TechSpot

Trojan horse Hider.OOW and AVG is white-listing the file

Solved
By Mister Ed
Dec 22, 2011
  1. I am getting the following - Trojan horse Hider.OOW in file C:\WINDOWS\system32\drivers\mrxsmb.sys and the result in AVG is "Object is white-listed (critical/system file that should not be removed)". Previously I had seen some issues with 'XP Antivirus 2012' ... I believe this is still some remnents. Also computer is being very sluggish ... with svchost.exe taking up most of the CPU ussage.

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 911122202

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/22/2011 3:39:36 PM
    mbam-log-2011-12-22 (15-39-36).txt

    Scan type: Quick scan
    Objects scanned: 198489
    Time elapsed: 21 minute(s), 16 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER -Comes up with a completely blank log file ... I must have tried it 4 times ... same result.

    DDS logs -
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Ed at 15:14:20 on 2011-12-22
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.829 [GMT -5:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SYSTEM32\USRmlnkA.exe
    C:\WINDOWS\SYSTEM32\USRshutA.exe
    C:\WINDOWS\SYSTEM32\USRmlnkA.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\iPod\bin\iPodService.exe
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [USRpdA] c:\windows\system32\usrmlnka.exe runservices \device\3cpipe-USRpdA
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [MFARestart] "c:\documents and settings\all users\application data\mfadata\pack\avgrunasx.exe" /usereg
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBVAFMAUgAtAFoASgBTAEwAMwAtAFcATgBLAEwAUwAtADgAUgAwAEcAQQAtAEcAWQBTADAAQwAtADcAVwBDADMAOAA"&"inst=NwA2AC0AMQAwADAAMAA1ADEANwAxADcAMAAtAFAATAArADkALQBYAE8AMwA2ACsAMQAtAFUAUgAyADAAMQAxACsAMwAtAE4AMQBEACsAMQAtAEMASQBBADkAMAArADIALQBEAEQAVAArADMANwA0ADMAMAAtAEQARAA5ADAAKwAxAC0AUwBUADkAMABBAFAAUAArADEALQBQADkAMABNADEAMgBDACsAMQAtAFUAOQA1ACsAMQAtAFQAQgBOACsAMQAtAEYAVQBJACsAMgAtAFAAOQAwAFUAKwAxAC0AUAA5ADAAVQAxACsAMQA"&"prod=92"&"ver=9.0.914
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-31 366152]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-31 22216]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-26 136176]
    S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\startmansvc.exe --> c:\program files\common files\pc tools\smonitor\StartManSvc.exe [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-26 136176]
    S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-2-4 16968]
    S3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys --> c:\windows\system32\drivers\sxuptp.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-12-22 04:26:35 -------- d-----w- c:\documents and settings\ed\local settings\application data\Apple
    2011-12-22 04:18:12 -------- d-----w- c:\documents and settings\ed\local settings\application data\Apple Computer
    2011-12-21 07:03:53 -------- d--h--w- C:\$AVG
    2011-12-20 23:59:14 -------- d-----w- c:\documents and settings\ed\application data\Malwarebytes
    2011-12-20 23:09:40 -------- d-----w- c:\documents and settings\ed\local settings\application data\Temp
    2011-12-20 23:09:40 -------- d-----w- c:\documents and settings\ed\local settings\application data\Adobe
    2011-12-20 04:56:09 -------- d-----w- c:\documents and settings\ed\local settings\application data\Identities
    2011-12-20 04:42:53 -------- d-sh--w- c:\documents and settings\ed\IECompatCache
    2011-12-20 04:41:24 -------- d-sh--w- c:\documents and settings\ed\PrivacIE
    2011-12-20 04:40:31 -------- d-sh--w- c:\documents and settings\ed\IETldCache
    2011-12-20 04:40:17 -------- d-----w- c:\documents and settings\ed\local settings\application data\Microsoft
    2011-12-06 02:18:27 -------- d-----w- c:\program files\Microsoft
    2011-12-06 02:18:21 -------- d-----w- c:\program files\MSN Toolbar
    2011-12-06 02:18:05 -------- d-----w- c:\program files\HP Photo Creations
    2011-12-06 02:18:05 -------- d-----w- c:\documents and settings\all users\application data\HP Photo Creations
    2011-12-06 02:16:50 -------- d-----w- c:\program files\HP
    2011-12-01 05:13:50 -------- d-----w- c:\program files\StartNow Toolbar
    2011-12-01 05:13:45 -------- d-----w- c:\program files\PDFReader(2)
    .
    ==================== Find3M ====================
    .
    2011-12-18 05:11:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    ============= FINISH: 15:15:06.75 ===============
    And
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/20/2009 8:51:45 PM
    System Uptime: 12/22/2011 3:02:11 PM (0 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 02Y832
    Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Microprocessor | 2660/533mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 37 GiB total, 9.685 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: NETGEAR GA311 Gigabit Adapter
    Device ID: PCI\VEN_10EC&DEV_8169&SUBSYS_311A1385&REV_10\4&1C660DD6&0&10F0
    Manufacturer: NETGEAR
    Name: NETGEAR GA311 Gigabit Adapter
    PNP Device ID: PCI\VEN_10EC&DEV_8169&SUBSYS_311A1385&REV_10\4&1C660DD6&0&10F0
    Service: RTL8023
    .
    ==== System Restore Points ===================
    .
    RP1067: 12/20/2011 7:03:08 PM - Avg Update
    RP1068: 12/20/2011 7:13:14 PM - Avg Update
    RP1069: 12/20/2011 7:52:57 PM - Installed AVG 2012
    RP1070: 12/20/2011 7:53:59 PM - Removed AVG 9.0
    RP1071: 12/20/2011 9:48:59 PM - Installed AVG 9.0
    RP1072: 12/20/2011 11:09:46 PM - Avg Update
    RP1073: 12/20/2011 11:22:58 PM - Avg Update
    RP1074: 12/21/2011 9:51:38 AM - Avg Update
    RP1075: 12/21/2011 6:39:46 PM - Removed AVG 9.0
    RP1076: 12/21/2011 8:52:46 PM - Avg Update
    RP1077: 12/21/2011 8:57:34 PM - Avg Update
    RP1078: 12/22/2011 8:41:08 AM - Avg Update
    RP1079: 12/22/2011 2:58:15 PM - Removed AVG 9.0
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.1)
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    AVG 2012
    Bonjour
    CANON iMAGE GATEWAY MyCamera Download Plugin
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon MOV Decoder
    Canon MOV Encoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon Utilities Digital Photo Professional 3.10
    Canon Utilities EOS Sample Music
    Canon Utilities EOS Utility
    Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
    Canon Utilities Movie Uploader for YouTube
    Canon Utilities PhotoStitch
    Canon Utilities Picture Style Editor
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    CCleaner
    DeductionPro 2009
    Dell Picture Studio - Dell Image Expert
    Google Earth Plug-in
    Google SketchUp 8
    Google Update Helper
    H&R Block Deluxe + Efile + State 2009
    H&R Block Deluxe + Efile + State 2010
    H&R Block Michigan 2009
    H&R Block Michigan 2010
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    ieSpell
    Intel(R) PRO Network Adapters and Drivers
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 24
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ASP.NET Web Pages
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Basic Edition 2003
    Microsoft Office File Validation Add-In
    Microsoft Silverlight
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server System CLR Types
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Windows XP Video Decoder Checkup Utility
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA Windows 2000/XP Display Drivers
    Paint Shop Pro 7
    PowerDVD
    Primo
    QuickTime
    Registry Mechanic 10.0
    Runtime
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB923789)
    Sonic UDF Reader
    Sony Picture Utility
    SoundMAX
    Uniblue SpeedUpMyPC
    Uniblue SystemTweaker
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB971029)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VVMapping - Michigan GPS Maps v2.0.0
    WebFldrs XP
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows XP Service Pack 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/22/2011 8:43:22 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg9wd service.
    12/21/2011 8:44:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG E-mail Scanner service to connect.
    12/21/2011 8:44:37 PM, error: Service Control Manager [7000] - The AVG E-mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/21/2011 8:33:01 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: Access is denied.
    12/21/2011 7:09:42 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    12/21/2011 6:04:42 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    12/21/2011 2:00:00 PM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
    12/21/2011 10:10:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
    12/20/2011 9:17:00 PM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
    12/20/2011 8:40:00 PM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
    12/20/2011 8:38:39 PM, error: Service Control Manager [7000] - The SPService service failed to start due to the following error: The system cannot find the path specified.
    12/20/2011 8:35:31 PM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.
    12/20/2011 6:25:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    12/20/2011 6:08:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    12/20/2011 11:50:14 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    12/20/2011 11:03:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/20/2011 11:00:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm OMCI
    12/19/2011 9:49:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip
    12/19/2011 9:49:03 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/19/2011 9:49:03 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/19/2011 9:49:03 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    12/19/2011 9:49:03 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/19/2011 9:49:03 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/19/2011 9:48:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    12/19/2011 9:37:24 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom1.
    .
    ==== End Of File ===========================

    Will be around yet tonight and first part of tomorrow ... then out of town for th eweekend,
     
  2. Broni

    Broni Malware Annihilator Posts: 47,594   +267

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================================================

