Solved Trojan horse Hider.OOW and AVG is white-listing the file

[Mister Ed]

I am getting the following - Trojan horse Hider.OOW in file C:\WINDOWS\system32\drivers\mrxsmb.sys and the result in AVG is "Object is white-listed (critical/system file that should not be removed)". Previously I had seen some issues with 'XP Antivirus 2012' ... I believe this is still some remnents. Also computer is being very sluggish ... with svchost.exe taking up most of the CPU ussage.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122202

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/22/2011 3:39:36 PM
mbam-log-2011-12-22 (15-39-36).txt

Scan type: Quick scan
Objects scanned: 198489
Time elapsed: 21 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER -Comes up with a completely blank log file ... I must have tried it 4 times ... same result.

DDS logs -
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Ed at 15:14:20 on 2011-12-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.829 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [USRpdA] c:\windows\system32\usrmlnka.exe runservices \device\3cpipe-USRpdA
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [MFARestart] "c:\documents and settings\all users\application data\mfadata\pack\avgrunasx.exe" /usereg
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBVAFMAUgAtAFoASgBTAEwAMwAtAFcATgBLAEwAUwAtADgAUgAwAEcAQQAtAEcAWQBTADAAQwAtADcAVwBDADMAOAA"&"inst=NwA2AC0AMQAwADAAMAA1ADEANwAxADcAMAAtAFAATAArADkALQBYAE8AMwA2ACsAMQAtAFUAUgAyADAAMQAxACsAMwAtAE4AMQBEACsAMQAtAEMASQBBADkAMAArADIALQBEAEQAVAArADMANwA0ADMAMAAtAEQARAA5ADAAKwAxAC0AUwBUADkAMABBAFAAUAArADEALQBQADkAMABNADEAMgBDACsAMQAtAFUAOQA1ACsAMQAtAFQAQgBOACsAMQAtAEYAVQBJACsAMgAtAFAAOQAwAFUAKwAxAC0AUAA5ADAAVQAxACsAMQA"&"prod=92"&"ver=9.0.914
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-31 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-31 22216]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-26 136176]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\startmansvc.exe --> c:\program files\common files\pc tools\smonitor\StartManSvc.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-26 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-2-4 16968]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys --> c:\windows\system32\drivers\sxuptp.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
.
=============== Created Last 30 ================
.
2011-12-22 04:26:35 -------- d-----w- c:\documents and settings\ed\local settings\application data\Apple
2011-12-22 04:18:12 -------- d-----w- c:\documents and settings\ed\local settings\application data\Apple Computer
2011-12-21 07:03:53 -------- d--h--w- C:\$AVG
2011-12-20 23:59:14 -------- d-----w- c:\documents and settings\ed\application data\Malwarebytes
2011-12-20 23:09:40 -------- d-----w- c:\documents and settings\ed\local settings\application data\Temp
2011-12-20 23:09:40 -------- d-----w- c:\documents and settings\ed\local settings\application data\Adobe
2011-12-20 04:56:09 -------- d-----w- c:\documents and settings\ed\local settings\application data\Identities
2011-12-20 04:42:53 -------- d-sh--w- c:\documents and settings\ed\IECompatCache
2011-12-20 04:41:24 -------- d-sh--w- c:\documents and settings\ed\PrivacIE
2011-12-20 04:40:31 -------- d-sh--w- c:\documents and settings\ed\IETldCache
2011-12-20 04:40:17 -------- d-----w- c:\documents and settings\ed\local settings\application data\Microsoft
2011-12-06 02:18:27 -------- d-----w- c:\program files\Microsoft
2011-12-06 02:18:21 -------- d-----w- c:\program files\MSN Toolbar
2011-12-06 02:18:05 -------- d-----w- c:\program files\HP Photo Creations
2011-12-06 02:18:05 -------- d-----w- c:\documents and settings\all users\application data\HP Photo Creations
2011-12-06 02:16:50 -------- d-----w- c:\program files\HP
2011-12-01 05:13:50 -------- d-----w- c:\program files\StartNow Toolbar
2011-12-01 05:13:45 -------- d-----w- c:\program files\PDFReader(2)
.
==================== Find3M ====================
.
2011-12-18 05:11:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 15:15:06.75 ===============
And
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/20/2009 8:51:45 PM
System Uptime: 12/22/2011 3:02:11 PM (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 02Y832
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Microprocessor | 2660/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 9.685 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NETGEAR GA311 Gigabit Adapter
Device ID: PCI\VEN_10EC&DEV_8169&SUBSYS_311A1385&REV_10\4&1C660DD6&0&10F0
Manufacturer: NETGEAR
Name: NETGEAR GA311 Gigabit Adapter
PNP Device ID: PCI\VEN_10EC&DEV_8169&SUBSYS_311A1385&REV_10\4&1C660DD6&0&10F0
Service: RTL8023
.
==== System Restore Points ===================
.
RP1067: 12/20/2011 7:03:08 PM - Avg Update
RP1068: 12/20/2011 7:13:14 PM - Avg Update
RP1069: 12/20/2011 7:52:57 PM - Installed AVG 2012
RP1070: 12/20/2011 7:53:59 PM - Removed AVG 9.0
RP1071: 12/20/2011 9:48:59 PM - Installed AVG 9.0
RP1072: 12/20/2011 11:09:46 PM - Avg Update
RP1073: 12/20/2011 11:22:58 PM - Avg Update
RP1074: 12/21/2011 9:51:38 AM - Avg Update
RP1075: 12/21/2011 6:39:46 PM - Removed AVG 9.0
RP1076: 12/21/2011 8:52:46 PM - Avg Update
RP1077: 12/21/2011 8:57:34 PM - Avg Update
RP1078: 12/22/2011 8:41:08 AM - Avg Update
RP1079: 12/22/2011 2:58:15 PM - Removed AVG 9.0
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AVG 2012
Bonjour
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.10
Canon Utilities EOS Sample Music
Canon Utilities EOS Utility
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
Canon Utilities Movie Uploader for YouTube
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
DeductionPro 2009
Dell Picture Studio - Dell Image Expert
Google Earth Plug-in
Google SketchUp 8
Google Update Helper
H&R Block Deluxe + Efile + State 2009
H&R Block Deluxe + Efile + State 2010
H&R Block Michigan 2009
H&R Block Michigan 2010
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
ieSpell
Intel(R) PRO Network Adapters and Drivers
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ASP.NET Web Pages
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office File Validation Add-In
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server System CLR Types
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows XP Video Decoder Checkup Utility
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Windows 2000/XP Display Drivers
Paint Shop Pro 7
PowerDVD
Primo
QuickTime
Registry Mechanic 10.0
Runtime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923789)
Sonic UDF Reader
Sony Picture Utility
SoundMAX
Uniblue SpeedUpMyPC
Uniblue SystemTweaker
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB971029)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VVMapping - Michigan GPS Maps v2.0.0
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
12/22/2011 8:43:22 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg9wd service.
12/21/2011 8:44:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG E-mail Scanner service to connect.
12/21/2011 8:44:37 PM, error: Service Control Manager [7000] - The AVG E-mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/21/2011 8:33:01 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: Access is denied.
12/21/2011 7:09:42 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
12/21/2011 6:04:42 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
12/21/2011 2:00:00 PM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
12/21/2011 10:10:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
12/20/2011 9:17:00 PM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
12/20/2011 8:40:00 PM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
12/20/2011 8:38:39 PM, error: Service Control Manager [7000] - The SPService service failed to start due to the following error: The system cannot find the path specified.
12/20/2011 8:35:31 PM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.
12/20/2011 6:25:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/20/2011 6:08:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/20/2011 11:50:14 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
12/20/2011 11:03:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/20/2011 11:00:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm OMCI
12/19/2011 9:49:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip
12/19/2011 9:49:03 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/19/2011 9:49:03 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/19/2011 9:49:03 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/19/2011 9:49:03 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/19/2011 9:49:03 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/19/2011 9:48:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/19/2011 9:37:24 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom1.
.
==== End Of File ===========================

Will be around yet tonight and first part of tomorrow ... then out of town for th eweekend,

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================================

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[Mister Ed]

