/04/12 10:12:24 | 000,080,384 | ---- | C] () -- C:\Users\Jeremy\Desktop\MBRCheck.exe
    [2011/04/11 19:00:11 | 000,001,889 | ---- | C] () -- C:\Users\Jeremy\Desktop\Attach.rar
    [2011/04/11 18:53:18 | 000,625,664 | ---- | C] () -- C:\Users\Jeremy\Desktop\dds.scr
    [2011/04/11 17:47:27 | 000,301,568 | ---- | C] () -- C:\Users\Jeremy\Desktop\jnd3hwwz.exe
    [2011/04/11 17:16:59 | 000,057,915 | ---- | C] () -- C:\Users\Jeremy\Desktop\4716-malwarebytes-anti-malware.htm
    [2011/04/11 15:27:14 | 000,000,042 | ---- | C] () -- C:\Windows\System32\scud.udf
    [2011/04/06 22:52:54 | 012,866,943 | ---- | C] () -- C:\Users\Jeremy\Desktop\Social Studies (Plastic Plates Remix.mp3
    [2011/04/06 22:43:55 | 014,337,425 | ---- | C] () -- C:\Users\Jeremy\Desktop\Black Cat.mp3
    [2011/04/06 22:41:20 | 007,951,368 | ---- | C] () -- C:\Users\Jeremy\Desktop\02 Earthy Powers.mp3
    [2011/04/06 22:36:04 | 003,480,346 | ---- | C] () -- C:\Users\Jeremy\Desktop\Rasmus-Folk-Pavel.mp3
    [2011/04/01 23:12:08 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/03/29 20:46:03 | 000,005,660 | ---- | C] () -- C:\WirelessDiagLog.csv
    [2011/03/23 21:26:11 | 004,395,521 | ---- | C] () -- C:\Users\Jeremy\Desktop\Double - The Captain of Her Heart.mp3
    [2009/09/24 23:44:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/09/24 23:44:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/09/24 23:41:38 | 000,668,938 | ---- | C] () -- C:\Windows\unins000.exe
    [2009/09/24 23:41:38 | 000,000,825 | ---- | C] () -- C:\Windows\unins000.dat
    [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/06/21 16:23:59 | 000,001,044 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\vso_ts_preview.xml
    [2009/06/21 16:04:19 | 000,007,887 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\pcouffin.cat
    [2009/06/21 16:04:18 | 000,001,144 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\pcouffin.inf
    [2009/04/17 01:16:31 | 000,027,934 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/04/17 01:16:18 | 000,027,934 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009/01/24 13:50:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/01/21 01:03:53 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2008/11/12 02:51:04 | 000,135,882 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
    [2008/08/20 04:45:46 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
    [2008/07/26 10:15:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/06/24 00:24:24 | 000,009,620 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\d3d9caps.dat
    [2008/04/12 10:23:45 | 000,000,844 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\wklnhst.dat
    [2008/03/20 23:13:57 | 000,027,430 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\nvModes.001
    [2008/03/19 00:52:18 | 000,027,430 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\nvModes.dat
    [2008/03/18 14:42:44 | 000,237,056 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/03/15 01:12:54 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
    [2008/03/15 01:12:53 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [2008/03/14 17:36:00 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
    [2008/03/14 17:20:13 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
    [2007/07/25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
    [2006/11/10 15:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2006/11/03 19:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
    [2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 14:47:37 | 000,314,816 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 12:33:01 | 000,608,706 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 12:33:01 | 000,109,542 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2005/10/14 11:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2005/10/14 11:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
    [2005/10/14 11:56:50 | 000,778,240 | ---- | C] () -- C:\Windows\System32\DivXsm.exe
    [2005/10/14 11:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2005/10/14 11:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll
    [2005/10/14 11:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
    [2005/10/14 11:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
    [2005/10/14 11:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2005/10/14 11:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
    [2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