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  3. Mister Ed

    Mister Ed TS Rookie Topic Starter Posts: 70

    09:38:20.0218 1376 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
    09:38:20.0875 1376 ============================================================
    09:38:20.0875 1376 Current date / time: 2011/12/23 09:38:20.0875
    09:38:20.0875 1376 SystemInfo:
    09:38:20.0875 1376
    09:38:20.0875 1376 OS Version: 5.1.2600 ServicePack: 3.0
    09:38:20.0875 1376 Product type: Workstation
    09:38:20.0875 1376 ComputerName: ED-NXAIBJWWPXN5
    09:38:20.0875 1376 UserName: Ed
    09:38:20.0875 1376 Windows directory: C:\WINDOWS
    09:38:20.0875 1376 System windows directory: C:\WINDOWS
    09:38:20.0875 1376 Processor architecture: Intel x86
    09:38:20.0875 1376 Number of processors: 1
    09:38:20.0875 1376 Page size: 0x1000
    09:38:20.0875 1376 Boot type: Normal boot
    09:38:20.0875 1376 ============================================================
    09:38:23.0609 1376 Initialize success
    09:38:27.0484 3460 ============================================================
    09:38:27.0484 3460 Scan started
    09:38:27.0484 3460 Mode: Manual;
    09:38:27.0484 3460 ============================================================
    09:38:32.0000 3460 3c1807pd (f82ab4a2a26e172b929d27d60b637973) C:\WINDOWS\system32\DRIVERS\3c1807pd.sys
    09:38:34.0828 3460 3c1807pd - ok
    09:38:35.0140 3460 Abiosdsk - ok
    09:38:35.0343 3460 abp480n5 - ok
    09:38:35.0718 3460 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    09:38:35.0781 3460 ACPI - ok
    09:38:36.0140 3460 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    09:38:36.0156 3460 ACPIEC - ok
    09:38:36.0437 3460 adpu160m - ok
    09:38:36.0687 3460 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
    09:38:36.0687 3460 aeaudio - ok
    09:38:37.0500 3460 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    09:38:37.0687 3460 aec - ok
    09:38:38.0890 3460 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    09:38:39.0437 3460 AFD - ok
    09:38:40.0390 3460 AFGMp50 - ok
    09:38:41.0203 3460 AFGSp50 - ok
    09:38:42.0156 3460 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    09:38:42.0281 3460 agp440 - ok
    09:38:43.0078 3460 Aha154x - ok
    09:38:43.0656 3460 aic78u2 - ok
    09:38:43.0859 3460 aic78xx - ok
    09:38:44.0062 3460 AliIde - ok
    09:38:44.0296 3460 amsint - ok
    09:38:44.0500 3460 asc - ok
    09:38:44.0687 3460 asc3350p - ok
    09:38:44.0890 3460 asc3550 - ok
    09:38:45.0312 3460 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    09:38:48.0718 3460 AsyncMac - ok
    09:38:49.0171 3460 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    09:38:49.0171 3460 atapi - ok
    09:38:49.0500 3460 Atdisk - ok
    09:38:49.0765 3460 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    09:38:52.0843 3460 Atmarpc - ok
    09:38:53.0250 3460 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    09:38:53.0250 3460 audstub - ok
    09:38:53.0843 3460 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
    09:38:53.0921 3460 AvgLdx86 - ok
    09:38:54.0437 3460 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\system32\Drivers\avgmfx86.sys
    09:38:54.0468 3460 AvgMfx86 - ok
    09:38:54.0875 3460 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys
    09:38:54.0890 3460 AvgRkx86 - ok
    09:38:55.0531 3460 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\system32\Drivers\avgtdix.sys
    09:38:55.0609 3460 AvgTdiX - ok
    09:38:56.0078 3460 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    09:38:56.0093 3460 Beep - ok
    09:38:56.0546 3460 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
    09:38:56.0578 3460 BVRPMPR5 - ok
    09:38:57.0031 3460 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    09:38:57.0031 3460 cbidf2k - ok
    09:38:57.0421 3460 cd20xrnt - ok
    09:38:57.0671 3460 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    09:38:57.0687 3460 Cdaudio - ok
    09:38:58.0031 3460 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    09:38:58.0062 3460 Cdfs - ok
    09:38:58.0484 3460 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    09:38:58.0515 3460 Cdrom - ok
    09:38:58.0765 3460 Changer - ok
    09:38:58.0984 3460 CmdIde - ok
    09:38:59.0265 3460 Cpqarray - ok
    09:38:59.0468 3460 dac2w2k - ok
    09:38:59.0656 3460 dac960nt - ok
    09:38:59.0921 3460 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    09:38:59.0937 3460 Disk - ok
    09:39:00.0328 3460 DLABOIOM (a14524d3f130a57163e0b3e057fc85d5) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    09:39:00.0343 3460 DLABOIOM - ok
    09:39:00.0671 3460 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    09:39:00.0687 3460 DLACDBHM - ok
    09:39:00.0906 3460 DLADResN (7c4cdf8a684b63d7482e0bf7440dc3b5) C:\WINDOWS\system32\DLA\DLADResN.SYS
    09:39:00.0906 3460 DLADResN - ok
    09:39:01.0296 3460 DLAIFS_M (97bca2aac06a9fea56615b4b15bdb9b8) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    09:39:01.0343 3460 DLAIFS_M - ok
    09:39:01.0656 3460 DLAOPIOM (be8d558cf749424f0de612813f7c6725) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    09:39:01.0671 3460 DLAOPIOM - ok
    09:39:01.0953 3460 DLAPoolM (7e5277cb45dc5e2a86af8ce093c7ef31) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    09:39:01.0968 3460 DLAPoolM - ok
    09:39:02.0359 3460 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
    09:39:02.0375 3460 DLARTL_N - ok
    09:39:02.0703 3460 DLAUDFAM (d886b6d02b51e5bd61b8a571a16d5ca2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    09:39:02.0906 3460 DLAUDFAM - ok
    09:39:03.0406 3460 DLAUDF_M (2c0ecf7a9d5162d87c64e2ae868b5039) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    09:39:03.0453 3460 DLAUDF_M - ok
    09:39:04.0125 3460 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    09:39:08.0140 3460 dmboot - ok
    09:39:08.0656 3460 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    09:39:12.0890 3460 dmio - ok
    09:39:13.0390 3460 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    09:39:15.0031 3460 dmload - ok
    09:39:15.0656 3460 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    09:39:15.0734 3460 DMusic - ok
    09:39:16.0046 3460 dpti2o - ok
    09:39:16.0390 3460 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    09:39:16.0406 3460 drmkaud - ok
    09:39:16.0734 3460 DRVMCDB (73623d89faef4d1aa600edee8b490bc5) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    09:39:16.0859 3460 DRVMCDB - ok
    09:39:17.0140 3460 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    09:39:17.0171 3460 DRVNDDM - ok
    09:39:17.0859 3460 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    09:39:18.0093 3460 E100B - ok
    09:39:18.0750 3460 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    09:39:18.0796 3460 Fastfat - ok
    09:39:19.0156 3460 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    09:39:19.0171 3460 Fdc - ok
    09:39:19.0687 3460 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    09:39:19.0703 3460 Fips - ok
    09:39:20.0140 3460 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    09:39:20.0187 3460 Flpydisk - ok
    09:39:20.0734 3460 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    09:39:20.0781 3460 FltMgr - ok
    09:39:21.0156 3460 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    09:39:22.0078 3460 Fs_Rec - ok
    09:39:22.0562 3460 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    09:39:22.0640 3460 Ftdisk - ok
    09:39:22.0968 3460 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    09:39:23.0000 3460 GEARAspiWDM - ok
    09:39:23.0468 3460 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    09:39:23.0484 3460 Gpc - ok
    09:39:23.0875 3460 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    09:39:23.0921 3460 hidusb - ok
    09:39:24.0453 3460 hitmanpro35 (30b90793a568281bef70fa57dde305a2) C:\WINDOWS\system32\drivers\hitmanpro35.sys
    09:39:24.0484 3460 hitmanpro35 - ok
    09:39:24.0796 3460 hpn - ok
    09:39:25.0140 3460 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    09:39:25.0328 3460 HTTP - ok
    09:39:25.0656 3460 i2omgmt - ok
    09:39:25.0859 3460 i2omp - ok
    09:39:26.0093 3460 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    09:39:26.0125 3460 i8042prt - ok
    09:39:26.0578 3460 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    09:39:26.0593 3460 Imapi - ok
    09:39:26.0937 3460 ini910u - ok
    09:39:27.0125 3460 IntelIde - ok
    09:39:27.0546 3460 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    09:39:27.0562 3460 intelppm - ok
    09:39:27.0921 3460 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    09:39:29.0734 3460 ip6fw - ok
    09:39:30.0093 3460 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    09:39:30.0125 3460 IpFilterDriver - ok
    09:39:30.0484 3460 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    09:39:30.0500 3460 IpInIp - ok
    09:39:30.0921 3460 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    09:39:30.0984 3460 IpNat - ok
    09:39:31.0421 3460 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    09:39:36.0093 3460 IPSec - ok
    09:39:36.0531 3460 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    09:39:36.0531 3460 IRENUM - ok
    09:39:36.0828 3460 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    09:39:38.0578 3460 isapnp - ok
    09:39:39.0015 3460 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    09:39:39.0046 3460 Kbdclass - ok
    09:39:39.0546 3460 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    09:39:39.0609 3460 kmixer - ok
    09:39:39.0984 3460 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    09:39:40.0015 3460 KSecDD - ok
    09:39:40.0453 3460 lbrtfdc - ok
    09:39:40.0718 3460 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
    09:39:40.0718 3460 MBAMProtector - ok
    09:39:40.0984 3460 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    09:39:40.0984 3460 mnmdd - ok