09:38:20.0218 1376 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
09:38:20.0875 1376 ============================================================
09:38:20.0875 1376 Current date / time: 2011/12/23 09:38:20.0875
09:38:20.0875 1376 SystemInfo:
09:38:20.0875 1376
09:38:20.0875 1376 OS Version: 5.1.2600 ServicePack: 3.0
09:38:20.0875 1376 Product type: Workstation
09:38:20.0875 1376 ComputerName: ED-NXAIBJWWPXN5
09:38:20.0875 1376 UserName: Ed
09:38:20.0875 1376 Windows directory: C:\WINDOWS
09:38:20.0875 1376 System windows directory: C:\WINDOWS
09:38:20.0875 1376 Processor architecture: Intel x86
09:38:20.0875 1376 Number of processors: 1
09:38:20.0875 1376 Page size: 0x1000
09:38:20.0875 1376 Boot type: Normal boot
09:38:20.0875 1376 ============================================================
09:38:23.0609 1376 Initialize success
09:38:27.0484 3460 ============================================================
09:38:27.0484 3460 Scan started
09:38:27.0484 3460 Mode: Manual;
09:38:27.0484 3460 ============================================================
09:38:32.0000 3460 3c1807pd (f82ab4a2a26e172b929d27d60b637973) C:\WINDOWS\system32\DRIVERS\3c1807pd.sys
09:38:34.0828 3460 3c1807pd - ok
09:38:35.0140 3460 Abiosdsk - ok
09:38:35.0343 3460 abp480n5 - ok
09:38:35.0718 3460 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:38:35.0781 3460 ACPI - ok
09:38:36.0140 3460 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:38:36.0156 3460 ACPIEC - ok
09:38:36.0437 3460 adpu160m - ok
09:38:36.0687 3460 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
09:38:36.0687 3460 aeaudio - ok
09:38:37.0500 3460 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:38:37.0687 3460 aec - ok
09:38:38.0890 3460 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:38:39.0437 3460 AFD - ok
09:38:40.0390 3460 AFGMp50 - ok
09:38:41.0203 3460 AFGSp50 - ok
09:38:42.0156 3460 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:38:42.0281 3460 agp440 - ok
09:38:43.0078 3460 Aha154x - ok
09:38:43.0656 3460 aic78u2 - ok
09:38:43.0859 3460 aic78xx - ok
09:38:44.0062 3460 AliIde - ok
09:38:44.0296 3460 amsint - ok
09:38:44.0500 3460 asc - ok
09:38:44.0687 3460 asc3350p - ok
09:38:44.0890 3460 asc3550 - ok
09:38:45.0312 3460 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:38:48.0718 3460 AsyncMac - ok
09:38:49.0171 3460 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:38:49.0171 3460 atapi - ok
09:38:49.0500 3460 Atdisk - ok
09:38:49.0765 3460 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:38:52.0843 3460 Atmarpc - ok
09:38:53.0250 3460 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:38:53.0250 3460 audstub - ok
09:38:53.0843 3460 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
09:38:53.0921 3460 AvgLdx86 - ok
09:38:54.0437 3460 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\system32\Drivers\avgmfx86.sys
09:38:54.0468 3460 AvgMfx86 - ok
09:38:54.0875 3460 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys
09:38:54.0890 3460 AvgRkx86 - ok
09:38:55.0531 3460 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\system32\Drivers\avgtdix.sys
09:38:55.0609 3460 AvgTdiX - ok
09:38:56.0078 3460 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:38:56.0093 3460 Beep - ok
09:38:56.0546 3460 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
09:38:56.0578 3460 BVRPMPR5 - ok
09:38:57.0031 3460 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:38:57.0031 3460 cbidf2k - ok
09:38:57.0421 3460 cd20xrnt - ok
09:38:57.0671 3460 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:38:57.0687 3460 Cdaudio - ok
09:38:58.0031 3460 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:38:58.0062 3460 Cdfs - ok
09:38:58.0484 3460 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:38:58.0515 3460 Cdrom - ok
09:38:58.0765 3460 Changer - ok
09:38:58.0984 3460 CmdIde - ok
09:38:59.0265 3460 Cpqarray - ok
09:38:59.0468 3460 dac2w2k - ok
09:38:59.0656 3460 dac960nt - ok
09:38:59.0921 3460 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:38:59.0937 3460 Disk - ok
09:39:00.0328 3460 DLABOIOM (a14524d3f130a57163e0b3e057fc85d5) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
09:39:00.0343 3460 DLABOIOM - ok
09:39:00.0671 3460 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
09:39:00.0687 3460 DLACDBHM - ok
09:39:00.0906 3460 DLADResN (7c4cdf8a684b63d7482e0bf7440dc3b5) C:\WINDOWS\system32\DLA\DLADResN.SYS
09:39:00.0906 3460 DLADResN - ok
09:39:01.0296 3460 DLAIFS_M (97bca2aac06a9fea56615b4b15bdb9b8) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
09:39:01.0343 3460 DLAIFS_M - ok
09:39:01.0656 3460 DLAOPIOM (be8d558cf749424f0de612813f7c6725) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
09:39:01.0671 3460 DLAOPIOM - ok
09:39:01.0953 3460 DLAPoolM (7e5277cb45dc5e2a86af8ce093c7ef31) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
09:39:01.0968 3460 DLAPoolM - ok
09:39:02.0359 3460 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
09:39:02.0375 3460 DLARTL_N - ok
09:39:02.0703 3460 DLAUDFAM (d886b6d02b51e5bd61b8a571a16d5ca2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
09:39:02.0906 3460 DLAUDFAM - ok
09:39:03.0406 3460 DLAUDF_M (2c0ecf7a9d5162d87c64e2ae868b5039) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
09:39:03.0453 3460 DLAUDF_M - ok
09:39:04.0125 3460 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:39:08.0140 3460 dmboot - ok
09:39:08.0656 3460 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:39:12.0890 3460 dmio - ok
09:39:13.0390 3460 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:39:15.0031 3460 dmload - ok
09:39:15.0656 3460 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:39:15.0734 3460 DMusic - ok
09:39:16.0046 3460 dpti2o - ok
09:39:16.0390 3460 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:39:16.0406 3460 drmkaud - ok
09:39:16.0734 3460 DRVMCDB (73623d89faef4d1aa600edee8b490bc5) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
09:39:16.0859 3460 DRVMCDB - ok
09:39:17.0140 3460 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
09:39:17.0171 3460 DRVNDDM - ok
09:39:17.0859 3460 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:39:18.0093 3460 E100B - ok
09:39:18.0750 3460 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:39:18.0796 3460 Fastfat - ok
09:39:19.0156 3460 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:39:19.0171 3460 Fdc - ok
09:39:19.0687 3460 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:39:19.0703 3460 Fips - ok
09:39:20.0140 3460 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:39:20.0187 3460 Flpydisk - ok
09:39:20.0734 3460 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:39:20.0781 3460 FltMgr - ok
09:39:21.0156 3460 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:39:22.0078 3460 Fs_Rec - ok
09:39:22.0562 3460 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:39:22.0640 3460 Ftdisk - ok
09:39:22.0968 3460 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
09:39:23.0000 3460 GEARAspiWDM - ok
09:39:23.0468 3460 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:39:23.0484 3460 Gpc - ok
09:39:23.0875 3460 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:39:23.0921 3460 hidusb - ok
09:39:24.0453 3460 hitmanpro35 (30b90793a568281bef70fa57dde305a2) C:\WINDOWS\system32\drivers\hitmanpro35.sys
09:39:24.0484 3460 hitmanpro35 - ok
09:39:24.0796 3460 hpn - ok
09:39:25.0140 3460 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:39:25.0328 3460 HTTP - ok
09:39:25.0656 3460 i2omgmt - ok
09:39:25.0859 3460 i2omp - ok
09:39:26.0093 3460 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:39:26.0125 3460 i8042prt - ok
09:39:26.0578 3460 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:39:26.0593 3460 Imapi - ok
09:39:26.0937 3460 ini910u - ok
09:39:27.0125 3460 IntelIde - ok
09:39:27.0546 3460 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:39:27.0562 3460 intelppm - ok
09:39:27.0921 3460 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:39:29.0734 3460 ip6fw - ok
09:39:30.0093 3460 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:39:30.0125 3460 IpFilterDriver - ok
09:39:30.0484 3460 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:39:30.0500 3460 IpInIp - ok
09:39:30.0921 3460 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:39:30.0984 3460 IpNat - ok
09:39:31.0421 3460 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:39:36.0093 3460 IPSec - ok
09:39:36.0531 3460 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:39:36.0531 3460 IRENUM - ok
09:39:36.0828 3460 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:39:38.0578 3460 isapnp - ok
09:39:39.0015 3460 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:39:39.0046 3460 Kbdclass - ok
09:39:39.0546 3460 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:39:39.0609 3460 kmixer - ok
09:39:39.0984 3460 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:39:40.0015 3460 KSecDD - ok
09:39:40.0453 3460 lbrtfdc - ok
09:39:40.0718 3460 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
09:39:40.0718 3460 MBAMProtector - ok
09:39:40.0984 3460 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:39:40.0984 3460 mnmdd - ok
09:39:41.0250 3460 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:39:41.0265 3460 Modem - ok