    ========== LOP Check ==========

    [2010/04/25 23:59:29 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
    [2010/04/25 23:59:29 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
    [2009/11/09 23:50:13 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Amazon
    [2011/04/01 00:10:18 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\AVG
    [2011/04/12 11:44:24 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\AVG10
    [2011/04/11 18:42:25 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\BitTorrent
    [2011/02/13 16:57:12 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\DNA
    [2010/11/07 17:48:04 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\LimeWire
    [2011/03/06 17:18:29 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Spotify
    [2009/06/30 22:33:36 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\StarOffice8
    [2008/04/12 10:23:47 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Template
    [2010/02/07 11:59:40 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Trusteer
    [2010/06/27 19:32:55 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\uqm
    [2010/02/23 07:10:50 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Vodafone
    [2010/06/28 12:37:03 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Vso
    [2010/06/28 12:37:03 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\YouSendIt
    [2011/04/12 17:18:39 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/09/04 00:08:02 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{31B4A8E8-B6B6-4FBB-9C0C-CBA894CD497B}.job
    [2011/04/12 00:38:34 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C1E16F6A-ADA2-420B-AC78-6737EDEDEE5F}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2011/04/12 11:26:05 | 000,015,894 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2008/03/15 01:13:05 | 000,004,643 | RH-- | M] () -- C:\dell.sdr
    [2011/04/12 17:22:40 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys
    [2009/02/07 14:50:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/02/07 14:50:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/09/04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
    [2011/04/12 17:22:38 | 4069,675,008 | -HS- | M] () -- C:\pagefile.sys
    [2011/03/29 20:46:03 | 000,005,660 | ---- | M] () -- C:\WirelessDiagLog.csv

    < %systemroot%\Fonts\*.com >
    [2006/11/02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/09/25 09:34:00 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/01/19 09:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2006/11/02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/06/21 11:46:33 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/09/03 23:48:07 | 000,000,636 | -HS- | M] () -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/04/12 10:38:45 | 006,238,248 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Jeremy\Desktop\AppRemover.exe
    [2011/04/12 10:18:15 | 004,318,978 | R--- | M] () -- C:\Users\Jeremy\Desktop\ComboFix.exe
    [2008/03/29 01:09:48 | 001,478,696 | ---- | M] (Microsoft Corporation) -- C:\Users\Jeremy\Desktop\GenuineCheck.exe
    [2010/02/03 23:24:13 | 042,461,120 | ---- | M] (Intel(R) Corporation) -- C:\Users\Jeremy\Desktop\ICS_s64.exe
    [2011/04/11 17:47:29 | 000,301,568 | ---- | M] () -- C:\Users\Jeremy\Desktop\jnd3hwwz.exe
    [2011/04/11 17:39:33 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jeremy\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/04/12 10:12:26 | 000,080,384 | ---- | M] () -- C:\Users\Jeremy\Desktop\MBRCheck.exe
    [2011/04/12 17:38:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
    [2011/04/11 15:55:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\TFC.exe
    [2008/03/28 18:52:33 | 025,755,448 | ---- | M] (Microsoft Corporation) -- C:\Users\Jeremy\Desktop\wmp11-windowsxp-x86-enu.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2009/09/28 21:38:14 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2009/09/28 21:37:43 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2009/09/28 21:37:43 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2009/09/28 21:37:44 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/02/23 07:08:51 | 000,000,402 | -HS- | M] () -- C:\Users\Jeremy\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2008/08/20 04:45:46 | 000,020,270 | ---- | M] () -- C:\ProgramData\DeviceInstaller.xml
    [2008/11/12 02:51:04 | 000,135,882 | R--- | M] () -- C:\ProgramData\DeviceManager.xml.rc4
    [2011/04/12 17:24:19 | 000,027,934 | ---- | M] () -- C:\ProgramData\nvModes.001

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >
    [2007/08/13 11:05:24 | 000,600,328 | ---- | M] (Intel Corporation) -- C:\Windows\Installer\iProInst.exe
    [4 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0F8F5844

    < End of report >
  8. bungeye

    bungeye Newcomer, in training Topic Starter

    Here is the extras report:

    OTL Extras logfile created on: 12/04/2011 17:41:27 - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jeremy\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19019)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 136.43 Gb Total Space | 11.57 Gb Free Space | 8.48% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 2.50 Gb Free Space | 25.00% Space Free | Partition Type: NTFS
    Drive F: | 148.79 Gb Total Space | 134.33 Gb Free Space | 90.28% Space Free | Partition Type: FAT32

    Computer Name: JEREMY-PC | User Name: Jeremy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1467130767-3964406044-1211724845-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1106E80F-BD26-4C8D-BDCD-E8ED172EC569}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{110BC466-79AE-43CC-BBB2-B689185CFCC9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{146331BC-1DF4-4F3B-B3C5-2B1160E858BA}" = lport=138 | protocol=17 | dir=in | app=system |
    "{45879AC5-D79B-4FAC-B58B-4A19B5BD7136}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{5512E147-1B18-4D3B-BFA5-7BF2B0EDC92B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{608290D5-19AC-4A80-AFD2-770793F60EA5}" = lport=137 | protocol=17 | dir=in | app=system |
    "{7F76EECB-7ED3-4C16-90A6-05E5E235DFA6}" = rport=139 | protocol=6 | dir=out | app=system |
    "{82CAE90F-3CD4-4237-BA07-A20351D5679F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{94338D91-6A38-40ED-85D7-5042FAA03CEE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{989907CA-747B-4952-BBE7-C6661B92B38A}" = rport=138 | protocol=17 | dir=out | app=system |
    "{B29816E3-2AD5-4BE4-8B04-702468C48070}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{BF6AF120-6F65-4625-8E79-F7F1E704A8AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C1F92AEE-DAB9-4D66-BC87-C0D6DD48D8EC}" = rport=137 | protocol=17 | dir=out | app=system |
    "{C27CC947-6321-435C-917D-28EEDEB5688A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C5E78DE6-FCF4-4259-BDE1-A61A862673C1}" = rport=445 | protocol=6 | dir=out | app=system |
    "{F8433EDE-B6BD-442E-9363-E235DB140371}" = lport=139 | protocol=6 | dir=in | app=system |
    "{F99EAD50-7767-4A81-AF43-8A0775E0D104}" = lport=445 | protocol=6 | dir=in | app=system |
    "{FBA4D0F5-A37C-4DAC-A430-78C959547883}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1141F058-18B0-4515-B1C8-EEC171A55DEF}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{14432234-DD04-44AB-9F71-630895A84B93}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{2D297F2D-0F55-4BDB-8C05-C964D58F01BA}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
    "{34A5F4C0-B72D-4FBA-AFA6-DE08126F2407}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{34D48BD0-938C-46AF-B577-5C3CF9966F81}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
    "{43557D2E-6D7B-42D2-B8C5-75E5E3BAD999}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{45D3E568-293A-4445-880F-FBB7449AFE96}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{502AA3B5-6F36-4F9F-846F-2D09718EE379}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{61324FBA-ADE2-430C-978B-ACA856610BAE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{6AB02B13-D2A0-4FA9-B1DF-CD242C9105E4}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
    "{737F4738-B46A-4910-A145-CB9C237D9E32}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{7F332BD2-9C27-4EBD-B473-D2529D92D105}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{7F87B009-23DD-481E-A804-1089D05830BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{87827417-0DE4-419D-A013-4DAF0E16EBB1}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
    "{94B8ED7F-CC9B-4712-A78A-DDFB15EE2D35}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{9F199A32-7F02-4C0D-971D-A9C9A3F2C306}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{AAAA8BF3-7FE6-4A85-9166-EC254DD3EDF7}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
    "{ABBCDD64-D558-4FB2-A6CB-5AF36D806BD3}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
    "{B8BCCE2B-A188-4A45-B405-06CA4AE9E600}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
    "{BC9254A9-B4C0-40F7-BD15-34B7D9B2A82A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{CCF02794-9596-4618-92E0-0B46E201EAE8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{D991D444-FE4B-4552-BE06-53E1FFA246DE}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{D9E93BCD-9552-4A5F-957C-0030898B4B8F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{E686EAC2-B606-4F80-8F99-F864EFBC09CC}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
    "{E848FA89-05FC-483E-B37A-920BB5EEE574}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{EC99D254-1506-4D60-9B69-301A1673A34D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{FD045EE7-5FD8-4566-A02A-8ECC9F7A15CB}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "TCP Query User{49CB45AA-01FB-4CC1-84D0-3D4D86BAA7A5}C:\users\jeremy\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\jeremy\program files\dna\btdna.exe |