    09:39:41.0250 3460 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    09:39:41.0265 3460 Modem - ok
    09:39:41.0718 3460 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    09:39:41.0718 3460 Mouclass - ok
    09:39:42.0046 3460 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    09:39:42.0046 3460 mouhid - ok
    09:39:42.0406 3460 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    09:39:42.0421 3460 MountMgr - ok
    09:39:42.0703 3460 mraid35x - ok
    09:39:43.0015 3460 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    09:39:43.0062 3460 MRxDAV - ok
    09:39:43.0718 3460 MRxSmb (c1d85b598874ed1a1d6c531af30edf75) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    09:39:43.0906 3460 MRxSmb - ok
    09:39:44.0812 3460 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    09:39:45.0109 3460 Msfs - ok
    09:39:45.0609 3460 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    09:39:45.0687 3460 MSKSSRV - ok
    09:39:46.0140 3460 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    09:39:46.0203 3460 MSPCLOCK - ok
    09:39:46.0828 3460 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    09:39:46.0828 3460 MSPQM - ok
    09:39:47.0218 3460 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    09:39:47.0296 3460 mssmbios - ok
    09:39:47.0796 3460 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    09:39:47.0906 3460 Mup - ok
    09:39:48.0343 3460 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    09:39:48.0796 3460 NDIS - ok
    09:39:49.0187 3460 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    09:39:49.0250 3460 NdisTapi - ok
    09:39:49.0890 3460 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    09:39:54.0125 3460 Ndisuio - ok
    09:39:54.0656 3460 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    09:39:54.0687 3460 NdisWan - ok
    09:39:55.0031 3460 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    09:39:55.0062 3460 NDProxy - ok
    09:39:55.0500 3460 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    09:39:55.0515 3460 NetBIOS - ok
    09:39:55.0968 3460 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    09:39:56.0015 3460 NetBT - ok
    09:39:56.0375 3460 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    09:39:56.0390 3460 Npfs - ok
    09:39:57.0078 3460 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    09:39:57.0406 3460 Ntfs - ok
    09:39:58.0203 3460 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    09:39:58.0203 3460 Null - ok
    09:39:59.0046 3460 nv (5d701fca6f7db7a8a7d21f80a84d291a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    09:39:59.0062 3460 nv - ok
    09:39:59.0484 3460 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    09:39:59.0500 3460 NwlnkFlt - ok
    09:39:59.0875 3460 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    09:39:59.0890 3460 NwlnkFwd - ok
    09:40:00.0140 3460 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
    09:40:00.0156 3460 OMCI - ok
    09:40:00.0625 3460 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    09:40:00.0656 3460 Parport - ok
    09:40:01.0046 3460 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    09:40:01.0046 3460 PartMgr - ok
    09:40:01.0390 3460 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    09:40:01.0437 3460 ParVdm - ok
    09:40:01.0796 3460 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    09:40:01.0828 3460 PCI - ok
    09:40:02.0125 3460 PCIDump - ok
    09:40:02.0375 3460 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    09:40:02.0390 3460 PCIIde - ok
    09:40:02.0781 3460 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    09:40:05.0531 3460 Pcmcia - ok
    09:40:05.0890 3460 PDCOMP - ok
    09:40:06.0078 3460 PDFRAME - ok
    09:40:06.0281 3460 PDRELI - ok
    09:40:06.0562 3460 PDRFRAME - ok
    09:40:06.0750 3460 perc2 - ok
    09:40:06.0937 3460 perc2hib - ok
    09:40:07.0234 3460 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    09:40:10.0078 3460 PptpMiniport - ok
    09:40:10.0609 3460 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    09:40:10.0687 3460 Processor - ok
    09:40:11.0062 3460 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    09:40:11.0093 3460 PSched - ok
    09:40:11.0421 3460 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    09:40:11.0546 3460 Ptilink - ok
    09:40:11.0953 3460 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    09:40:11.0984 3460 PxHelp20 - ok
    09:40:12.0250 3460 ql1080 - ok
    09:40:12.0531 3460 Ql10wnt - ok
    09:40:12.0718 3460 ql12160 - ok
    09:40:12.0921 3460 ql1240 - ok
    09:40:13.0109 3460 ql1280 - ok
    09:40:13.0359 3460 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    09:40:13.0359 3460 RasAcd - ok
    09:40:13.0703 3460 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    09:40:13.0718 3460 Rasl2tp - ok
    09:40:14.0125 3460 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    09:40:14.0140 3460 RasPppoe - ok
    09:40:14.0437 3460 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    09:40:14.0531 3460 Raspti - ok
    09:40:14.0984 3460 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    09:40:15.0046 3460 Rdbss - ok
    09:40:15.0359 3460 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    09:40:15.0390 3460 RDPCDD - ok
    09:40:15.0937 3460 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    09:40:17.0843 3460 RDPWD - ok
    09:40:18.0312 3460 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    09:40:18.0359 3460 redbook - ok
    09:40:18.0890 3460 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    09:40:19.0078 3460 ROOTMODEM - ok
    09:40:19.0531 3460 RTL8023 (3dee06e12bac87168089040d3c86fbea) C:\WINDOWS\system32\DRIVERS\GA311ND5.SYS
    09:40:19.0562 3460 RTL8023 - ok
    09:40:19.0937 3460 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    09:40:19.0937 3460 Secdrv - ok
    09:40:20.0171 3460 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    09:40:20.0171 3460 serenum - ok
    09:40:20.0406 3460 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    09:40:20.0421 3460 Serial - ok
    09:40:20.0750 3460 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    09:40:20.0750 3460 Sfloppy - ok
    09:40:20.0968 3460 Simbad - ok
    09:40:21.0390 3460 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
    09:40:21.0640 3460 smwdm - ok
    09:40:21.0937 3460 Sparrow - ok
    09:40:22.0187 3460 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    09:40:22.0203 3460 splitter - ok
    09:40:22.0437 3460 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    09:40:22.0468 3460 sr - ok
    09:40:22.0906 3460 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    09:40:23.0031 3460 Srv - ok
    09:40:23.0375 3460 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    09:40:23.0375 3460 swenum - ok
    09:40:23.0609 3460 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    09:40:23.0640 3460 swmidi - ok
    09:40:23.0906 3460 sxuptp - ok
    09:40:24.0093 3460 symc810 - ok
    09:40:24.0296 3460 symc8xx - ok
    09:40:24.0484 3460 sym_hi - ok
    09:40:24.0671 3460 sym_u3 - ok
    09:40:24.0937 3460 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    09:40:25.0406 3460 sysaudio - ok
    09:40:26.0015 3460 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    09:40:26.0156 3460 Tcpip - ok
    09:40:26.0484 3460 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    09:40:26.0484 3460 TDPIPE - ok
    09:40:26.0890 3460 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    09:40:26.0906 3460 TDTCP - ok
    09:40:27.0296 3460 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    09:40:27.0312 3460 TermDD - ok
    09:40:27.0640 3460 TosIde - ok
    09:40:27.0921 3460 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    09:40:27.0937 3460 Udfs - ok
    09:40:28.0203 3460 ultra - ok
    09:40:28.0640 3460 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    09:40:28.0781 3460 Update - ok
    09:40:29.0203 3460 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
    09:40:29.0234 3460 USBAAPL - ok
    09:40:29.0750 3460 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    09:40:31.0531 3460 usbccgp - ok
    09:40:32.0750 3460 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    09:40:33.0015 3460 usbehci - ok
    09:40:34.0046 3460 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    09:40:34.0218 3460 usbhub - ok
    09:40:35.0265 3460 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    09:40:35.0312 3460 usbprint - ok
    09:40:36.0156 3460 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    09:40:36.0218 3460 usbscan - ok
    09:40:36.0703 3460 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    09:40:36.0718 3460 USBSTOR - ok
    09:40:36.0937 3460 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    09:40:36.0937 3460 usbuhci - ok
    09:40:37.0218 3460 USRpdA (497f2190e87d58fd68e559e083796edc) C:\WINDOWS\system32\DRIVERS\USRpdA.sys
    09:40:37.0250 3460 USRpdA - ok
    09:40:37.0578 3460 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    09:40:37.0578 3460 VgaSave - ok
    09:40:37.0875 3460 ViaIde - ok
    09:40:38.0171 3460 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    09:40:38.0187 3460 VolSnap - ok
    09:40:38.0515 3460 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    09:40:38.0531 3460 Wanarp - ok
    09:40:38.0843 3460 WDICA - ok
    09:40:39.0109 3460 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    09:40:39.0140 3460 wdmaud - ok
    09:40:39.0296 3460 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    09:40:39.0578 3460 \Device\Harddisk0\DR0 - ok
    09:40:39.0578 3460 Boot (0x1200) (6c35032b15a67bbba1e0aa1a237ff28e) \Device\Harddisk0\DR0\Partition0
    09:40:39.0578 3460 \Device\Harddisk0\DR0\Partition0 - ok
    09:40:39.0593 3460 ============================================================
    09:40:39.0593 3460 Scan finished
    09:40:39.0593 3460 ============================================================
    09:40:39.0609 4812 Detected object count: 0
    09:40:39.0609 4812 Actual detected object count: 0
     