09:39:41.0718 3460 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:39:41.0718 3460 Mouclass - ok
09:39:42.0046 3460 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:39:42.0046 3460 mouhid - ok
09:39:42.0406 3460 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:39:42.0421 3460 MountMgr - ok
09:39:42.0703 3460 mraid35x - ok
09:39:43.0015 3460 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:39:43.0062 3460 MRxDAV - ok
09:39:43.0718 3460 MRxSmb (c1d85b598874ed1a1d6c531af30edf75) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:39:43.0906 3460 MRxSmb - ok
09:39:44.0812 3460 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:39:45.0109 3460 Msfs - ok
09:39:45.0609 3460 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:39:45.0687 3460 MSKSSRV - ok
09:39:46.0140 3460 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:39:46.0203 3460 MSPCLOCK - ok
09:39:46.0828 3460 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:39:46.0828 3460 MSPQM - ok
09:39:47.0218 3460 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:39:47.0296 3460 mssmbios - ok
09:39:47.0796 3460 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:39:47.0906 3460 Mup - ok
09:39:48.0343 3460 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:39:48.0796 3460 NDIS - ok
09:39:49.0187 3460 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:39:49.0250 3460 NdisTapi - ok
09:39:49.0890 3460 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:39:54.0125 3460 Ndisuio - ok
09:39:54.0656 3460 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:39:54.0687 3460 NdisWan - ok
09:39:55.0031 3460 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:39:55.0062 3460 NDProxy - ok
09:39:55.0500 3460 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:39:55.0515 3460 NetBIOS - ok
09:39:55.0968 3460 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:39:56.0015 3460 NetBT - ok
09:39:56.0375 3460 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:39:56.0390 3460 Npfs - ok
09:39:57.0078 3460 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:39:57.0406 3460 Ntfs - ok
09:39:58.0203 3460 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:39:58.0203 3460 Null - ok
09:39:59.0046 3460 nv (5d701fca6f7db7a8a7d21f80a84d291a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:39:59.0062 3460 nv - ok
09:39:59.0484 3460 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:39:59.0500 3460 NwlnkFlt - ok
09:39:59.0875 3460 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:39:59.0890 3460 NwlnkFwd - ok
09:40:00.0140 3460 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
09:40:00.0156 3460 OMCI - ok
09:40:00.0625 3460 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:40:00.0656 3460 Parport - ok
09:40:01.0046 3460 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:40:01.0046 3460 PartMgr - ok
09:40:01.0390 3460 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:40:01.0437 3460 ParVdm - ok
09:40:01.0796 3460 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:40:01.0828 3460 PCI - ok
09:40:02.0125 3460 PCIDump - ok
09:40:02.0375 3460 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:40:02.0390 3460 PCIIde - ok
09:40:02.0781 3460 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:40:05.0531 3460 Pcmcia - ok
09:40:05.0890 3460 PDCOMP - ok
09:40:06.0078 3460 PDFRAME - ok
09:40:06.0281 3460 PDRELI - ok
09:40:06.0562 3460 PDRFRAME - ok
09:40:06.0750 3460 perc2 - ok
09:40:06.0937 3460 perc2hib - ok
09:40:07.0234 3460 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:40:10.0078 3460 PptpMiniport - ok
09:40:10.0609 3460 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:40:10.0687 3460 Processor - ok
09:40:11.0062 3460 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:40:11.0093 3460 PSched - ok
09:40:11.0421 3460 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:40:11.0546 3460 Ptilink - ok
09:40:11.0953 3460 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:40:11.0984 3460 PxHelp20 - ok
09:40:12.0250 3460 ql1080 - ok
09:40:12.0531 3460 Ql10wnt - ok
09:40:12.0718 3460 ql12160 - ok
09:40:12.0921 3460 ql1240 - ok
09:40:13.0109 3460 ql1280 - ok
09:40:13.0359 3460 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:40:13.0359 3460 RasAcd - ok
09:40:13.0703 3460 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:40:13.0718 3460 Rasl2tp - ok
09:40:14.0125 3460 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:40:14.0140 3460 RasPppoe - ok
09:40:14.0437 3460 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:40:14.0531 3460 Raspti - ok
09:40:14.0984 3460 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:40:15.0046 3460 Rdbss - ok
09:40:15.0359 3460 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:40:15.0390 3460 RDPCDD - ok
09:40:15.0937 3460 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:40:17.0843 3460 RDPWD - ok
09:40:18.0312 3460 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:40:18.0359 3460 redbook - ok
09:40:18.0890 3460 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
09:40:19.0078 3460 ROOTMODEM - ok
09:40:19.0531 3460 RTL8023 (3dee06e12bac87168089040d3c86fbea) C:\WINDOWS\system32\DRIVERS\GA311ND5.SYS
09:40:19.0562 3460 RTL8023 - ok
09:40:19.0937 3460 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:40:19.0937 3460 Secdrv - ok
09:40:20.0171 3460 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:40:20.0171 3460 serenum - ok
09:40:20.0406 3460 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:40:20.0421 3460 Serial - ok
09:40:20.0750 3460 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:40:20.0750 3460 Sfloppy - ok
09:40:20.0968 3460 Simbad - ok
09:40:21.0390 3460 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
09:40:21.0640 3460 smwdm - ok
09:40:21.0937 3460 Sparrow - ok
09:40:22.0187 3460 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:40:22.0203 3460 splitter - ok
09:40:22.0437 3460 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:40:22.0468 3460 sr - ok
09:40:22.0906 3460 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:40:23.0031 3460 Srv - ok
09:40:23.0375 3460 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:40:23.0375 3460 swenum - ok
09:40:23.0609 3460 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:40:23.0640 3460 swmidi - ok
09:40:23.0906 3460 sxuptp - ok
09:40:24.0093 3460 symc810 - ok
09:40:24.0296 3460 symc8xx - ok
09:40:24.0484 3460 sym_hi - ok
09:40:24.0671 3460 sym_u3 - ok
09:40:24.0937 3460 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:40:25.0406 3460 sysaudio - ok
09:40:26.0015 3460 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:40:26.0156 3460 Tcpip - ok
09:40:26.0484 3460 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:40:26.0484 3460 TDPIPE - ok
09:40:26.0890 3460 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:40:26.0906 3460 TDTCP - ok
09:40:27.0296 3460 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:40:27.0312 3460 TermDD - ok
09:40:27.0640 3460 TosIde - ok
09:40:27.0921 3460 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:40:27.0937 3460 Udfs - ok
09:40:28.0203 3460 ultra - ok
09:40:28.0640 3460 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:40:28.0781 3460 Update - ok
09:40:29.0203 3460 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:40:29.0234 3460 USBAAPL - ok
09:40:29.0750 3460 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:40:31.0531 3460 usbccgp - ok
09:40:32.0750 3460 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:40:33.0015 3460 usbehci - ok
09:40:34.0046 3460 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:40:34.0218 3460 usbhub - ok
09:40:35.0265 3460 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:40:35.0312 3460 usbprint - ok
09:40:36.0156 3460 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:40:36.0218 3460 usbscan - ok
09:40:36.0703 3460 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:40:36.0718 3460 USBSTOR - ok
09:40:36.0937 3460 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:40:36.0937 3460 usbuhci - ok
09:40:37.0218 3460 USRpdA (497f2190e87d58fd68e559e083796edc) C:\WINDOWS\system32\DRIVERS\USRpdA.sys
09:40:37.0250 3460 USRpdA - ok
09:40:37.0578 3460 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:40:37.0578 3460 VgaSave - ok
09:40:37.0875 3460 ViaIde - ok
09:40:38.0171 3460 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:40:38.0187 3460 VolSnap - ok
09:40:38.0515 3460 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:40:38.0531 3460 Wanarp - ok
09:40:38.0843 3460 WDICA - ok
09:40:39.0109 3460 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:40:39.0140 3460 wdmaud - ok
09:40:39.0296 3460 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:40:39.0578 3460 \Device\Harddisk0\DR0 - ok
09:40:39.0578 3460 Boot (0x1200) (6c35032b15a67bbba1e0aa1a237ff28e) \Device\Harddisk0\DR0\Partition0
09:40:39.0578 3460 \Device\Harddisk0\DR0\Partition0 - ok
09:40:39.0593 3460 ============================================================
09:40:39.0593 3460 Scan finished
09:40:39.0593 3460 ============================================================
09:40:39.0609 4812 Detected object count: 0
09:40:39.0609 4812 Actual detected object count: 0

