TechSpot

Diesel350 · #1 09-02-2010

I have run every anti-virus/cleaner/malware/spyware program on my computer but when I am opening up any programs my computer is still running extremely slow. I suspect I still may have a virus/trojan hidden somewhere.

Broni · #2 09-02-2010

Welcome aboard

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Diesel350 · #3 09-02-2010

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000b9c

Kernel Drivers (total 156):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7438000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7427000 pci.sys
0xF7487000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 aliide.sys
0xF798D000 cmdide.sys
0xF798F000 toside.sys
0xF7991000 viaide.sys
0xF7993000 intelide.sys
0xF7497000 MountMgr.sys
0xF7408000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7717000 pavboot.sys
0xF74A7000 VolSnap.sys
0xF789B000 cpqarray.sys
0xF73F0000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF73D8000 atapi.sys
0xF789F000 aha154x.sys
0xF771F000 sparrow.sys
0xF78A3000 symc810.sys
0xF74B7000 aic78xx.sys
0xF78A7000 dac960nt.sys
0xF74C7000 ql10wnt.sys
0xF78AB000 amsint.sys
0xF7727000 asc.sys
0xF78AF000 asc3550.sys
0xF772F000 mraid35x.sys
0xF7737000 i2omp.sys
0xF78B3000 ini910u.sys
0xF74D7000 ql1240.sys
0xF74E7000 aic78u2.sys
0xF773F000 symc8xx.sys
0xF7747000 sym_hi.sys
0xF774F000 sym_u3.sys
0xF7757000 ABP480N5.SYS
0xF775F000 asc3350p.sys
0xF7995000 cd20xrnt.sys
0xF74F7000 ultra.sys
0xF73BF000 adpu160m.sys
0xF7767000 dpti2o.sys
0xF7507000 ql1080.sys
0xF7517000 ql1280.sys
0xF7527000 ql12160.sys
0xF776F000 perc2.sys
0xF7997000 perc2hib.sys
0xF7777000 hpn.sys
0xF78B7000 cbidf2k.sys
0xF7393000 dac2w2k.sys
0xF7537000 disk.sys
0xF7547000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7373000 fltmgr.sys
0xF7361000 sr.sys
0xF7557000 Lbd.sys
0xF7567000 PxHelp20.sys
0xF734A000 KSecDD.sys
0xF72BD000 Ntfs.sys
0xF7290000 NDIS.sys
0xF7577000 sisagp.sys
0xF7587000 viaagp.sys
0xF777F000 nv_agp.sys
0xF7276000 Mup.sys
0xF7597000 agp440.sys
0xF75A7000 alim1541.sys
0xF75B7000 amdagp.sys
0xF75C7000 agpCPQ.sys
0xF7236000 \SystemRoot\system32\DRIVERS\amdk7.sys
0xF784F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF7121000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7857000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF710F000 \SystemRoot\system32\DRIVERS\NVENET.sys
0xF7226000 \SystemRoot\system32\drivers\nvax.sys
0xF70D9000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF70B6000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6FB7000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6F0F000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF785F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7216000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7206000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF71F6000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF797B000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF6B3F000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6B2B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF71E6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7867000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF786F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7AE1000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF71D6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF71B2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6A74000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7607000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7617000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7877000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6A63000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7627000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF787F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7887000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7637000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79B5000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6A05000 \SystemRoot\system32\DRIVERS\update.sys
0xF71A2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7647000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7657000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79B7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7161000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF79B9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B2D000 \SystemRoot\System32\Drivers\Null.SYS
0xF79BB000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7797000 \SystemRoot\System32\drivers\vga.sys
0xF79BD000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79BF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF779F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77A7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7159000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF581B000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF57C2000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF57A9000 \SystemRoot\System32\Drivers\avgtdix.sys
0xF5781000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7155000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF575F000 \SystemRoot\System32\drivers\afd.sys
0xF7687000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF5671000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF5646000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF55D6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF76B7000 \SystemRoot\System32\Drivers\Fips.SYS
0xF77B7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF77C7000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xF5535000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF7947000 \SystemRoot\system32\drivers\hpfxbulk.sys
0xF77D7000 \SystemRoot\system32\drivers\HPFXGEN.SYS
0xF7266000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xF794B000 \SystemRoot\system32\DRIVERS\Dot4Scan.sys
0xF794F000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF6B0B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF6AEB000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF69E9000 \SystemRoot\System32\drivers\Dxapi.sys
0xF781F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B40000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB9CEC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB9573000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB9638000 \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
0xB966C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB942C000 \SystemRoot\system32\DRIVERS\srv.sys
0xB8F63000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 39):
0 System Idle Process
4 System
528 C:\WINDOWS\system32\smss.exe
600 csrss.exe
624 C:\WINDOWS\system32\winlogon.exe
668 C:\WINDOWS\system32\services.exe
680 C:\WINDOWS\system32\lsass.exe
836 C:\WINDOWS\system32\svchost.exe
940 svchost.exe
1048 C:\WINDOWS\system32\svchost.exe
1140 svchost.exe
1292 svchost.exe
1600 C:\WINDOWS\system32\spoolsv.exe
1784 C:\WINDOWS\explorer.exe
1888 C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
396 svchost.exe
440 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
456 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
500 C:\Program Files\Java\jre6\bin\jqs.exe
560 C:\WINDOWS\system32\HPZipm12.exe
128 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
1040 C:\WINDOWS\system32\svchost.exe
1132 wdfmgr.exe
1208 C:\Program Files\Viewpoint\Common\ViewpointService.exe
1652 C:\Program Files\AVG\AVG8\avgrsx.exe
1896 C:\WINDOWS\SOUNDMAN.EXE
1968 C:\WINDOWS\system32\sstray.exe
1936 C:\WINDOWS\zHotkey.exe
176 C:\Program Files\Digital Media Reader\shwiconEM.exe
188 C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
196 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
1732 C:\PROGRA~1\AVG\AVG8\avgtray.exe
2140 alg.exe
2436 C:\Program Files\Mozilla Firefox\firefox.exe
2656 wmiprvse.exe
3680 C:\Program Files\Mozilla Firefox\plugin-container.exe
260 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
1440 C:\WINDOWS\system32\msiexec.exe
3960 C:\Documents and Settings\Tito Flaque\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800JB-00JJC0, Rev: 05.01C05