  4. Mister Ed

    Mister Ed TS Rookie Topic Starter Posts: 70

    Boni - I will be leaving shortly, for the Holiday. Will be back Mon or Tues.
     
  5. Broni

    Broni Malware Annihilator Posts: 47,594   +267

    Have a nice trip :)

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===========================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  6. Mister Ed

    Mister Ed TS Rookie Topic Starter Posts: 70

    Part #1-aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-27 17:49:26
    -----------------------------
    17:49:26.765 OS Version: Windows 5.1.2600 Service Pack 3
    17:49:26.765 Number of processors: 1 586 0x209
    17:49:26.765 ComputerName: ED-NXAIBJWWPXN5 UserName: Ed
    17:49:27.890 Initialize success
    18:02:13.187 AVAST engine defs: 11122702
    18:02:23.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    18:02:23.046 Disk 0 Vendor: WDC_WD400BB-75DEA0 05.03E05 Size: 38146MB BusType: 3
    18:02:23.156 Disk 0 MBR read successfully
    18:02:23.156 Disk 0 MBR scan
    18:02:23.437 Disk 0 Windows XP default MBR code
    18:02:23.515 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63
    18:02:23.546 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 38099 MB offset 80325
    18:02:23.765 Disk 0 scanning sectors +78108030
    18:02:24.562 Disk 0 scanning C:\WINDOWS\system32\drivers
    18:03:01.796 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Aluroot [Rtk]
    18:03:16.484 Service scanning
    18:03:19.343 Modules scanning
    18:03:27.453 Module: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys **SUSPICIOUS**
    18:03:36.406 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
    18:03:38.484 Disk 0 trace - called modules:
    18:03:38.500 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8919ff10]<<
    18:03:38.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89746ab8]
    18:03:38.500 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x894ff030]
    18:03:38.500 \Driver\00002331[0x896a9768] -> IRP_MJ_CREATE -> 0x8919ff10
    18:03:39.875 AVAST engine scan C:\WINDOWS
    18:03:45.687 AVAST engine scan C:\WINDOWS\system32
    18:10:01.375 AVAST engine scan C:\WINDOWS\system32\drivers
    18:10:19.734 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Aluroot [Rtk]
    18:10:40.968 AVAST engine scan C:\Documents and Settings\Ed
    18:18:47.062 AVAST engine scan C:\Documents and Settings\All Users
    18:21:47.359 Scan finished successfully
    18:23:51.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ed\Desktop\MBR.dat"
    18:23:51.406 The log file has been saved successfully to "C:\Documents and Settings\Ed\Desktop\aswMBR.txt"

    Working on ComboFix now (have to uninstall AVG)


    Update ... well had issues with ComboFix ... it appeared to run ... but no report. the folder on the C: drive is kindaa odd. Will try again tomorrow.
     
  7. Mister Ed

    Mister Ed TS Rookie Topic Starter Posts: 70

    I guess I did not wait long enough for ComboFix ... here is the report:ComboFix 11-12-27.01 - Ed 12/27/2011 23:55:22.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.858 [GMT -5:00]
    Running from: c:\documents and settings\Ed\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
    c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
    c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
    c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
    c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
    c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
    c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
    c:\program files\StartNow Toolbar
    c:\program files\StartNow Toolbar\Resources\images\engine_images.png
    c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
    c:\program files\StartNow Toolbar\Resources\images\engine_news.png
    c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
    c:\program files\StartNow Toolbar\Resources\images\engine_web.png
    c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
    c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
    c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
    c:\program files\StartNow Toolbar\Resources\images\icon_games.png
    c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
    c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
    c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
    c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
    c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
    c:\program files\StartNow Toolbar\Resources\installer.xml
    c:\program files\StartNow Toolbar\Resources\protect\index.html
    c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css
    c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css
    c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
    c:\program files\StartNow Toolbar\Resources\protect\window.css
    c:\program files\StartNow Toolbar\Resources\protect\window.js
    c:\program files\StartNow Toolbar\Resources\reactivate\index.html
    c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png
    c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css
    c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
    c:\program files\StartNow Toolbar\Resources\reactivate\window.css
    c:\program files\StartNow Toolbar\Resources\reactivate\window.js
    c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
    c:\program files\StartNow Toolbar\Resources\skin\separator.png
    c:\program files\StartNow Toolbar\Resources\skin\splitter.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
    c:\program files\StartNow Toolbar\Resources\toolbar.xml
    c:\program files\StartNow Toolbar\Resources\update.xml
    c:\program files\StartNow Toolbar\uninstall.dat
    c:\windows\$NtUninstallKB55273$\3024380845\@
    c:\windows\$NtUninstallKB55273$\3024380845\bckfg.tmp
    c:\windows\$NtUninstallKB55273$\3024380845\cfg.ini
    c:\windows\$NtUninstallKB55273$\3024380845\Desktop.ini
    c:\windows\$NtUninstallKB55273$\3024380845\keywords
    c:\windows\$NtUninstallKB55273$\3024380845\kwrd.dll
    c:\windows\$NtUninstallKB55273$\3024380845\L\nncriaou
    c:\windows\$NtUninstallKB55273$\3024380845\lsflt7.ver
    c:\windows\$NtUninstallKB55273$\3024380845\U\00000001.@
    c:\windows\$NtUninstallKB55273$\3024380845\U\00000002.@
    c:\windows\$NtUninstallKB55273$\3024380845\U\00000004.@
    c:\windows\$NtUninstallKB55273$\3024380845\U\80000000.@
    c:\windows\$NtUninstallKB55273$\3024380845\U\80000004.@
    c:\windows\$NtUninstallKB55273$\3024380845\U\80000032.@
    c:\windows\$NtUninstallKB55273$\853956447
    c:\windows\$NtUninstallKB55273$ . . . . Failed to delete
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-28 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-28 02:20 . 2011-12-28 02:20 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2011-12-28 02:20 . 2011-12-28 02:54 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2011-12-28 02:20 . 2011-12-28 02:20 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2011-12-28 02:20 . 2011-12-28 02:20 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-12-28 02:20 . 2011-12-28 02:54 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2011-12-28 02:20 . 2011-12-28 04:33 -------- d-----w- c:\windows\system32\drivers\Avg
    2011-12-28 02:06 . 2011-12-28 02:06 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-12-22 21:42 . 2011-12-22 21:42 -------- d-----w- c:\program files\AVG
    2011-12-21 07:03 . 2011-12-21 07:03 -------- d-----w- C:\$AVG
    2011-12-20 04:40 . 2011-12-28 02:07 -------- d-----w- c:\documents and settings\Ed
    2011-12-18 22:43 . 2011-12-28 02:07 -------- d-----w- c:\documents and settings\Administrator.ED-NXAIBJWWPXN5
    2011-12-06 02:18 . 2011-12-06 02:18 -------- d-----w- c:\program files\Microsoft
    2011-12-06 02:18 . 2011-12-06 02:18 -------- d-----w- c:\program files\MSN Toolbar
    2011-12-06 02:18 . 2004-12-17 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
    2011-12-06 02:18 . 2004-12-17 04:03 -------- d-----w- c:\program files\HP Photo Creations
    2011-12-06 02:16 . 2011-12-06 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
    2011-12-06 02:16 . 2004-12-17 04:03 -------- d-----w- c:\program files\HP
    2011-12-01 05:13 . 2004-12-17 04:04 -------- d-----w- c:\program files\PDFReader(2)
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-18 05:11 . 2011-07-15 02:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-23 13:25 . 2003-07-16 20:51 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20 . 2003-07-16 20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2003-07-16 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2003-07-16 20:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2009-03-21 01:45 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07 . 2003-07-16 20:40 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2003-07-16 20:26 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:33 . 2003-07-16 20:39 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2002-08-29 01:04 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-18 11:13 . 2003-07-16 20:27 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22 . 2009-03-21 00:44 692736 ----a-w- c:\windows\system32\inetcomm.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "USRpdA"="c:\windows\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA" [X]
    "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-12-28 2076512]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBVAFMAUgAtAFoASgBTAEwAMwAtAFcATgBLAEwAUwAtADgAUgAwAEcAQQAtAEcAWQBTADAAQwAtADcAVwBDADMAOAA&inst=NwA2AC0AMQAwADAAMAA1ADEANwAxADcAMAAtAFAATAArADkALQBYAE8AMwA2ACsAMQAtAFUAUgAyADAAMQAxACsAMwAtAE4AMQBEACsAMQAtAEMASQBBADkAMAArADIALQBEAEQAVAArADMANwA0ADMAMAAtAEQARAA5ADAAKwAxAC0AUwBUADkAMABBAFAAUAArADEALQBQADkAMABNADEAMgBDACsAMQAtAFUAOQA1ACsAMQAtAFQAQgBOACsAMQAtAEYAVQBJACsAMgAtAFAAOQAwAFUAKwAxAC0AUAA5ADAAVQAxACsAMQA&prod=92&ver=9.0.914" [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2011-12-28 02:20 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    .
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [12/27/2011 9:20 PM 52872]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/27/2011 9:20 PM 216400]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/27/2011 9:20 PM 243152]
    R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [12/27/2011 9:53 PM 921952]
    R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/27/2011 9:54 PM 308136]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/31/2010 5:32 PM 366152]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/31/2010 5:32 PM 22216]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/26/2010 9:20 PM 136176]
    S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe --> c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/26/2010 9:20 PM 136176]
    S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2/4/2011 9:11 PM 16968]
    S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys --> c:\windows\system32\DRIVERS\sxuptp.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-27 02:20]
    .
    2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-27 02:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-MFARestart - c:\documents and settings\All Users\Application Data\MFAData\pack\avgrunasx.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-28 00:22
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2068)
    c:\windows\system32\WININET.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\System32\nvsvc32.exe
    c:\windows\SYSTEM32\USRmlnkA.exe
    c:\windows\SYSTEM32\USRshutA.exe
    c:\windows\SYSTEM32\USRmlnkA.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\AVG\AVG9\avgam.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\windows\system32\taskmgr.exe
    c:\windows\system32\imapi.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-28 00:38:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-28 05:38
    .
    Pre-Run: 10,121,883,648 bytes free
    Post-Run: 10,916,990,976 bytes free
    .
    - - End Of File - - D74DB97063CA256BF466E875964F5590

    I am having trouble uninstalling AVG now. For this run I went to TaskMgr and ended the process for all of the AVG processes, before running ComboFix. Let me know if I need to somehow get it uninstalled (I even tried in SAFE Mode) and I will try again ... tomorrow.
     
  8. Broni

    Broni Malware Annihilator Posts: 47,594   +267

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
    NOTE. Make sure to reverse the above changes, when done with this step.
    Upload following files to http://www.virustotal.com/ for security check:
    - C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.