 

[Mister Ed]

Boni - I will be leaving shortly, for the Holiday. Will be back Mon or Tues.

 

[Broni]

Have a nice trip

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===========================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Mister Ed]

Part #1-aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
Run date: 2011-12-27 17:49:26
-----------------------------
17:49:26.765 OS Version: Windows 5.1.2600 Service Pack 3
17:49:26.765 Number of processors: 1 586 0x209
17:49:26.765 ComputerName: ED-NXAIBJWWPXN5 UserName: Ed
17:49:27.890 Initialize success
18:02:13.187 AVAST engine defs: 11122702
18:02:23.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:02:23.046 Disk 0 Vendor: WDC_WD400BB-75DEA0 05.03E05 Size: 38146MB BusType: 3
18:02:23.156 Disk 0 MBR read successfully
18:02:23.156 Disk 0 MBR scan
18:02:23.437 Disk 0 Windows XP default MBR code
18:02:23.515 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63
18:02:23.546 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 38099 MB offset 80325
18:02:23.765 Disk 0 scanning sectors +78108030
18:02:24.562 Disk 0 scanning C:\WINDOWS\system32\drivers
18:03:01.796 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Aluroot [Rtk]
18:03:16.484 Service scanning
18:03:19.343 Modules scanning
18:03:27.453 Module: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys **SUSPICIOUS**
18:03:36.406 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
18:03:38.484 Disk 0 trace - called modules:
18:03:38.500 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8919ff10]<<
18:03:38.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89746ab8]
18:03:38.500 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x894ff030]
18:03:38.500 \Driver\00002331[0x896a9768] -> IRP_MJ_CREATE -> 0x8919ff10
18:03:39.875 AVAST engine scan C:\WINDOWS
18:03:45.687 AVAST engine scan C:\WINDOWS\system32
18:10:01.375 AVAST engine scan C:\WINDOWS\system32\drivers
18:10:19.734 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Aluroot [Rtk]
18:10:40.968 AVAST engine scan C:\Documents and Settings\Ed
18:18:47.062 AVAST engine scan C:\Documents and Settings\All Users
18:21:47.359 Scan finished successfully
18:23:51.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ed\Desktop\MBR.dat"
18:23:51.406 The log file has been saved successfully to "C:\Documents and Settings\Ed\Desktop\aswMBR.txt"

Working on ComboFix now (have to uninstall AVG)

Update ... well had issues with ComboFix ... it appeared to run ... but no report. the folder on the C: drive is kindaa odd. Will try again tomorrow.

 

[Mister Ed]

I guess I did not wait long enough for ComboFix ... here is the report:ComboFix 11-12-27.01 - Ed 12/27/2011 23:55:22.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.858 [GMT -5:00]
Running from: c:\documents and settings\Ed\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\protect\index.html
c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files\StartNow Toolbar\Resources\protect\window.css
c:\program files\StartNow Toolbar\Resources\protect\window.js
c:\program files\StartNow Toolbar\Resources\reactivate\index.html
c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.js
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\uninstall.dat
c:\windows\$NtUninstallKB55273$\3024380845\@
c:\windows\$NtUninstallKB55273$\3024380845\bckfg.tmp
c:\windows\$NtUninstallKB55273$\3024380845\cfg.ini
c:\windows\$NtUninstallKB55273$\3024380845\Desktop.ini
c:\windows\$NtUninstallKB55273$\3024380845\keywords
c:\windows\$NtUninstallKB55273$\3024380845\kwrd.dll
c:\windows\$NtUninstallKB55273$\3024380845\L\nncriaou
c:\windows\$NtUninstallKB55273$\3024380845\lsflt7.ver
c:\windows\$NtUninstallKB55273$\3024380845\U\00000001.@
c:\windows\$NtUninstallKB55273$\3024380845\U\00000002.@
c:\windows\$NtUninstallKB55273$\3024380845\U\00000004.@
c:\windows\$NtUninstallKB55273$\3024380845\U\80000000.@
c:\windows\$NtUninstallKB55273$\3024380845\U\80000004.@
c:\windows\$NtUninstallKB55273$\3024380845\U\80000032.@
c:\windows\$NtUninstallKB55273$\853956447
c:\windows\$NtUninstallKB55273$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-28 )))))))))))))))))))))))))))))))
.
.
2011-12-28 02:20 . 2011-12-28 02:20 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2011-12-28 02:20 . 2011-12-28 02:54 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-12-28 02:20 . 2011-12-28 02:20 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-12-28 02:20 . 2011-12-28 02:20 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-12-28 02:20 . 2011-12-28 02:54 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-12-28 02:20 . 2011-12-28 04:33 -------- d-----w- c:\windows\system32\drivers\Avg
2011-12-28 02:06 . 2011-12-28 02:06 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-22 21:42 . 2011-12-22 21:42 -------- d-----w- c:\program files\AVG
2011-12-21 07:03 . 2011-12-21 07:03 -------- d-----w- C:\$AVG
2011-12-20 04:40 . 2011-12-28 02:07 -------- d-----w- c:\documents and settings\Ed
2011-12-18 22:43 . 2011-12-28 02:07 -------- d-----w- c:\documents and settings\Administrator.ED-NXAIBJWWPXN5
2011-12-06 02:18 . 2011-12-06 02:18 -------- d-----w- c:\program files\Microsoft
2011-12-06 02:18 . 2011-12-06 02:18 -------- d-----w- c:\program files\MSN Toolbar
2011-12-06 02:18 . 2004-12-17 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2011-12-06 02:18 . 2004-12-17 04:03 -------- d-----w- c:\program files\HP Photo Creations
2011-12-06 02:16 . 2011-12-06 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2011-12-06 02:16 . 2004-12-17 04:03 -------- d-----w- c:\program files\HP
2011-12-01 05:13 . 2004-12-17 04:04 -------- d-----w- c:\program files\PDFReader(2)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-18 05:11 . 2011-07-15 02:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2003-07-16 20:51 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2003-07-16 20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2003-07-16 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2003-07-16 20:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2009-03-21 01:45 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2003-07-16 20:40 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2003-07-16 20:26 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2003-07-16 20:39 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2002-08-29 01:04 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13 . 2003-07-16 20:27 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-03-21 00:44 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USRpdA"="c:\windows\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA" [X]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-12-28 2076512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBVAFMAUgAtAFoASgBTAEwAMwAtAFcATgBLAEwAUwAtADgAUgAwAEcAQQAtAEcAWQBTADAAQwAtADcAVwBDADMAOAA&inst=NwA2AC0AMQAwADAAMAA1ADEANwAxADcAMAAtAFAATAArADkALQBYAE8AMwA2ACsAMQAtAFUAUgAyADAAMQAxACsAMwAtAE4AMQBEACsAMQAtAEMASQBBADkAMAArADIALQBEAEQAVAArADMANwA0ADMAMAAtAEQARAA5ADAAKwAxAC0AUwBUADkAMABBAFAAUAArADEALQBQADkAMABNADEAMgBDACsAMQAtAFUAOQA1ACsAMQAtAFQAQgBOACsAMQAtAEYAVQBJACsAMgAtAFAAOQAwAFUAKwAxAC0AUAA5ADAAVQAxACsAMQA&prod=92&ver=9.0.914" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2011-12-28 02:20 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [12/27/2011 9:20 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/27/2011 9:20 PM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/27/2011 9:20 PM 243152]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [12/27/2011 9:53 PM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/27/2011 9:54 PM 308136]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/31/2010 5:32 PM 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/31/2010 5:32 PM 22216]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/26/2010 9:20 PM 136176]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe --> c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/26/2010 9:20 PM 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2/4/2011 9:11 PM 16968]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys --> c:\windows\system32\DRIVERS\sxuptp.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-27 02:20]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-27 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-MFARestart - c:\documents and settings\All Users\Application Data\MFAData\pack\avgrunasx.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-28 00:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2068)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\windows\SYSTEM32\USRmlnkA.exe
c:\windows\SYSTEM32\USRshutA.exe
c:\windows\SYSTEM32\USRmlnkA.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\taskmgr.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2011-12-28 00:38:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-28 05:38
.
Pre-Run: 10,121,883,648 bytes free
Post-Run: 10,916,990,976 bytes free
.
- - End Of File - - D74DB97063CA256BF466E875964F5590

I am having trouble uninstalling AVG now. For this run I went to TaskMgr and ended the process for all of the AVG processes, before running ComboFix. Let me know if I need to somehow get it uninstalled (I even tried in SAFE Mode) and I will try again ... tomorrow.