    "TCP Query User{639AED9C-050B-48BA-863C-CCD401ED752E}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "TCP Query User{778A7DFA-BA95-47F0-8591-26C0F854ED78}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
    "TCP Query User{7CE21B2F-4112-4FF4-9166-3275799C056B}C:\users\jeremy\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\users\jeremy\program files\bittorrent\bittorrent.exe |
    "TCP Query User{8DB4BB73-4904-4412-98C2-72C6FE9DA56F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{B47D70D1-A60F-4D24-9780-8B45F89AE8B1}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "TCP Query User{B4A683C0-12BF-4BFB-8D55-2AC2B0653200}C:\users\jeremy\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\jeremy\program files\dna\btdna.exe |
    "TCP Query User{BA2FF4CA-1B7C-4FBD-821E-22100D8E5EA5}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "TCP Query User{BC5E2ED4-0839-40A9-B5DE-3B938E37F12E}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
    "TCP Query User{C77995C5-854F-4231-A030-BF4DE92F30E6}C:\users\jeremy\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\users\jeremy\program files\bittorrent\bittorrent.exe |
    "UDP Query User{1D3E6A92-F9F3-4551-9F9F-9026881D04FF}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "UDP Query User{228F22C3-C34D-4D3F-A74D-A1CD5D56630F}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "UDP Query User{342E5327-D098-42AE-A016-229D1E803010}C:\users\jeremy\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\jeremy\program files\dna\btdna.exe |
    "UDP Query User{3651C557-DC93-4776-BEB8-A7BAFD34E393}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "UDP Query User{ACF014B5-2C3F-4348-A02D-C001E499417B}C:\users\jeremy\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\jeremy\program files\dna\btdna.exe |
    "UDP Query User{C060A752-97E0-4FA0-8E7C-626B51FC6726}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
    "UDP Query User{C1822419-2013-413B-BE26-B9702D061E55}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
    "UDP Query User{E873F6EE-67B4-41F0-83F6-5FAA2CC552A4}C:\users\jeremy\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\users\jeremy\program files\bittorrent\bittorrent.exe |
    "UDP Query User{FACA8AFB-DD1E-43F1-9E5E-8BE9BA28C602}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{FFD7989D-A04F-4754-866D-C9A930B78C99}C:\users\jeremy\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\users\jeremy\program files\bittorrent\bittorrent.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 23
    "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{40589552-3892-409E-B92C-9F5032A4B2F0}" = Safari
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
    "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6003F12D-6DAF-4C3F-9FFA-F4A721DC6BBF}" = AVG 2011
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{865A8951-8D9A-46CB-84A2-3D67BA38B923}" = EASEUS Deleted File Recovery 2.1.1
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8B3776EC-5F0A-4996-A7DF-BB5DA95B240E}" = Vodafone Mobile Connect Lite
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
    "{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
    "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
    "{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
    "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
    "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
    "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
    "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
    "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
    "{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
    "{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
    "{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
    "1-abc.net Cleaning Box" = 1-abc.net Cleaning Box (Remove only)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Advanced Video FX Engine" = Advanced Video FX Engine
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
    "AVG" = AVG 2011
    "Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
    "Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
    "Dell Webcam Center" = Dell Webcam Center
    "Dell Webcam Manager" = Dell Webcam Manager
    "DirectVobSub" = DirectVobSub (remove only)
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "Google Desktop" = Google Desktop
    "GSpot" = GSpot Codec Information Appliance
    "InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Drivers" = NVIDIA Drivers
    "PokerStars" = PokerStars
    "ProInst" = Intel(R) PROSet/Wireless Software
    "Rapport_msi" = Rapport
    "RealAlt_is1" = Real Alternative 2.0.0
    "RealPlayer 6.0" = RealPlayer
    "Spotify" = Spotify
    "Subtitles Plugin for RealPlayer_is1" = Subtitles Plugin for RealPlayer 2005.03.21
    "The Ur-Quan Masters" = The Ur-Quan Masters 0.6.2
    "VLC media player" = VLC media player 1.1.6
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1467130767-3964406044-1211724845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "BitTorrent DNA" = DNA
    "Quest for Glory II" = Quest for Glory II