    ============================================================

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      mrxsmb.sys
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  9. Mister Ed

    Mister Ed TS Rookie Topic Starter Posts: 70

    Not sure how this will paste ... but here goes:
    1 VT Community user(s) with a total of 25238 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
    File name: mrxsmb.sys
    Submission date: 2011-12-28 21:02:19 (UTC)
    Current status: queued queued (#1) analysing finished


    Result: 0/ 43 (0.0%)
    VT Community

    goodware
    Safety score: 100.0%
    Compact Print results Antivirus Version Last Update Result
    AhnLab-V3 2011.12.28.03 2011.12.28 -
    AntiVir 7.11.20.59 2011.12.28 -
    Antiy-AVL 2.0.3.7 2011.12.28 -
    Avast 6.0.1289.0 2011.12.28 -
    AVG 10.0.0.1190 2011.12.28 -
    BitDefender 7.2 2011.12.28 -
    ByteHero 1.0.0.1 2011.12.07 -
    CAT-QuickHeal 12.00 2011.12.28 -
    ClamAV 0.97.3.0 2011.12.28 -
    Commtouch 5.3.2.6 2011.12.28 -
    Comodo 11122 2011.12.28 -
    DrWeb 5.0.2.03300 2011.12.28 -
    Emsisoft 5.1.0.11 2011.12.28 -
    eSafe 7.0.17.0 2011.12.25 -
    eTrust-Vet 37.0.9651 2011.12.28 -
    F-Prot 4.6.5.141 2011.12.28 -
    F-Secure 9.0.16440.0 2011.12.28 -
    Fortinet 4.3.388.0 2011.12.28 -
    GData 22.324/22.610 2011.12.28 -
    Ikarus T3.1.1.109.0 2011.12.28 -
    Jiangmin 13.0.900 2011.12.28 -
    K7AntiVirus 9.120.5796 2011.12.28 -
    Kaspersky 9.0.0.837 2011.12.28 -
    McAfee 5.400.0.1158 2011.12.28 -
    McAfee-GW-Edition 2010.1E 2011.12.28 -
    Microsoft 1.7903 2011.12.28 -
    NOD32 6750 2011.12.28 -
    Norman 6.07.13 2011.12.28 -
    nProtect 2011-12-28.01 2011.12.28 -
    Panda 10.0.3.5 2011.12.28 -
    PCTools 8.0.0.5 2011.12.28 -
    Prevx 3.0 2011.12.28 -
    Rising 23.90.02.02 2011.12.28 -
    Sophos 4.72.0 2011.12.28 -
    SUPERAntiSpyware 4.40.0.1006 2011.12.27 -
    Symantec 20111.2.0.82 2011.12.28 -
    TheHacker 6.7.0.1.366 2011.12.27 -
    TrendMicro 9.500.0.1008 2011.12.28 -
    TrendMicro-HouseCall 9.500.0.1008 2011.12.28 -
    VBA32 3.12.16.4 2011.12.28 -
    VIPRE 11317 2011.12.28 -
    ViRobot 2011.12.28.4851 2011.12.28 -
    VirusBuster 14.1.138.0 2011.12.28 -
    Additional informationShow all
    MD5 : 7d304a5eb4344ebeeab53a2fe3ffb9f0
    SHA1 : 7290abe7a7acf998419d8ff3f2de79fafbced0a8
    SHA256: db9b186f7076d7b94f45041af7b77c1ad2cab504d683b459c6cb1c22840ed170

    And System Look
    SystemLook 30.07.11 by jpshortstuff
    Log created at 16:19 on 28/12/2011 by Ed
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "mrxsmb.sys"
    C:\WINDOWS\$hf_mig$\KB2511455\SP3QFE\mrxsmb.sys --a---- 457472 bytes [06:18 14/04/2011] [13:19 17/02/2011] FB7DFD15D760AD339837A470F0E780D3
    C:\WINDOWS\$hf_mig$\KB2536276\SP3QFE\mrxsmb.sys --a---- 457856 bytes [19:58 16/06/2011] [16:47 29/04/2011] 8DD801E28EB76FDA2A38907882A0036F
    C:\WINDOWS\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys --a---- 457856 bytes [06:25 10/08/2011] [13:29 15/07/2011] FB2FCCC70F7174C7BF64F48E96D3ADF4
    C:\WINDOWS\$hf_mig$\KB957097\SP2QFE\mrxsmb.sys --a---- 455936 bytes [04:32 21/03/2009] [11:25 24/10/2008] D07DA410091143336DAE419A921AAE2B
    C:\WINDOWS\$hf_mig$\KB957097\SP3GDR\mrxsmb.sys --a---- 455296 bytes [04:32 21/03/2009] [11:21 24/10/2008] 60AE98742484E7AB80C3C1450E708148
    C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys --a---- 455936 bytes [04:32 21/03/2009] [11:41 24/10/2008] 7170AB42B51954DEF2781A4D1CCE65F4
    C:\WINDOWS\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys --a---- 456832 bytes [22:37 09/02/2010] [17:25 04/12/2009] 602549D1E8A622E5746991F6C56B21CA
    C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys --a---- 457216 bytes [21:57 14/04/2010] [11:57 24/02/2010] D09B9F0B9960DD41E73127B7814C115F
    C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys -----c- 453632 bytes [20:36 21/03/2009] [11:10 24/10/2008] 6F2D483B97B395544E59749C47963C6A
    C:\WINDOWS\Driver Cache\i386\mrxsmb.sys ------- 456320 bytes [04:32 21/03/2009] [13:29 15/07/2011] 7D304A5EB4344EBEEAB53A2FE3FFB9F0
    C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys ------- 456576 bytes [01:44 21/03/2009] [19:17 13/04/2008] 68755F0FF16070178B54674FE5B847B0
    C:\WINDOWS\SoftwareDistribution\Download\cae2e05a002a9ae98c735c66fa6a46be\SP3GDR\mrxsmb.sys --a---- 456320 bytes [05:37 28/12/2011] [13:29 15/07/2011] 7D304A5EB4344EBEEAB53A2FE3FFB9F0
    C:\WINDOWS\SoftwareDistribution\Download\cae2e05a002a9ae98c735c66fa6a46be\SP3QFE\mrxsmb.sys --a---- 457856 bytes [05:37 28/12/2011] [13:29 15/07/2011] FB2FCCC70F7174C7BF64F48E96D3ADF4
    C:\WINDOWS\system32\dllcache\mrxsmb.sys -----c- 456320 bytes [04:32 21/03/2009] [13:29 15/07/2011] 7D304A5EB4344EBEEAB53A2FE3FFB9F0
    C:\WINDOWS\system32\drivers\mrxsmb.sys --a---- 456320 bytes [20:34 16/07/2003] [13:29 15/07/2011] 7D304A5EB4344EBEEAB53A2FE3FFB9F0

    -= EOF =-
     
  10. Broni

    Broni Malware Annihilator Posts: 47,594   +267

    Good.

    Re-run aswMBR and Combofix.
    Post new logs.

    How is computer doing?
     
  11. Mister Ed

    Mister Ed TS Rookie Topic Starter Posts: 70

    I had nothing showing in the AVG log this morning (scheduled scan). I think ComboFix had a workout last night ... I think it restarted the computer 3 times. Still running 'sluggish' though.
    aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-28 19:09:49
    -----------------------------
    19:09:49.000 OS Version: Windows 5.1.2600 Service Pack 3
    19:09:49.000 Number of processors: 1 586 0x209
    19:09:49.000 ComputerName: ED-NXAIBJWWPXN5 UserName: Ed
    19:09:50.500 Initialize success
    19:10:02.390 AVAST engine defs: 11122801
    19:10:21.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    19:10:21.250 Disk 0 Vendor: WDC_WD400BB-75DEA0 05.03E05 Size: 38146MB BusType: 3
    19:10:21.296 Disk 0 MBR read successfully
    19:10:21.296 Disk 0 MBR scan
    19:10:21.375 Disk 0 Windows XP default MBR code
    19:10:21.390 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63
    19:10:21.421 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 38099 MB offset 80325
    19:10:21.453 Disk 0 scanning sectors +78108030
    19:10:21.593 Disk 0 scanning C:\WINDOWS\system32\drivers
    19:11:25.765 Service scanning
    19:11:29.468 Modules scanning
    19:11:58.187 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
    19:12:01.937 Disk 0 trace - called modules:
    19:12:01.968 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
    19:12:01.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89749ab8]
    19:12:01.968 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8979bd98]
    19:12:03.203 AVAST engine scan C:\WINDOWS
    19:12:16.031 AVAST engine scan C:\WINDOWS\system32
    19:19:57.015 AVAST engine scan C:\WINDOWS\system32\drivers
    19:20:42.109 AVAST engine scan C:\Documents and Settings\Ed
    19:29:07.562 AVAST engine scan C:\Documents and Settings\All Users
    19:32:15.265 Scan finished successfully
    19:40:31.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ed\Desktop\MBR.dat"
    19:40:31.546 The log file has been saved successfully to "C:\Documents and Settings\Ed\Desktop\aswMBR2.txt"

    Looks better than the last run. Will work on running ComboFix now ... if I can get AVG uninstalled!
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,594   +267

    When you're done with Combofix upload another file to VirusTotal:
    C:\WINDOWS\System32\DLA\DLADResN.SYS
     