 

[Broni]

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

============================================================

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box and paste it into the main textfield:
  

  :filefind
  mrxsmb.sys

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[Mister Ed]

Not sure how this will paste ... but here goes:
1 VT Community user(s) with a total of 25238 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: mrxsmb.sys
Submission date: 2011-12-28 21:02:19 (UTC)
Current status: queued queued (#1) analysing finished


Result: 0/ 43 (0.0%)
VT Community

goodware
Safety score: 100.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.12.28.03 2011.12.28 -
AntiVir 7.11.20.59 2011.12.28 -
Antiy-AVL 2.0.3.7 2011.12.28 -
Avast 6.0.1289.0 2011.12.28 -
AVG 10.0.0.1190 2011.12.28 -
BitDefender 7.2 2011.12.28 -
ByteHero 1.0.0.1 2011.12.07 -
CAT-QuickHeal 12.00 2011.12.28 -
ClamAV 0.97.3.0 2011.12.28 -
Commtouch 5.3.2.6 2011.12.28 -
Comodo 11122 2011.12.28 -
DrWeb 5.0.2.03300 2011.12.28 -
Emsisoft 5.1.0.11 2011.12.28 -
eSafe 7.0.17.0 2011.12.25 -
eTrust-Vet 37.0.9651 2011.12.28 -
F-Prot 4.6.5.141 2011.12.28 -
F-Secure 9.0.16440.0 2011.12.28 -
Fortinet 4.3.388.0 2011.12.28 -
GData 22.324/22.610 2011.12.28 -
Ikarus T3.1.1.109.0 2011.12.28 -
Jiangmin 13.0.900 2011.12.28 -
K7AntiVirus 9.120.5796 2011.12.28 -
Kaspersky 9.0.0.837 2011.12.28 -
McAfee 5.400.0.1158 2011.12.28 -
McAfee-GW-Edition 2010.1E 2011.12.28 -
Microsoft 1.7903 2011.12.28 -
NOD32 6750 2011.12.28 -
Norman 6.07.13 2011.12.28 -
nProtect 2011-12-28.01 2011.12.28 -
Panda 10.0.3.5 2011.12.28 -
PCTools 8.0.0.5 2011.12.28 -
Prevx 3.0 2011.12.28 -
Rising 23.90.02.02 2011.12.28 -
Sophos 4.72.0 2011.12.28 -
SUPERAntiSpyware 4.40.0.1006 2011.12.27 -
Symantec 20111.2.0.82 2011.12.28 -
TheHacker 6.7.0.1.366 2011.12.27 -
TrendMicro 9.500.0.1008 2011.12.28 -
TrendMicro-HouseCall 9.500.0.1008 2011.12.28 -
VBA32 3.12.16.4 2011.12.28 -
VIPRE 11317 2011.12.28 -
ViRobot 2011.12.28.4851 2011.12.28 -
VirusBuster 14.1.138.0 2011.12.28 -
Additional informationShow all
MD5 : 7d304a5eb4344ebeeab53a2fe3ffb9f0
SHA1 : 7290abe7a7acf998419d8ff3f2de79fafbced0a8
SHA256: db9b186f7076d7b94f45041af7b77c1ad2cab504d683b459c6cb1c22840ed170

And System Look
SystemLook 30.07.11 by jpshortstuff
Log created at 16:19 on 28/12/2011 by Ed
Administrator - Elevation successful

========== filefind ==========

Searching for "mrxsmb.sys"
C:\WINDOWS\$hf_mig$\KB2511455\SP3QFE\mrxsmb.sys --a---- 457472 bytes [06:18 14/04/2011] [13:19 17/02/2011] FB7DFD15D760AD339837A470F0E780D3
C:\WINDOWS\$hf_mig$\KB2536276\SP3QFE\mrxsmb.sys --a---- 457856 bytes [19:58 16/06/2011] [16:47 29/04/2011] 8DD801E28EB76FDA2A38907882A0036F
C:\WINDOWS\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys --a---- 457856 bytes [06:25 10/08/2011] [13:29 15/07/2011] FB2FCCC70F7174C7BF64F48E96D3ADF4
C:\WINDOWS\$hf_mig$\KB957097\SP2QFE\mrxsmb.sys --a---- 455936 bytes [04:32 21/03/2009] [11:25 24/10/2008] D07DA410091143336DAE419A921AAE2B
C:\WINDOWS\$hf_mig$\KB957097\SP3GDR\mrxsmb.sys --a---- 455296 bytes [04:32 21/03/2009] [11:21 24/10/2008] 60AE98742484E7AB80C3C1450E708148
C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys --a---- 455936 bytes [04:32 21/03/2009] [11:41 24/10/2008] 7170AB42B51954DEF2781A4D1CCE65F4
C:\WINDOWS\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys --a---- 456832 bytes [22:37 09/02/2010] [17:25 04/12/2009] 602549D1E8A622E5746991F6C56B21CA
C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys --a---- 457216 bytes [21:57 14/04/2010] [11:57 24/02/2010] D09B9F0B9960DD41E73127B7814C115F
C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys -----c- 453632 bytes [20:36 21/03/2009] [11:10 24/10/2008] 6F2D483B97B395544E59749C47963C6A
C:\WINDOWS\Driver Cache\i386\mrxsmb.sys ------- 456320 bytes [04:32 21/03/2009] [13:29 15/07/2011] 7D304A5EB4344EBEEAB53A2FE3FFB9F0
C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys ------- 456576 bytes [01:44 21/03/2009] [19:17 13/04/2008] 68755F0FF16070178B54674FE5B847B0
C:\WINDOWS\SoftwareDistribution\Download\cae2e05a002a9ae98c735c66fa6a46be\SP3GDR\mrxsmb.sys --a---- 456320 bytes [05:37 28/12/2011] [13:29 15/07/2011] 7D304A5EB4344EBEEAB53A2FE3FFB9F0
C:\WINDOWS\SoftwareDistribution\Download\cae2e05a002a9ae98c735c66fa6a46be\SP3QFE\mrxsmb.sys --a---- 457856 bytes [05:37 28/12/2011] [13:29 15/07/2011] FB2FCCC70F7174C7BF64F48E96D3ADF4
C:\WINDOWS\system32\dllcache\mrxsmb.sys -----c- 456320 bytes [04:32 21/03/2009] [13:29 15/07/2011] 7D304A5EB4344EBEEAB53A2FE3FFB9F0
C:\WINDOWS\system32\drivers\mrxsmb.sys --a---- 456320 bytes [20:34 16/07/2003] [13:29 15/07/2011] 7D304A5EB4344EBEEAB53A2FE3FFB9F0

-= EOF =-

 

[Broni]

Good.

Re-run aswMBR and Combofix.
Post new logs.

How is computer doing?

 

[Mister Ed]

I had nothing showing in the AVG log this morning (scheduled scan). I think ComboFix had a workout last night ... I think it restarted the computer 3 times. Still running 'sluggish' though.
aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
Run date: 2011-12-28 19:09:49
-----------------------------
19:09:49.000 OS Version: Windows 5.1.2600 Service Pack 3
19:09:49.000 Number of processors: 1 586 0x209
19:09:49.000 ComputerName: ED-NXAIBJWWPXN5 UserName: Ed
19:09:50.500 Initialize success
19:10:02.390 AVAST engine defs: 11122801
19:10:21.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:10:21.250 Disk 0 Vendor: WDC_WD400BB-75DEA0 05.03E05 Size: 38146MB BusType: 3
19:10:21.296 Disk 0 MBR read successfully
19:10:21.296 Disk 0 MBR scan
19:10:21.375 Disk 0 Windows XP default MBR code
19:10:21.390 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63
19:10:21.421 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 38099 MB offset 80325
19:10:21.453 Disk 0 scanning sectors +78108030
19:10:21.593 Disk 0 scanning C:\WINDOWS\system32\drivers
19:11:25.765 Service scanning
19:11:29.468 Modules scanning
19:11:58.187 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
19:12:01.937 Disk 0 trace - called modules:
19:12:01.968 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
19:12:01.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89749ab8]
19:12:01.968 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8979bd98]
19:12:03.203 AVAST engine scan C:\WINDOWS
19:12:16.031 AVAST engine scan C:\WINDOWS\system32
19:19:57.015 AVAST engine scan C:\WINDOWS\system32\drivers
19:20:42.109 AVAST engine scan C:\Documents and Settings\Ed
19:29:07.562 AVAST engine scan C:\Documents and Settings\All Users
19:32:15.265 Scan finished successfully
19:40:31.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ed\Desktop\MBR.dat"
19:40:31.546 The log file has been saved successfully to "C:\Documents and Settings\Ed\Desktop\aswMBR2.txt"

Looks better than the last run. Will work on running ComboFix now ... if I can get AVG uninstalled!