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 304A9F057B00D1A4CC32B9CE350DCE5B41B70AA7

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Diesel350 · #4 09-02-2010

ComboFix 10-09-01.04 - Tito Flaque 09/02/2010 19:18:09.6.1 - x86
Running from: c:\documents and settings\Tito Flaque\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\sstray.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))
.

2010-09-02 11:07 . 2010-09-02 11:08 -------- dc----w- C:\rsit
2010-08-31 10:51 . 2010-08-31 10:51 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-31 02:05 . 2010-08-31 02:05 63488 ----a-w- c:\documents and settings\Tito Flaque\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-31 02:05 . 2010-08-31 02:05 52224 ----a-w- c:\documents and settings\Tito Flaque\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-31 02:05 . 2010-08-31 02:05 117760 ----a-w- c:\documents and settings\Tito Flaque\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-31 02:04 . 2010-08-31 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-31 02:04 . 2010-08-31 02:04 -------- d-----w- c:\documents and settings\Tito Flaque\Application Data\SUPERAntiSpyware.com
2010-08-29 22:18 . 2010-08-29 22:18 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
2010-08-27 21:44 . 2010-08-27 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2010-08-27 01:24 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-26 22:18 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-26 22:18 . 2010-08-26 22:18 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-26 21:57 . 2010-08-27 10:49 -------- d-----w- c:\program files\Yahoo!
2010-08-26 21:57 . 2010-08-26 21:57 -------- d-----w- c:\documents and settings\Tito Flaque\Local Settings\Application Data\Sunbelt Software
2010-08-26 21:56 . 2010-08-26 21:56 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-08-26 21:56 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-08-26 11:12 . 2010-08-26 11:12 -------- d-----w- c:\documents and settings\Tito Flaque\Application Data\MSNInstaller
2010-08-26 02:46 . 2010-09-02 23:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-26 02:21 . 2010-08-26 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-08-26 01:40 . 2010-08-26 02:23 -------- d-----w- c:\documents and settings\Tito Flaque\Application Data\IObit
2010-08-26 01:40 . 2010-08-26 01:40 -------- d-----w- c:\program files\IObit
2010-08-25 23:27 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-08-25 23:27 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-25 23:26 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-08-25 23:26 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-08-25 23:25 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-08-25 23:23 . 2010-08-25 23:23 61440 ----a-w- c:\documents and settings\Tito Flaque\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-51efabff-n\decora-sse.dll
2010-08-25 23:23 . 2010-08-25 23:23 503808 ----a-w- c:\documents and settings\Tito Flaque\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-690d8d5e-n\msvcp71.dll
2010-08-25 23:23 . 2010-08-25 23:23 499712 ----a-w- c:\documents and settings\Tito Flaque\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-690d8d5e-n\jmc.dll
2010-08-25 23:23 . 2010-08-25 23:23 12800 ----a-w- c:\documents and settings\Tito Flaque\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-51efabff-n\decora-d3d.dll
2010-08-25 23:23 . 2010-08-25 23:23 348160 ----a-w- c:\documents and settings\Tito Flaque\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-690d8d5e-n\msvcr71.dll
2010-08-25 23:23 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-25 23:22 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-25 23:16 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 23:14 . 2009-06-13 20:42 -------- d-----w- c:\program files\TweakNow RegCleaner
2010-09-02 23:14 . 2009-06-13 20:42 -------- d-----w- c:\documents and settings\Tito Flaque\Application Data\TweakNow RegCleaner