  13. Mister Ed

    Mister Ed TS Rookie Topic Starter Posts: 70

    Here is ComboFix, I did get a couple Rookit error pop-ups when it was running (like last night):
    ComboFix 11-12-28.03 - Ed 12/28/2011 20:10:01.3.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.993 [GMT -5:00]
    Running from: c:\documents and settings\Ed\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-28 02:06 . 2011-12-28 02:06 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-12-22 21:42 . 2011-12-22 21:42 -------- d-----w- c:\program files\AVG
    2011-12-21 07:03 . 2011-12-21 07:03 -------- d-----w- C:\$AVG
    2011-12-20 04:40 . 2011-12-28 02:07 -------- d-----w- c:\documents and settings\Ed
    2011-12-18 22:43 . 2011-12-28 02:07 -------- d-----w- c:\documents and settings\Administrator.ED-NXAIBJWWPXN5
    2011-12-06 02:18 . 2011-12-06 02:18 -------- d-----w- c:\program files\Microsoft
    2011-12-06 02:18 . 2011-12-06 02:18 -------- d-----w- c:\program files\MSN Toolbar
    2011-12-06 02:18 . 2004-12-17 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
    2011-12-06 02:18 . 2004-12-17 04:03 -------- d-----w- c:\program files\HP Photo Creations
    2011-12-06 02:16 . 2011-12-06 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
    2011-12-06 02:16 . 2004-12-17 04:03 -------- d-----w- c:\program files\HP
    2011-12-01 05:13 . 2004-12-17 04:04 -------- d-----w- c:\program files\PDFReader(2)
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-18 05:11 . 2011-07-15 02:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-10 20:24 . 2010-08-31 22:32 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-23 13:25 . 2003-07-16 20:51 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20 . 2003-07-16 20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2003-07-16 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2003-07-16 20:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2009-03-21 01:45 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07 . 2003-07-16 20:40 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2003-07-16 20:26 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:33 . 2003-07-16 20:39 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2002-08-29 01:04 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-18 11:13 . 2003-07-16 20:27 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22 . 2009-03-21 00:44 692736 ----a-w- c:\windows\system32\inetcomm.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-12-28_05.22.36 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-12-29 01:07 . 2011-12-29 01:07 16384 c:\windows\Temp\Perflib_Perfdata_4a0.dat
    + 2011-12-29 01:21 . 2011-12-29 01:21 53248 c:\windows\Temp\catchme.dll
    - 2011-12-28 05:22 . 2011-12-28 05:22 53248 c:\windows\Temp\catchme.dll
    + 2009-03-21 03:09 . 2011-12-28 19:55 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2009-03-21 03:09 . 2011-12-18 04:35 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2009-03-21 03:09 . 2011-12-18 04:35 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2009-03-21 03:09 . 2011-12-28 19:55 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2009-03-21 03:09 . 2011-12-28 19:55 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2009-03-21 03:09 . 2011-12-18 04:35 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2009-03-21 03:09 . 2011-12-28 19:55 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2009-03-21 03:09 . 2011-12-18 04:35 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2009-03-21 03:09 . 2011-12-28 19:55 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2009-03-21 03:09 . 2011-12-18 04:35 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2009-03-21 03:09 . 2011-12-28 19:55 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2009-03-21 03:09 . 2011-12-18 04:35 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2009-03-21 03:09 . 2011-12-18 04:35 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2009-03-21 03:09 . 2011-12-28 19:55 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2009-03-21 03:09 . 2011-12-28 19:55 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2009-03-21 03:09 . 2011-12-18 04:35 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2009-03-21 03:09 . 2011-12-18 04:35 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2009-03-21 03:09 . 2011-12-28 19:55 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "USRpdA"="c:\windows\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA" [X]
    "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBVAFMAUgAtAFoASgBTAEwAMwAtAFcATgBLAEwAUwAtADgAUgAwAEcAQQAtAEcAWQBTADAAQwAtADcAVwBDADMAOAA&inst=NwA2AC0AMQAwADAAMAA1ADEANwAxADcAMAAtAFAATAArADkALQBYAE8AMwA2ACsAMQAtAFUAUgAyADAAMQAxACsAMwAtAE4AMQBEACsAMQAtAEMASQBBADkAMAArADIALQBEAEQAVAArADMANwA0ADMAMAAtAEQARAA5ADAAKwAxAC0AUwBUADkAMABBAFAAUAArADEALQBQADkAMABNADEAMgBDACsAMQAtAFUAOQA1ACsAMQAtAFQAQgBOACsAMQAtAEYAVQBJACsAMgAtAFAAOQAwAFUAKwAxAC0AUAA5ADAAVQAxACsAMQA&prod=92&ver=9.0.914" [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/31/2010 5:32 PM 652872]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/31/2010 5:32 PM 20464]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/26/2010 9:20 PM 136176]
    S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe --> c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/26/2010 9:20 PM 136176]
    S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2/4/2011 9:11 PM 16968]
    S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys --> c:\windows\system32\DRIVERS\sxuptp.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-27 02:20]
    .
    2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-27 02:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-28 20:21
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2011-12-28 20:24:06
    ComboFix-quarantined-files.txt 2011-12-29 01:23
    ComboFix2.txt 2011-12-28 05:38
    .
    Pre-Run: 10,847,215,616 bytes free
    Post-Run: 10,919,124,992 bytes free
    .
    - - End Of File - - 7811454A71D9D690C18C520B4259A860
     
  14. Broni

    Broni Malware Annihilator Posts: 47,594   +267

    Make sure you read my previous reply.
     
  15. Mister Ed

    Mister Ed TS Rookie Topic Starter Posts: 70

    Virus Total:
    0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
    File name: DLADResN.SYS
    Submission date: 2011-12-29 01:52:55 (UTC)
    Current status: queued (#1) queued (#1) analysing finished


    Result: 0/ 43 (0.0%)
    VT Community

    not reviewed
    Safety score: -
    Compact Print results Antivirus Version Last Update Result
    AhnLab-V3 2011.12.28.03 2011.12.28 -
    AntiVir 7.11.20.59 2011.12.28 -
    Antiy-AVL 2.0.3.7 2011.12.28 -
    Avast 6.0.1289.0 2011.12.28 -
    AVG 10.0.0.1190 2011.12.29 -
    BitDefender 7.2 2011.12.29 -
    ByteHero 1.0.0.1 2011.12.07 -
    CAT-QuickHeal 12.00 2011.12.28 -
    ClamAV 0.97.3.0 2011.12.29 -
    Commtouch 5.3.2.6 2011.12.29 -
    Comodo 11122 2011.12.28 -
    DrWeb 5.0.2.03300 2011.12.29 -
    Emsisoft 5.1.0.11 2011.12.29 -
    eSafe 7.0.17.0 2011.12.25 -
    eTrust-Vet 37.0.9651 2011.12.28 -
    F-Prot 4.6.5.141 2011.12.28 -
    F-Secure 9.0.16440.0 2011.12.29 -
    Fortinet 4.3.388.0 2011.12.28 -
    GData 22 2011.12.29 -
    Ikarus T3.1.1.109.0 2011.12.29 -
    Jiangmin 13.0.900 2011.12.28 -
    K7AntiVirus 9.120.5796 2011.12.28 -
    Kaspersky 9.0.0.837 2011.12.29 -
    McAfee 5.400.0.1158 2011.12.29 -
    McAfee-GW-Edition 2010.1E 2011.12.28 -
    Microsoft 1.7903 2011.12.28 -
    NOD32 6750 2011.12.29 -
    Norman 6.07.13 2011.12.28 -
    nProtect 2011-12-28.01 2011.12.28 -
    Panda 10.0.3.5 2011.12.28 -
    PCTools 8.0.0.5 2011.12.29 -
    Prevx 3.0 2011.12.29 -
    Rising 23.90.02.02 2011.12.28 -
    Sophos 4.72.0 2011.12.29 -
    SUPERAntiSpyware 4.40.0.1006 2011.12.28 -
    Symantec 20111.2.0.82 2011.12.29 -
    TheHacker 6.7.0.1.366 2011.12.27 -
    TrendMicro 9.500.0.1008 2011.12.28 -
    TrendMicro-HouseCall 9.500.0.1008 2011.12.29 -
    VBA32 3.12.16.4 2011.12.28 -
    VIPRE 11318 2011.12.29 -
    ViRobot 2011.12.28.4851 2011.12.29 -
    VirusBuster 14.1.138.0 2011.12.28 -
    Additional informationShow all
    MD5 : 7c4cdf8a684b63d7482e0bf7440dc3b5
    SHA1 : e67ee7dda5cc5010112ed3e4535504fbfed6f1bc
    SHA256: 5e693d6bd1190edf2d6742ac0dd78886f7d9713d427249331fb74ec4af86ee70
     
  16. Broni

    Broni Malware Annihilator Posts: 47,594   +267

    All looks good :)

    How is computer doing?

    You can reinstall AVG now.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  17. Mister Ed

    Mister Ed TS Rookie Topic Starter Posts: 70

    OTL TXT:
    OTL logfile created on: 12/28/2011 9:16:04 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ed\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: | Country: | Language: | Date Format:

    1.25 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 55.73% Memory free
    2.98 Gb Paging File | 2.54 Gb Available in Paging File | 85.16% Paging File free
    Paging file location(s): C:\pagefile.sys 1917 1917 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.21 Gb Total Space | 10.05 Gb Free Space | 27.00% Space Free | Partition Type: NTFS
    Drive D: | 251.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: ED-NXAIBJWWPXN5 | User Name: Ed | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/28 21:13:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ed\Desktop\OTL.exe
    PRC - [2011/12/28 20:40:19 | 002,076,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
    PRC - [2011/12/28 20:40:09 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2011/12/28 20:40:01 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2011/12/28 20:39:52 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
    PRC - [2011/12/28 20:39:51 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2011/12/28 20:39:46 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2011/12/28 20:31:56 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
    PRC - [2011/12/28 20:31:56 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/06/13 04:20:00 | 000,127,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    PRC - [2003/07/16 15:27:31 | 000,077,891 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\system32\usrmlnka.exe
    PRC - [2003/07/16 15:27:31 | 000,069,700 | ---- | M] ( U.S. Robotics Corporation) -- C:\WINDOWS\system32\usrshuta.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
    SRV - File not found [Auto | Stopped] -- -- (PCToolsSSDMonitorSvc)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/12/28 20:40:01 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2011/12/28 20:39:52 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
    SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/12/28 20:40:14 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2011/12/28 20:40:09 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2011/12/28 20:33:01 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
    DRV - [2011/12/28 20:32:49 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/02/04 21:24:12 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
    DRV - [2010/06/30 03:27:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2006/06/13 04:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2006/06/13 04:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2006/06/13 04:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2006/06/13 04:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2006/06/13 04:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2006/06/13 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2006/06/13 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2006/03/17 07:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2006/03/17 07:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2004/03/09 09:58:06 | 000,329,088 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3c1807pd.sys -- (3c1807pd)
    DRV - [2003/10/12 10:29:00 | 000,066,688 | R--- | M] (NETGEAR ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GA311ND5.SYS -- (RTL8023)
    DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
    DRV - [2001/08/17 08:28:26 | 000,113,762 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USRpdA.sys -- (USRpdA)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-73586283-746137067-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-73586283-746137067-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-73586283-746137067-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-73586283-746137067-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 EE EF 8B CE C5 CC 01 [binary data]
    IE - HKU\S-1-5-21-73586283-746137067-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