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 26/12/2010 15:16:37 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 109575

    Error - 26/12/2010 15:16:37 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 109575

    Error - 26/12/2010 15:16:53 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 26/12/2010 15:16:53 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 125175

    Error - 26/12/2010 15:16:53 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 125175

    Error - 26/12/2010 15:17:08 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 26/12/2010 15:17:08 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 140776

    Error - 26/12/2010 15:17:08 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 140776

    Error - 26/12/2010 15:17:24 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 26/12/2010 15:17:24 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 156376

    [ Media Center Events ]
    Error - 16/04/2008 14:55:45 | Computer Name = Jeremy-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 18/04/2008 08:46:57 | Computer Name = Jeremy-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 26/05/2008 12:21:03 | Computer Name = Jeremy-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    [ System Events ]
    Error - 10/12/2008 19:15:27 | Computer Name = Jeremy-PC | Source = HTTP | ID = 15016
    Description =

    Error - 14/12/2008 13:37:51 | Computer Name = Jeremy-PC | Source = Dhcp | ID = 1001
    Description = Your computer was not assigned an address from the network (by the
    DHCP Server) for the Network Card with network address 001F3C17917F. The following
    error occurred: %%1223. Your computer will continue to try and obtain an address
    on its own from the network address (DHCP) server.

    Error - 16/12/2008 20:04:51 | Computer Name = Jeremy-PC | Source = bowser | ID = 8003
    Description =

    Error - 21/12/2008 16:33:48 | Computer Name = Jeremy-PC | Source = HTTP | ID = 15016
    Description =

    Error - 08/01/2009 01:02:26 | Computer Name = Jeremy-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 04:59:48 on 08/01/2009 was unexpected.

    Error - 08/01/2009 01:02:29 | Computer Name = Jeremy-PC | Source = HTTP | ID = 15016
    Description =

    Error - 08/01/2009 09:17:49 | Computer Name = Jeremy-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 13:15:19 on 08/01/2009 was unexpected.

    Error - 08/01/2009 09:17:51 | Computer Name = Jeremy-PC | Source = HTTP | ID = 15016
    Description =

    Error - 14/01/2009 18:38:14 | Computer Name = Jeremy-PC | Source = HTTP | ID = 15016
    Description =

    Error - 15/01/2009 17:40:45 | Computer Name = Jeremy-PC | Source = HTTP | ID = 15016
    Description =


    < End of report >
  9. Broni

    Broni Malware Annihilator Posts: 46,431   +252

    Good news :)

    You have some McAfee leftovers.
    Please, run this tool to remove them: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml

    ===================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
      @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0F8F5844
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  10. bungeye

    bungeye Newcomer, in training Topic Starter

    great! New OTL report:

    All processes killed
    ========== OTL ==========
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
    ADS C:\ProgramData\TEMP:0F8F5844 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes

    User: Jeremy
    ->Temp folder emptied: 13092718 bytes
    ->Java cache emptied: 3879 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 9444 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 235724 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 1137750780 bytes

    Total Files Cleaned = 1,098.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Jeremy
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 04132011_233734

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Jeremy\AppData\Local\Temp\~DF52EB.tmp not found!
    File\Folder C:\Users\Jeremy\AppData\Local\Temp\~DF5307.tmp not found!
    File\Folder C:\Users\Jeremy\AppData\Local\Temp\~DF53F3.tmp not found!
    File\Folder C:\Users\Jeremy\AppData\Local\Temp\~DF5425.tmp not found!
    File\Folder C:\Users\Jeremy\AppData\Local\Temp\~DF5891.tmp not found!
    File\Folder C:\Users\Jeremy\AppData\Local\Temp\~DF6040.tmp not found!