2010-09-02 23:13 . 2008-07-07 21:06 -------- d-----w- c:\program files\Panda Security
2010-09-02 22:42 . 2009-03-24 11:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-02 11:08 . 2008-01-03 05:47 -------- d-----w- c:\program files\Trend Micro
2010-08-31 10:54 . 2008-01-17 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-31 02:01 . 2006-10-31 04:45 -------- d-----w- c:\documents and settings\Tito Flaque\Application Data\ImgBurn
2010-08-27 02:08 . 2009-05-09 15:12 -------- d-----w- c:\program files\Glary Utilities
2010-08-26 21:57 . 2006-12-04 15:44 -------- d--h--w- c:\documents and settings\Tito Flaque\Application Data\yahoo!
2010-08-26 21:57 . 2008-01-03 05:56 -------- d-----w- c:\program files\CCleaner
2010-08-26 11:05 . 2009-05-22 14:17 -------- d-----w- c:\documents and settings\Tito Flaque\Application Data\Malwarebytes
2010-08-26 00:45 . 2008-04-01 13:58 -------- d-----w- c:\program files\Citrix
2010-08-26 00:41 . 2004-10-07 14:41 -------- d-----w- c:\program files\BigFix
2010-08-25 23:21 . 2008-01-16 23:01 -------- d-----w- c:\program files\Java
2010-08-25 23:02 . 2008-06-05 12:15 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-25 23:02 . 2008-06-05 12:15 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-25 23:01 . 2008-01-05 01:09 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-30 12:31 . 2006-10-11 02:34 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2006-10-11 02:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2006-10-11 02:34 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-10-11 02:34 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-10-11 02:31 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2006-10-11 02:31 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2006-10-11 02:33 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 20:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"CHotkey"="zHotkey.exe" [2004-05-18 543232]
"ShowWnd"="ShowWnd.exe" [2003-09-19 36864]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-03-12 135168]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-02-02 45056]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-08-26 2048352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-08-25 23:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 01:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
2007-03-06 17:21 116224 ----a-w- c:\program files\eFax Messenger 4.3\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 18:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 16:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
2007-10-23 00:47 360448 ----a-w- c:\program files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 15:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 09:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CCALib8"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/26/2010 6:18 PM 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/5/2008 8:15 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/1/2009 7:03 AM 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/5/2009 4:52 PM 297752]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/29/2008 2:17 AM 24652]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 8:15 AM 15008]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\TITOFL~1\LOCALS~1\Temp\SuperAntiSpyware\S ASDIFSV.SYS --> c:\docume~1\TITOFL~1\LOCALS~1\Temp\SuperAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\TITOFL~1\LOCALS~1\Temp\SuperAntiSpyware\S ASKUTIL.SYS --> c:\docume~1\TITOFL~1\LOCALS~1\Temp\SuperAntiSpyware\SASKUTIL.SYS [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 8:15 AM 1355928]
S3 Second Backup Service;Second Backup Service;c:\program files\Second Backup\SecondBackup.exe [12/27/2007 1:22 AM 1744896]
.
Contents of the 'Scheduled Tasks' folder

2010-09-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 22:47]