    O1 HOSTS File: ([2011/12/28 00:22:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA File not found
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-73586283-746137067-839522115-1008..\RunOnce: [avg_spchecker] C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-73586283-746137067-839522115-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-73586283-746137067-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-73586283-746137067-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-73586283-746137067-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A0DE531-0B77-487D-B443-F8C892D9FD93}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/03/20 19:46:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009/02/19 12:52:27 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/28 21:13:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ed\Desktop\OTL.exe
    [2011/12/28 20:33:01 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
    [2011/12/28 20:33:01 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2011/12/28 20:33:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 9.0
    [2011/12/28 20:32:59 | 000,243,152 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2011/12/28 20:32:49 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2011/12/28 20:32:23 | 000,029,712 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2011/12/28 20:32:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
    [2011/12/27 22:17:12 | 004,354,974 | R--- | C] (Swearware) -- C:\Documents and Settings\Ed\Desktop\ComboFix.exe
    [2011/12/27 22:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Application Data\AVG9
    [2011/12/27 20:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Application Data\Sun
    [2011/12/27 18:57:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/12/27 18:57:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/12/27 18:57:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/12/27 18:57:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/12/27 18:44:19 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/12/27 17:33:44 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ed\Desktop\aswMBR.exe
    [2011/12/23 09:36:39 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ed\Desktop\tdsskiller.exe
    [2011/12/22 16:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2011/12/21 23:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Local Settings\Application Data\Apple
    [2011/12/21 23:18:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Local Settings\Application Data\Apple Computer
    [2011/12/21 21:33:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ed\Recent
    [2011/12/21 21:11:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ed\My Documents\My Videos
    [2011/12/21 21:11:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ed\Start Menu\Programs\Administrative Tools
    [2011/12/21 21:11:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Ed\Templates
    [2011/12/21 21:11:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Ed\PrintHood
    [2011/12/21 21:08:54 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Ed\Desktop\dds.scr
    [2011/12/21 02:03:53 | 000,000,000 | ---D | C] -- C:\$AVG
    [2011/12/20 21:26:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Ed\NetHood
    [2011/12/20 18:59:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Application Data\Malwarebytes
    [2011/12/20 18:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Application Data\Apple Computer
    [2011/12/20 18:58:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Ed\SendTo
    [2011/12/20 18:58:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ed\Start Menu\Programs\Accessories
    [2011/12/20 18:57:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ed\My Documents\My Music
    [2011/12/20 18:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\Videos
    [2011/12/20 18:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Local Settings\Application Data\Temp
    [2011/12/20 18:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Local Settings\Application Data\Adobe
    [2011/12/20 17:53:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ed\My Documents\My Pictures
    [2011/12/19 23:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Local Settings\Application Data\Identities
    [2011/12/19 23:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\2011 hunting trapping
    [2011/12/19 23:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\Downloaded Files
    [2011/12/19 23:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\Ed's Resume
    [2011/12/19 23:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\Family Tree
    [2011/12/19 23:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\John
    [2011/12/19 23:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\Fishing Boat
    [2011/12/19 23:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\Karen Job
    [2011/12/19 23:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\New Folder
    [2011/12/19 23:51:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\New Folder (2)
    [2011/12/19 23:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\Snowmobile
    [2011/12/19 23:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\Stove, Saw, Engine
    [2011/12/19 23:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\Trapping
    [2011/12/19 23:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\My Documents\Wind mill
    [2011/12/19 23:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Application Data\Macromedia
    [2011/12/19 23:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Application Data\Adobe
    [2011/12/19 23:42:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ed\IECompatCache
    [2011/12/19 23:41:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ed\PrivacIE
    [2011/12/19 23:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Application Data\Identities
    [2011/12/19 23:40:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ed\My Documents
    [2011/12/19 23:40:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ed\IETldCache
    [2011/12/19 23:40:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ed\Favorites
    [2011/12/19 23:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Start Menu\Programs\StartUp
    [2011/12/19 23:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Desktop
    [2011/12/19 23:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Application Data\Microsoft
    [2011/12/19 23:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Start Menu
    [2011/12/19 23:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Local Settings\Application Data\Microsoft
    [2011/12/19 23:40:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ed\Cookies
    [2011/12/19 23:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Local Settings
    [2011/12/19 23:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Application Data
    [2011/12/18 16:22:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2011/12/05 21:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
    [2011/12/05 21:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
    [2011/12/05 21:18:05 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
    [2011/12/05 21:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations
    [2011/12/05 21:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
    [2011/12/05 21:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\HP
    [2011/12/01 00:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\PDFReader(2)

    ========== Files - Modified Within 30 Days ==========

    [2011/12/28 21:13:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ed\Desktop\OTL.exe
    [2011/12/28 20:50:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/12/28 20:43:38 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/12/28 20:43:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/12/28 20:40:14 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2011/12/28 20:40:09 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2011/12/28 20:33:01 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
    [2011/12/28 20:33:01 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2011/12/28 20:33:01 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
    [2011/12/28 20:32:49 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2011/12/28 20:32:23 | 061,375,936 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2011/12/28 20:32:23 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2011/12/28 19:59:54 | 004,354,974 | R--- | M] (Swearware) -- C:\Documents and Settings\Ed\Desktop\ComboFix.exe
    [2011/12/28 19:40:31 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\MBR.dat
    [2011/12/28 16:31:52 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2011/12/28 16:31:52 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2011/12/28 16:17:07 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\SystemLook.exe
    [2011/12/28 14:55:51 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
    [2011/12/28 00:22:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/12/27 23:16:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/12/27 17:33:44 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ed\Desktop\aswMBR.exe
    [2011/12/27 17:19:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/12/23 09:36:40 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ed\Desktop\tdsskiller.exe
    [2011/12/23 09:22:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/12/21 21:09:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Ed\Desktop\dds.scr
    [2011/12/21 17:28:41 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\md8hitcw.exe
    [2011/12/20 18:58:25 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/12/20 18:58:24 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2011/12/20 18:44:46 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Ed\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/12/19 21:44:05 | 000,433,224 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/12/19 21:44:05 | 000,068,076 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/12/18 18:07:46 | 000,016,924 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\iwsoqu7j4mhu4tjc5mlf2b630q1y
    [2011/12/18 17:42:27 | 000,114,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2011/12/28 20:33:01 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
    [2011/12/28 20:32:23 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2011/12/28 20:32:18 | 061,375,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2011/12/28 16:31:52 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2011/12/28 16:31:52 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2011/12/28 16:17:07 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Ed\Desktop\SystemLook.exe
    [2011/12/27 18:57:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/12/27 18:57:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/12/27 18:57:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/12/27 18:57:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/12/27 18:57:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/12/27 18:23:51 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Ed\Desktop\MBR.dat
    [2011/12/22 05:29:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/12/21 17:28:41 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Ed\Desktop\md8hitcw.exe
    [2011/12/20 18:58:25 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/12/20 18:58:25 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Ed\Start Menu\Programs\Internet Explorer.lnk
    [2011/12/20 18:58:24 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2011/12/20 18:58:13 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Ed\Start Menu\Programs\Windows Media Player.lnk
    [2011/12/20 18:58:06 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Ed\Start Menu\Programs\Outlook Express.lnk
    [2011/12/20 18:44:43 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Ed\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/12/19 23:51:17 | 001,815,498 | ---- | C] () -- C:\Documents and Settings\Ed\My Documents\haker-wall-clock.pdf
    [2011/12/19 23:51:17 | 001,742,354 | ---- | C] () -- C:\Documents and Settings\Ed\My Documents\LP-95Catalog[1].pdf
    [2011/12/19 23:51:17 | 000,313,175 | ---- | C] () -- C:\Documents and Settings\Ed\My Documents\villaware_food_strainer.pdf
    [2011/12/18 17:42:27 | 000,114,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/12/18 15:51:42 | 000,016,924 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\iwsoqu7j4mhu4tjc5mlf2b630q1y
    [2011/07/08 01:14:50 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2011/02/28 21:29:53 | 000,233,616 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-73586283-746137067-839522115-1004-0.dat
    [2011/02/28 21:29:52 | 000,105,722 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/02/04 21:11:32 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2010/12/21 19:07:25 | 000,018,012 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/05/31 14:01:38 | 000,000,052 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INIA
    [2009/07/09 09:47:24 | 000,000,114 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
    [2009/07/08 14:12:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2009/03/20 22:09:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/03/20 20:49:12 | 000,000,163 | ---- | C] () -- C:\WINDOWS\usrwiz.ini
    [2009/03/20 20:29:59 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
    [2009/03/20 20:19:05 | 000,000,465 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
    [2009/03/20 19:51:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2009/03/20 19:44:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2009/03/20 13:44:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/12/15 02:01:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamswissarmy(2).sys
    [2004/12/14 19:43:32 | 000,001,398 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\304740a6t017u215p041i7jpv2k3
    [2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2003/07/16 15:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2003/07/16 15:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2003/07/16 15:41:25 | 000,433,224 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2003/07/16 15:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2003/07/16 15:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2003/07/16 15:41:21 | 000,068,076 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2003/07/16 15:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2003/07/16 15:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2003/07/16 15:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2003/07/16 15:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2003/07/16 15:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