 

[Broni]

When you're done with Combofix upload another file to VirusTotal:
C:\WINDOWS\System32\DLA\DLADResN.SYS

 

[Mister Ed]

Here is ComboFix, I did get a couple Rookit error pop-ups when it was running (like last night):
ComboFix 11-12-28.03 - Ed 12/28/2011 20:10:01.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.993 [GMT -5:00]
Running from: c:\documents and settings\Ed\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
.
.
2011-12-28 02:06 . 2011-12-28 02:06 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-22 21:42 . 2011-12-22 21:42 -------- d-----w- c:\program files\AVG
2011-12-21 07:03 . 2011-12-21 07:03 -------- d-----w- C:\$AVG
2011-12-20 04:40 . 2011-12-28 02:07 -------- d-----w- c:\documents and settings\Ed
2011-12-18 22:43 . 2011-12-28 02:07 -------- d-----w- c:\documents and settings\Administrator.ED-NXAIBJWWPXN5
2011-12-06 02:18 . 2011-12-06 02:18 -------- d-----w- c:\program files\Microsoft
2011-12-06 02:18 . 2011-12-06 02:18 -------- d-----w- c:\program files\MSN Toolbar
2011-12-06 02:18 . 2004-12-17 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2011-12-06 02:18 . 2004-12-17 04:03 -------- d-----w- c:\program files\HP Photo Creations
2011-12-06 02:16 . 2011-12-06 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2011-12-06 02:16 . 2004-12-17 04:03 -------- d-----w- c:\program files\HP
2011-12-01 05:13 . 2004-12-17 04:04 -------- d-----w- c:\program files\PDFReader(2)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-18 05:11 . 2011-07-15 02:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24 . 2010-08-31 22:32 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25 . 2003-07-16 20:51 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2003-07-16 20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2003-07-16 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2003-07-16 20:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2009-03-21 01:45 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2003-07-16 20:40 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2003-07-16 20:26 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2003-07-16 20:39 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2002-08-29 01:04 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13 . 2003-07-16 20:27 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-03-21 00:44 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-28_05.22.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-29 01:07 . 2011-12-29 01:07 16384 c:\windows\Temp\Perflib_Perfdata_4a0.dat
+ 2011-12-29 01:21 . 2011-12-29 01:21 53248 c:\windows\Temp\catchme.dll
- 2011-12-28 05:22 . 2011-12-28 05:22 53248 c:\windows\Temp\catchme.dll
+ 2009-03-21 03:09 . 2011-12-28 19:55 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-03-21 03:09 . 2011-12-18 04:35 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-03-21 03:09 . 2011-12-18 04:35 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-03-21 03:09 . 2011-12-28 19:55 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-03-21 03:09 . 2011-12-28 19:55 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-03-21 03:09 . 2011-12-18 04:35 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-03-21 03:09 . 2011-12-28 19:55 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-03-21 03:09 . 2011-12-18 04:35 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-03-21 03:09 . 2011-12-28 19:55 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-03-21 03:09 . 2011-12-18 04:35 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-03-21 03:09 . 2011-12-28 19:55 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-03-21 03:09 . 2011-12-18 04:35 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-03-21 03:09 . 2011-12-18 04:35 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-03-21 03:09 . 2011-12-28 19:55 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-03-21 03:09 . 2011-12-28 19:55 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-03-21 03:09 . 2011-12-18 04:35 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-03-21 03:09 . 2011-12-18 04:35 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-03-21 03:09 . 2011-12-28 19:55 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USRpdA"="c:\windows\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA" [X]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBVAFMAUgAtAFoASgBTAEwAMwAtAFcATgBLAEwAUwAtADgAUgAwAEcAQQAtAEcAWQBTADAAQwAtADcAVwBDADMAOAA&inst=NwA2AC0AMQAwADAAMAA1ADEANwAxADcAMAAtAFAATAArADkALQBYAE8AMwA2ACsAMQAtAFUAUgAyADAAMQAxACsAMwAtAE4AMQBEACsAMQAtAEMASQBBADkAMAArADIALQBEAEQAVAArADMANwA0ADMAMAAtAEQARAA5ADAAKwAxAC0AUwBUADkAMABBAFAAUAArADEALQBQADkAMABNADEAMgBDACsAMQAtAFUAOQA1ACsAMQAtAFQAQgBOACsAMQAtAEYAVQBJACsAMgAtAFAAOQAwAFUAKwAxAC0AUAA5ADAAVQAxACsAMQA&prod=92&ver=9.0.914" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/31/2010 5:32 PM 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/31/2010 5:32 PM 20464]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/26/2010 9:20 PM 136176]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe --> c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/26/2010 9:20 PM 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2/4/2011 9:11 PM 16968]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys --> c:\windows\system32\DRIVERS\sxuptp.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-27 02:20]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-27 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-28 20:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-12-28 20:24:06
ComboFix-quarantined-files.txt 2011-12-29 01:23
ComboFix2.txt 2011-12-28 05:38
.
Pre-Run: 10,847,215,616 bytes free
Post-Run: 10,919,124,992 bytes free
.
- - End Of File - - 7811454A71D9D690C18C520B4259A860

 

[Broni]

Make sure you read my previous reply.

 

[Mister Ed]

Virus Total:
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: DLADResN.SYS
Submission date: 2011-12-29 01:52:55 (UTC)
Current status: queued (#1) queued (#1) analysing finished


Result: 0/ 43 (0.0%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.12.28.03 2011.12.28 -
AntiVir 7.11.20.59 2011.12.28 -
Antiy-AVL 2.0.3.7 2011.12.28 -
Avast 6.0.1289.0 2011.12.28 -
AVG 10.0.0.1190 2011.12.29 -
BitDefender 7.2 2011.12.29 -
ByteHero 1.0.0.1 2011.12.07 -
CAT-QuickHeal 12.00 2011.12.28 -
ClamAV 0.97.3.0 2011.12.29 -
Commtouch 5.3.2.6 2011.12.29 -
Comodo 11122 2011.12.28 -
DrWeb 5.0.2.03300 2011.12.29 -
Emsisoft 5.1.0.11 2011.12.29 -
eSafe 7.0.17.0 2011.12.25 -
eTrust-Vet 37.0.9651 2011.12.28 -
F-Prot 4.6.5.141 2011.12.28 -
F-Secure 9.0.16440.0 2011.12.29 -
Fortinet 4.3.388.0 2011.12.28 -
GData 22 2011.12.29 -
Ikarus T3.1.1.109.0 2011.12.29 -
Jiangmin 13.0.900 2011.12.28 -
K7AntiVirus 9.120.5796 2011.12.28 -
Kaspersky 9.0.0.837 2011.12.29 -
McAfee 5.400.0.1158 2011.12.29 -
McAfee-GW-Edition 2010.1E 2011.12.28 -
Microsoft 1.7903 2011.12.28 -
NOD32 6750 2011.12.29 -
Norman 6.07.13 2011.12.28 -
nProtect 2011-12-28.01 2011.12.28 -
Panda 10.0.3.5 2011.12.28 -
PCTools 8.0.0.5 2011.12.29 -
Prevx 3.0 2011.12.29 -
Rising 23.90.02.02 2011.12.28 -
Sophos 4.72.0 2011.12.29 -
SUPERAntiSpyware 4.40.0.1006 2011.12.28 -
Symantec 20111.2.0.82 2011.12.29 -
TheHacker 6.7.0.1.366 2011.12.27 -
TrendMicro 9.500.0.1008 2011.12.28 -
TrendMicro-HouseCall 9.500.0.1008 2011.12.29 -
VBA32 3.12.16.4 2011.12.28 -
VIPRE 11318 2011.12.29 -
ViRobot 2011.12.28.4851 2011.12.29 -
VirusBuster 14.1.138.0 2011.12.28 -
Additional informationShow all
MD5 : 7c4cdf8a684b63d7482e0bf7440dc3b5
SHA1 : e67ee7dda5cc5010112ed3e4535504fbfed6f1bc
SHA256: 5e693d6bd1190edf2d6742ac0dd78886f7d9713d427249331fb74ec4af86ee70

 

[Broni]

All looks good

How is computer doing?

You can reinstall AVG now.