    Registry entries deleted on Reboot...
  11. bungeye

    bungeye Newcomer, in training Topic Starter

    security check results:

    Results of screen317's Security Check version 0.99.7
    Windows Vista Service Pack 2 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    AVG 2011
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 24
    Java(TM) SE Runtime Environment 6
    Out of date Java installed!
    Adobe Flash Player 10.0.12.36
    Adobe Reader 8.2.5
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    ``````````End of Log````````````
     
  12. Broni

    Broni Malware Annihilator Posts: 46,431   +252

    Uninstall Java(TM) SE Runtime Environment 6 .

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    ...and Eset...
  13. bungeye

    bungeye Newcomer, in training Topic Starter

    i tried to uninstall java se runtime environment 6 but a message came up saying:

    the system adminstrator has set policies to prevent this installation

    then it says i do not have sufficient access to uninstall Java SE runtime envinroment 6. please contact system administrator.

    ESET is still running and it has found (so far) 25 infected files: win32/ramnit.A virus...
  14. Broni

    Broni Malware Annihilator Posts: 46,431   +252

    Ramnit is really bad news.
    Let me see the log first, when you're done.
  15. bungeye

    bungeye Newcomer, in training Topic Starter

    ah, i want to swear...

    okay, first a few questions. assuming i have to start from scratch, the only really important things i have are music files. can i copy these and start again or are they possibly compromised? second, i have an ipod - does this count as an 'external hardrive' - do i have to wipe this as well? (i ask because my backup doesnt have a lot of my new and most favourite music on it).

    second, i am moving cities and might not be online for a few days or longer. can you please keep this post open indefinitely or for a week or 2? i will probably be back soon but i dont know as i am moving...

    here is the log from ESET.

    PS thank you for all of your help an patience. I appreciate your time and effort on this, it has been very helpful...

    C:\Qoobox\Quarantine\C\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wvviitys.exe.vir Win32/Ramnit.A virus
    C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\26_tabswelcome_ie7footer.htm Win32/Ramnit.A virus
    C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\29_tabswelcome_ie7footer.htm Win32/Ramnit.A virus
    C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\41_tabswelcome_ie7footer.htm Win32/Ramnit.A virus
    C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\42_tabswelcome_ie7footer.htm Win32/Ramnit.A virus
    C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\45_tabswelcome_ie7footer.htm Win32/Ramnit.A virus
    C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\46_tabswelcome_ie7footer.htm Win32/Ramnit.A virus
    C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\49_tabswelcome_ie7footer.htm Win32/Ramnit.A virus
    C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\50_tabswelcome_ie7footer.htm Win32/Ramnit.A virus
    C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\58_tabswelcome_ie7footer.htm Win32/Ramnit.A virus
    C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\59_tabswelcome_ie7footer.htm Win32/Ramnit.A virus
    C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_general.htm Win32/Ramnit.A virus
    C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\Facebook_error.htm Win32/Ramnit.A virus
    C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\Facebook_notifier.htm Win32/Ramnit.A virus
    C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\Facebook_status.htm Win32/Ramnit.A virus
    C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_simple.htm Win32/Ramnit.A virus
    C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_dangerous.html Win32/Ramnit.A virus
    C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_questionable.html Win32/Ramnit.A virus
    C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_risky.html Win32/Ramnit.A virus
    C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_safe.html Win32/Ramnit.A virus
    C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_unknown.html Win32/Ramnit.A virus
    C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_waiting.html Win32/Ramnit.A virus
    C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie7footer.htm Win32/Ramnit.A virus
    C:\Users\Jeremy\AppData\Local\VirtualStore\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\weather_error.htm Win32/Ramnit.A virus
    C:\Users\Jeremy\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\110331232030461.rsc multiple threats
  16. Broni

    Broni Malware Annihilator Posts: 46,431   +252

    I'm afraid I have very bad news.

    You're infected with Ramnit file infector virus.

    Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

    -- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.
    With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

    Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

    Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

    In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

    Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
    Backdoors and What They Mean to You

    This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

    Important Note:: If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to to include those used for banking, email, eBay, paypal and any online activities which require a username and password. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.