    ========== LOP Check ==========

    [2011/02/24 22:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2004/12/16 23:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2011/12/28 20:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2011/07/12 16:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Belkin
    [2010/12/14 06:03:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/02/04 21:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2011/12/20 19:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/03/30 18:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
    [2009/03/29 21:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/09/30 17:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/12/27 22:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed\Application Data\AVG9

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/03/20 19:46:46 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/03/20 20:45:55 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/02/23 23:52:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2009/03/20 23:02:13 | 000,000,135 | ---- | M] () -- C:\cclog.txt
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/12/28 20:24:07 | 000,010,457 | ---- | M] () -- C:\ComboFix.txt
    [2009/03/20 19:46:46 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2009/03/20 19:46:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/02/25 23:32:21 | 000,001,156 | ---- | M] () -- C:\ipconfig_all.txt
    [2011/02/24 22:30:13 | 000,020,386 | ---- | M] () -- C:\JavaRa.log
    [2009/03/20 19:46:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2009/03/20 20:42:07 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/03/21 15:39:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/12/28 20:43:16 | 2010,120,192 | -HS- | M] () -- C:\pagefile.sys
    [2011/12/23 09:44:39 | 000,047,552 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_23.12.2011_09.38.20_log.txt

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/03/20 19:46:25 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2009/03/20 13:42:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2009/03/20 13:42:54 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2009/03/20 13:42:54 | 000,401,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/03/21 15:44:35 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/12/20 18:58:24 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2011/12/20 18:58:24 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/12/27 17:33:44 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ed\Desktop\aswMBR.exe
    [2011/12/28 19:59:54 | 004,354,974 | R--- | M] (Swearware) -- C:\Documents and Settings\Ed\Desktop\ComboFix.exe
    [2011/12/21 17:28:41 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\md8hitcw.exe
    [2011/12/28 21:13:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ed\Desktop\OTL.exe
    [2011/12/28 16:17:07 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\SystemLook.exe
    [2011/12/23 09:36:40 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ed\Desktop\tdsskiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/12/20 18:58:24 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Ed\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/12/28 21:13:30 | 000,081,920 | -HS- | M] () -- C:\Documents and Settings\Ed\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2003/07/16 15:32:13 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2002/08/20 12:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2002/08/20 12:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2002/08/20 15:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
    [2003/07/16 15:38:45 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2003/07/16 15:38:46 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2003/07/16 15:40:43 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2002/08/20 12:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/07/17 11:41:06 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
     
  18. Mister Ed

    Mister Ed TS Rookie Topic Starter Posts: 70

    OTL Extras:
    OTL Extras logfile created on: 12/28/2011 9:16:04 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ed\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: | Country: | Language: | Date Format:

    1.25 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 55.73% Memory free
    2.98 Gb Paging File | 2.54 Gb Available in Paging File | 85.16% Paging File free
    Paging file location(s): C:\pagefile.sys 1917 1917 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.21 Gb Total Space | 10.05 Gb Free Space | 27.00% Space Free | Partition Type: NTFS
    Drive D: | 251.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: ED-NXAIBJWWPXN5 | User Name: Ed | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
    "{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
    "{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
    "{1B626AE0-EE88-4412-AAC0-FB21995A0C57}" = H&R Block Michigan 2009
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
    "{2DFC6D71-EBEC-4236-A13C-2E62307F4C3A}" = H&R Block Michigan 2010
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
    "{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8398852A-7B61-4808-8F58-D0A40D1B2CB6}" = AVG 2012
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
    "{97F4D62E-5AEB-4649-BABF-4712C6EF6845}" = DeductionPro 2009
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}" = Microsoft SQL Server System CLR Types
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{B692E59A-055C-43B7-BE0A-9C2FE0AB88B6}" = Microsoft SQL Server 2008 R2 Management Objects
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
    "{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
    "{DBB1F4ED-3212-4F58-A427-9C01DE4A24A5}_is1" = Uniblue SystemTweaker
    "{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AVG9Uninstall" = AVG 9.0
    "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
    "Canon MOV Decoder" = Canon MOV Decoder
    "Canon MOV Encoder" = Canon MOV Encoder
    "CCleaner" = CCleaner
    "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
    "DPP" = Canon Utilities Digital Photo Professional 3.10
    "EOS Sample Music" = Canon Utilities EOS Sample Music
    "EOS Utility" = Canon Utilities EOS Utility
    "EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "ieSpell" = ieSpell
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Picture Style Editor" = Canon Utilities Picture Style Editor
    "PROSet" = Intel(R) PRO Network Adapters and Drivers
    "Registry Mechanic_is1" = Registry Mechanic 10.0
    "VVMapping-Michigan_is1" = VVMapping - Michigan GPS Maps v2.0.0
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/28/2011 12:46:26 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 12/28/2011 12:49:17 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: A connection with the server could not be established

    Error - 12/28/2011 12:49:17 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 12/28/2011 12:49:17 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 12/28/2011 12:49:20 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 12/28/2011 6:34:12 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = Application Error | ID = 1000
    Description = Faulting application jusched.exe, version 2.0.3.1, faulting module
    user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

    Error - 12/28/2011 8:34:06 PM | Computer Name = ED-NXAIBJWWPXN5 | Source = Application Error | ID = 1000
    Description = Faulting application jusched.exe, version 2.0.3.1, faulting module
    user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

    Error - 12/28/2011 8:59:56 PM | Computer Name = ED-NXAIBJWWPXN5 | Source = Application Error | ID = 1000
    Description = Faulting application jusched.exe, version 2.0.3.1, faulting module
    user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

    Error - 12/28/2011 9:06:04 PM | Computer Name = ED-NXAIBJWWPXN5 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: A connection with the server could not be established

    Error - 12/28/2011 9:48:50 PM | Computer Name = ED-NXAIBJWWPXN5 | Source = Application Error | ID = 1000
    Description = Faulting application jusched.exe, version 2.0.3.1, faulting module
    user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

    [ System Events ]
    Error - 12/28/2011 1:35:54 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Workstation service which
    failed to start because of the following error: %%2

    Error - 12/28/2011 1:35:54 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = Service Control Manager | ID = 7023
    Description = The Workstation service terminated with the following error: %%2

    Error - 12/28/2011 1:35:54 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Workstation service which
    failed to start because of the following error: %%2

    Error - 12/28/2011 1:36:34 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = Service Control Manager | ID = 7023
    Description = The Workstation service terminated with the following error: %%2

    Error - 12/28/2011 1:36:34 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Workstation service which
    failed to start because of the following error: %%2

    Error - 12/28/2011 1:36:35 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = Service Control Manager | ID = 7023
    Description = The Workstation service terminated with the following error: %%2

    Error - 12/28/2011 1:36:35 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Workstation service which
    failed to start because of the following error: %%2

    Error - 12/28/2011 1:39:19 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = Service Control Manager | ID = 7023
    Description = The Workstation service terminated with the following error: %%2

    Error - 12/28/2011 1:39:19 AM | Computer Name = ED-NXAIBJWWPXN5 | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Workstation service which
    failed to start because of the following error: %%2

    Error - 12/28/2011 8:21:06 PM | Computer Name = ED-NXAIBJWWPXN5 | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.


    < End of report >
     
  19. Mister Ed

    Mister Ed TS Rookie Topic Starter Posts: 70

    Here is the pop-up I am getting when I start IE:---------------------------
    Internet Explorer - Search Provider Default
    ---------------------------
    A program on your computer has corrupted your default search provider setting for Internet Explorer. Internet Explorer has reset this setting to your original search provider, Google (www.google.com). Internet Explorer will now open Search Settings, where you can change this setting or install more search providers.
    ---------------------------
    OK
    ---------------------------

    And then, the "Manage add-ons pup-up appears".

    I have set and reset my default search provider.
     
  20. Broni

    Broni Malware Annihilator Posts: 47,594   +267

    Does it keep your settings now?

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- -- (PCToolsSSDMonitorSvc)
      O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2011/12/18 18:07:46 | 000,016,924 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\iwsoqu7j4mhu4tjc5mlf2b630q1y
      [2004/12/14 19:43:32 | 000,001,398 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\304740a6t017u215p041i7jpv2k3
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===========================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  21. Mister Ed

    Mister Ed TS Rookie Topic Starter Posts: 70

    I should have explained better. The setting stays at Google ... but the message comes up whenever I open a new IE session. I changed the default and changed it back to Google ... same thing.

    Will work on the other items tomorrow evening ... close to bed time now. ;-)
     
  22. Mister Ed

    Mister Ed TS Rookie Topic Starter Posts: 70

    Broni -
    OLT will not run. I passte in the code you have (I have it all, double checked) I click on Run Fix and it starts up. The message at the bottom is 'killing all processes' ... but it stays just like that forever (I actually let it sit for over an hour). Also had 'Not Responding" in the title bar at the top of the OLT screen. I haad to power down the computer to get it to reboot.
     
  23. Broni

    Broni Malware Annihilator Posts: 47,594   +267

    Delete your OTL file, download new one, disable your AV program and try again.
     
  24. Mister Ed

    Mister Ed TS Rookie Topic Starter Posts: 70

    Same result.
     
  25. Broni

    Broni Malware Annihilator Posts: 47,594   +267

    Run the fix from Safe Mode.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.