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Mister Ed]

OTL TXT:
OTL logfile created on: 12/28/2011 9:16:04 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ed\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

1.25 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 55.73% Memory free
2.98 Gb Paging File | 2.54 Gb Available in Paging File | 85.16% Paging File free
Paging file location(s): C:\pagefile.sys 1917 1917 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 10.05 Gb Free Space | 27.00% Space Free | Partition Type: NTFS
Drive D: | 251.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ED-NXAIBJWWPXN5 | User Name: Ed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/28 21:13:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ed\Desktop\OTL.exe
PRC - [2011/12/28 20:40:19 | 002,076,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/12/28 20:40:09 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2011/12/28 20:40:01 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2011/12/28 20:39:52 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2011/12/28 20:39:51 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2011/12/28 20:39:46 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2011/12/28 20:31:56 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2011/12/28 20:31:56 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/13 04:20:00 | 000,127,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2003/07/16 15:27:31 | 000,077,891 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\system32\usrmlnka.exe
PRC - [2003/07/16 15:27:31 | 000,069,700 | ---- | M] ( U.S. Robotics Corporation) -- C:\WINDOWS\system32\usrshuta.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
SRV - File not found [Auto | Stopped] -- -- (PCToolsSSDMonitorSvc)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/12/28 20:40:01 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2011/12/28 20:39:52 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/28 20:40:14 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/12/28 20:40:09 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/12/28 20:33:01 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2011/12/28 20:32:49 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/02/04 21:24:12 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2010/06/30 03:27:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/06/13 04:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/06/13 04:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/06/13 04:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/06/13 04:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/06/13 04:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/06/13 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/06/13 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/03/17 07:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 07:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2004/03/09 09:58:06 | 000,329,088 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3c1807pd.sys -- (3c1807pd)
DRV - [2003/10/12 10:29:00 | 000,066,688 | R--- | M] (NETGEAR ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GA311ND5.SYS -- (RTL8023)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 08:28:26 | 000,113,762 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USRpdA.sys -- (USRpdA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-73586283-746137067-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-73586283-746137067-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-73586283-746137067-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-73586283-746137067-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 EE EF 8B CE C5 CC 01 [binary data]
IE - HKU\S-1-5-21-73586283-746137067-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2011/12/28 00:22:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-73586283-746137067-839522115-1008..\RunOnce: [avg_spchecker] C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-746137067-839522115-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-73586283-746137067-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-73586283-746137067-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-73586283-746137067-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A0DE531-0B77-487D-B443-F8C892D9FD93}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/20 19:46:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/02/19 12:52:27 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/28 21:13:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ed\Desktop\OTL.exe
[2011/12/28 20:33:01 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2011/12/28 20:33:01 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2011/12/28 20:33:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 9.0
[2011/12/28 20:32:59 | 000,243,152 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2011/12/28 20:32:49 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2011/12/28 20:32:23 | 000,029,712 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/12/28 20:32:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2011/12/27 22:17:12 | 004,354,974 | R--- | C] (Swearware) -- C:\Documents and Settings\Ed\Desktop\ComboFix.exe
[2011/12/27 22:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Application Data\AVG9
[2011/12/27 20:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Application Data\Sun
[2011/12/27 18:57:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/27 18:57:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/27 18:57:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/27 18:57:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/27 18:44:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/27 17:33:44 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ed\Desktop\aswMBR.exe
[2011/12/23 09:36:39 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ed\Desktop\tdsskiller.exe
[2011/12/22 16:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/12/21 23:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Local Settings\Application Data\Apple
[2011/12/21 23:18:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Local Settings\Application Data\Apple Computer
[2011/12/21 21:33:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ed\Recent
[2011/12/21 21:11:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ed\My Documents\My Videos
[2011/12/21 21:11:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ed\Start Menu\Programs\Administrative Tools
[2011/12/21 21:11:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Ed\Templates
[2011/12/21 21:11:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Ed\PrintHood
[2011/12/21 21:08:54 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Ed\Desktop\dds.scr
[2011/12/21 02:03:53 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/12/20 21:26:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Ed\NetHood
[2011/12/20 18:59:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Application Data\Malwarebytes
[2011/12/20 18:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Application Data\Apple Computer
[2011/12/20 18:58:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Ed\SendTo
[2011/12/20 18:58:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ed\Start Menu\Programs\Accessories
[2011/12/20 18:57:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ed\My Documents\My Music
[2011/12/20 18:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\Videos
[2011/12/20 18:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Local Settings\Application Data\Temp
[2011/12/20 18:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Local Settings\Application Data\Adobe
[2011/12/20 17:53:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ed\My Documents\My Pictures
[2011/12/19 23:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Local Settings\Application Data\Identities
[2011/12/19 23:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\2011 hunting trapping
[2011/12/19 23:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\Downloaded Files
[2011/12/19 23:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\Ed's Resume
[2011/12/19 23:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\Family Tree
[2011/12/19 23:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\John
[2011/12/19 23:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\Fishing Boat
[2011/12/19 23:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\Karen Job
[2011/12/19 23:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\New Folder
[2011/12/19 23:51:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\New Folder (2)
[2011/12/19 23:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\Snowmobile
[2011/12/19 23:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\Stove, Saw, Engine
[2011/12/19 23:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\Trapping
[2011/12/19 23:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\Wind mill
[2011/12/19 23:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Application Data\Macromedia
[2011/12/19 23:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Application Data\Adobe
[2011/12/19 23:42:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ed\IECompatCache
[2011/12/19 23:41:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ed\PrivacIE
[2011/12/19 23:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Application Data\Identities
[2011/12/19 23:40:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ed\My Documents
[2011/12/19 23:40:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ed\IETldCache
[2011/12/19 23:40:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ed\Favorites
[2011/12/19 23:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Start Menu\Programs\StartUp
[2011/12/19 23:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Desktop
[2011/12/19 23:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Application Data\Microsoft
[2011/12/19 23:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Start Menu
[2011/12/19 23:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Local Settings\Application Data\Microsoft
[2011/12/19 23:40:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ed\Cookies
[2011/12/19 23:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Local Settings
[2011/12/19 23:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Application Data
[2011/12/18 16:22:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/05 21:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/12/05 21:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2011/12/05 21:18:05 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2011/12/05 21:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations
[2011/12/05 21:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/12/05 21:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/12/01 00:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\PDFReader(2)

========== Files - Modified Within 30 Days ==========

[2011/12/28 21:13:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ed\Desktop\OTL.exe
[2011/12/28 20:50:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/28 20:43:38 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/28 20:43:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/28 20:40:14 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2011/12/28 20:40:09 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/12/28 20:33:01 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2011/12/28 20:33:01 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2011/12/28 20:33:01 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2011/12/28 20:32:49 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2011/12/28 20:32:23 | 061,375,936 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/12/28 20:32:23 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2011/12/28 19:59:54 | 004,354,974 | R--- | M] (Swearware) -- C:\Documents and Settings\Ed\Desktop\ComboFix.exe
[2011/12/28 19:40:31 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\MBR.dat
[2011/12/28 16:31:52 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/28 16:31:52 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 16:17:07 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\SystemLook.exe
[2011/12/28 14:55:51 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/12/28 00:22:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/27 23:16:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/27 17:33:44 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ed\Desktop\aswMBR.exe
[2011/12/27 17:19:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/23 09:36:40 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ed\Desktop\tdsskiller.exe
[2011/12/23 09:22:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/21 21:09:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Ed\Desktop\dds.scr
[2011/12/21 17:28:41 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\md8hitcw.exe
[2011/12/20 18:58:25 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/20 18:58:24 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/12/20 18:44:46 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Ed\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/19 21:44:05 | 000,433,224 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/19 21:44:05 | 000,068,076 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/18 18:07:46 | 000,016,924 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\iwsoqu7j4mhu4tjc5mlf2b630q1y
[2011/12/18 17:42:27 | 000,114,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/12/28 20:33:01 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2011/12/28 20:32:23 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2011/12/28 20:32:18 | 061,375,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/12/28 16:31:52 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/28 16:31:52 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 16:17:07 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Ed\Desktop\SystemLook.exe
[2011/12/27 18:57:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/27 18:57:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/27 18:57:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/27 18:57:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/27 18:57:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/27 18:23:51 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Ed\Desktop\MBR.dat
[2011/12/22 05:29:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/21 17:28:41 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Ed\Desktop\md8hitcw.exe
[2011/12/20 18:58:25 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/20 18:58:25 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Ed\Start Menu\Programs\Internet Explorer.lnk
[2011/12/20 18:58:24 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/12/20 18:58:13 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Ed\Start Menu\Programs\Windows Media Player.lnk
[2011/12/20 18:58:06 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Ed\Start Menu\Programs\Outlook Express.lnk
[2011/12/20 18:44:43 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Ed\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/19 23:51:17 | 001,815,498 | ---- | C] () -- C:\Documents and Settings\Ed\My Documents\haker-wall-clock.pdf
[2011/12/19 23:51:17 | 001,742,354 | ---- | C] () -- C:\Documents and Settings\Ed\My Documents\LP-95Catalog[1].pdf
[2011/12/19 23:51:17 | 000,313,175 | ---- | C] () -- C:\Documents and Settings\Ed\My Documents\villaware_food_strainer.pdf
[2011/12/18 17:42:27 | 000,114,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/18 15:51:42 | 000,016,924 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\iwsoqu7j4mhu4tjc5mlf2b630q1y
[2011/07/08 01:14:50 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/02/28 21:29:53 | 000,233,616 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-73586283-746137067-839522115-1004-0.dat
[2011/02/28 21:29:52 | 000,105,722 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/02/04 21:11:32 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/12/21 19:07:25 | 000,018,012 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/31 14:01:38 | 000,000,052 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INIA
[2009/07/09 09:47:24 | 000,000,114 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/07/08 14:12:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/03/20 22:09:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/20 20:49:12 | 000,000,163 | ---- | C] () -- C:\WINDOWS\usrwiz.ini
[2009/03/20 20:29:59 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2009/03/20 20:19:05 | 000,000,465 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2009/03/20 19:51:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/20 19:44:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/20 13:44:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/12/15 02:01:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamswissarmy(2).sys
[2004/12/14 19:43:32 | 000,001,398 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\304740a6t017u215p041i7jpv2k3
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/07/16 15:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 15:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 15:41:25 | 000,433,224 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 15:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 15:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 15:41:21 | 000,068,076 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 15:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 15:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 15:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 15:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 15:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2011/02/24 22:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2004/12/16 23:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/28 20:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/07/12 16:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Belkin
[2010/12/14 06:03:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/04 21:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/12/20 19:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/30 18:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/03/29 21:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/09/30 17:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/12/27 22:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed\Application Data\AVG9

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/03/20 19:46:46 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/03/20 20:45:55 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/02/23 23:52:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2009/03/20 23:02:13 | 000,000,135 | ---- | M] () -- C:\cclog.txt
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/12/28 20:24:07 | 000,010,457 | ---- | M] () -- C:\ComboFix.txt
[2009/03/20 19:46:46 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/03/20 19:46:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/02/25 23:32:21 | 000,001,156 | ---- | M] () -- C:\ipconfig_all.txt
[2011/02/24 22:30:13 | 000,020,386 | ---- | M] () -- C:\JavaRa.log
[2009/03/20 19:46:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/03/20 20:42:07 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/21 15:39:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/12/28 20:43:16 | 2010,120,192 | -HS- | M] () -- C:\pagefile.sys
[2011/12/23 09:44:39 | 000,047,552 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_23.12.2011_09.38.20_log.txt

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/03/20 19:46:25 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/03/20 13:42:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/03/20 13:42:54 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/03/20 13:42:54 | 000,401,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/03/21 15:44:35 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/12/20 18:58:24 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2011/12/20 18:58:24 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/12/27 17:33:44 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ed\Desktop\aswMBR.exe
[2011/12/28 19:59:54 | 004,354,974 | R--- | M] (Swearware) -- C:\Documents and Settings\Ed\Desktop\ComboFix.exe
[2011/12/21 17:28:41 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\md8hitcw.exe
[2011/12/28 21:13:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ed\Desktop\OTL.exe
[2011/12/28 16:17:07 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\SystemLook.exe
[2011/12/23 09:36:40 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ed\Desktop\tdsskiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/12/20 18:58:24 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Ed\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/12/28 21:13:30 | 000,081,920 | -HS- | M] () -- C:\Documents and Settings\Ed\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2003/07/16 15:32:13 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 12:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 12:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 15:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2003/07/16 15:38:45 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2003/07/16 15:38:46 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2003/07/16 15:40:43 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/20 12:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 11:41:06 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

< End of report >

 

[Mister Ed]

OTL Extras:
OTL Extras logfile created on: 12/28/2011 9:16:04 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ed\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

1.25 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 55.73% Memory free
2.98 Gb Paging File | 2.54 Gb Available in Paging File | 85.16% Paging File free
Paging file location(s): C:\pagefile.sys 1917 1917 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 10.05 Gb Free Space | 27.00% Space Free | Partition Type: NTFS
Drive D: | 251.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ED-NXAIBJWWPXN5 | User Name: Ed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{1B626AE0-EE88-4412-AAC0-FB21995A0C57}" = H&R Block Michigan 2009
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2DFC6D71-EBEC-4236-A13C-2E62307F4C3A}" = H&R Block Michigan 2010
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8398852A-7B61-4808-8F58-D0A40D1B2CB6}" = AVG 2012
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{97F4D62E-5AEB-4649-BABF-4712C6EF6845}" = DeductionPro 2009
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}" = Microsoft SQL Server System CLR Types
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B692E59A-055C-43B7-BE0A-9C2FE0AB88B6}" = Microsoft SQL Server 2008 R2 Management Objects
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DBB1F4ED-3212-4F58-A427-9C01DE4A24A5}_is1" = Uniblue SystemTweaker
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG9Uninstall" = AVG 9.0
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DPP" = Canon Utilities Digital Photo Professional 3.10
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Registry Mechanic_is1" = Registry Mechanic 10.0
"VVMapping-Michigan_is1" = VVMapping - Michigan GPS Maps v2.0.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/28/2011 12:46:26 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/28/2011 12:49:17 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 12/28/2011 12:49:17 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/28/2011 12:49:17 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/28/2011 12:49:20 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/28/2011 6:34:12 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.3.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 12/28/2011 8:34:06 PM | Computer Name = ED-NXAIBJWWPXN5 | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.3.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 12/28/2011 8:59:56 PM | Computer Name = ED-NXAIBJWWPXN5 | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.3.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 12/28/2011 9:06:04 PM | Computer Name = ED-NXAIBJWWPXN5 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 12/28/2011 9:48:50 PM | Computer Name = ED-NXAIBJWWPXN5 | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.3.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

[ System Events ]
Error - 12/28/2011 1:35:54 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%2

Error - 12/28/2011 1:35:54 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = Service Control Manager | ID = 7023
Description = The Workstation service terminated with the following error: %%2

Error - 12/28/2011 1:35:54 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%2

Error - 12/28/2011 1:36:34 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = Service Control Manager | ID = 7023
Description = The Workstation service terminated with the following error: %%2

Error - 12/28/2011 1:36:34 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%2

Error - 12/28/2011 1:36:35 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = Service Control Manager | ID = 7023
Description = The Workstation service terminated with the following error: %%2

Error - 12/28/2011 1:36:35 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%2

Error - 12/28/2011 1:39:19 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = Service Control Manager | ID = 7023
Description = The Workstation service terminated with the following error: %%2

Error - 12/28/2011 1:39:19 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%2

Error - 12/28/2011 8:21:06 PM | Computer Name = ED-NXAIBJWWPXN5 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.


< End of report >

 

[Mister Ed]

Here is the pop-up I am getting when I start IE:---------------------------
Internet Explorer - Search Provider Default
---------------------------
A program on your computer has corrupted your default search provider setting for Internet Explorer. Internet Explorer has reset this setting to your original search provider, Google (www.google.com). Internet Explorer will now open Search Settings, where you can change this setting or install more search providers.
---------------------------
OK
---------------------------

And then, the "Manage add-ons pup-up appears".

I have set and reset my default search provider.

 

[Broni]

I have set and reset my default search provider.

Does it keep your settings now?

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  SRV - File not found [Auto | Stopped] -- -- (PCToolsSSDMonitorSvc)
  O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  [2011/12/18 18:07:46 | 000,016,924 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\iwsoqu7j4mhu4tjc5mlf2b630q1y
  [2004/12/14 19:43:32 | 000,001,398 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\304740a6t017u215p041i7jpv2k3
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

===========================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Mister Ed]

Does it keep your settings now?

I should have explained better. The setting stays at Google ... but the message comes up whenever I open a new IE session. I changed the default and changed it back to Google ... same thing.

Will work on the other items tomorrow evening ... close to bed time now. ;-)

 

[Mister Ed]

Broni -
OLT will not run. I passte in the code you have (I have it all, double checked) I click on Run Fix and it starts up. The message at the bottom is 'killing all processes' ... but it stays just like that forever (I actually let it sit for over an hour). Also had 'Not Responding" in the title bar at the top of the OLT screen. I haad to power down the computer to get it to reboot.

 

[Broni]

Delete your OTL file, download new one, disable your AV program and try again.

 

[Mister Ed]

Same result.

 

[Broni]

Run the fix from Safe Mode.