2009-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2010-09-02 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-05-09 15:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.pandasoftware.com/activescan/activescan/navegador.asp?IdLang=2&Idvendor=17490&Idpais=63
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} - hxxps://widow1.factualdata.com/ocx/print3.ocx
FF - ProfilePath - c:\documents and settings\Tito Flaque\Application Data\Mozilla\Firefox\Profiles\omxp4o59.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - www.usatoday.com
FF - plugin: c:\documents and settings\Tito Flaque\Application Data\Mozilla\Firefox\Profiles\omxp4o59.default\extensions\moveplayer@movene tworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-nForce Tray Options - sstray.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-02 19:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2010-09-02 19:29:18
ComboFix-quarantined-files.txt 2010-09-02 23:29
ComboFix2.txt 2009-01-25 03:27
ComboFix3.txt 2008-07-11 14:06

Pre-Run: 44,948,844,544 bytes free
Post-Run: 45,234,257,920 bytes free

- - End Of File - - 63655F44E6248D555A37622055E47E65

Broni · #5 09-02-2010

MBR seems to be infected...

Run MBRCheck again.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Press the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 0 (zero) and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 1 for Windows XP, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then reboot, run MBRCheck again and post new log.

Diesel350 · #6 09-03-2010

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000b9c

Kernel Drivers (total 155):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7438000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7427000 pci.sys
0xF7487000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 aliide.sys
0xF798D000 cmdide.sys
0xF798F000 toside.sys
0xF7991000 viaide.sys
0xF7993000 intelide.sys
0xF7497000 MountMgr.sys
0xF7408000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF74A7000 VolSnap.sys
0xF789B000 cpqarray.sys
0xF73F0000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF73D8000 atapi.sys
0xF789F000 aha154x.sys
0xF7717000 sparrow.sys
0xF78A3000 symc810.sys
0xF74B7000 aic78xx.sys
0xF78A7000 dac960nt.sys
0xF74C7000 ql10wnt.sys
0xF78AB000 amsint.sys
0xF771F000 asc.sys
0xF78AF000 asc3550.sys
0xF7727000 mraid35x.sys
0xF772F000 i2omp.sys
0xF78B3000 ini910u.sys
0xF74D7000 ql1240.sys
0xF74E7000 aic78u2.sys
0xF7737000 symc8xx.sys
0xF773F000 sym_hi.sys
0xF7747000 sym_u3.sys
0xF774F000 ABP480N5.SYS
0xF7757000 asc3350p.sys
0xF7995000 cd20xrnt.sys
0xF74F7000 ultra.sys
0xF73BF000 adpu160m.sys
0xF775F000 dpti2o.sys
0xF7507000 ql1080.sys
0xF7517000 ql1280.sys
0xF7527000 ql12160.sys
0xF7767000 perc2.sys
0xF7997000 perc2hib.sys
0xF776F000 hpn.sys
0xF78B7000 cbidf2k.sys
0xF7393000 dac2w2k.sys
0xF7537000 disk.sys
0xF7547000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7373000 fltmgr.sys
0xF7361000 sr.sys
0xF7557000 Lbd.sys
0xF7567000 PxHelp20.sys
0xF734A000 KSecDD.sys
0xF72BD000 Ntfs.sys
0xF7290000 NDIS.sys
0xF7577000 sisagp.sys
0xF7587000 viaagp.sys
0xF7777000 nv_agp.sys
0xF7276000 Mup.sys
0xF7597000 agp440.sys
0xF75A7000 alim1541.sys
0xF75B7000 amdagp.sys
0xF75C7000 agpCPQ.sys
0xF7216000 \SystemRoot\system32\DRIVERS\amdk7.sys
0xF785F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6D85000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7867000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6D73000 \SystemRoot\system32\DRIVERS\NVENET.sys
0xF7206000 \SystemRoot\system32\drivers\nvax.sys
0xF6D3D000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF6D1A000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6C1B000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6B73000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF786F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF71F6000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF71E6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF71D6000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF797B000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF67A3000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF678F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7607000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7877000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF787F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7ADD000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7617000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF71B2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6778000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7627000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7637000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7887000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6767000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7647000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF788F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF778F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7657000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79B1000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6709000 \SystemRoot\system32\DRIVERS\update.sys
0xF71A2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7667000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7677000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79B3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF715D000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF79B5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B2D000 \SystemRoot\System32\Drivers\Null.SYS
0xF79B7000 \SystemRoot\System32\Drivers\Beep.SYS
0xF779F000 \SystemRoot\System32\drivers\vga.sys
0xF79B9000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79BB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77A7000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77AF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7155000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF551F000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF54C6000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF54AD000 \SystemRoot\System32\Drivers\avgtdix.sys
0xF5485000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7151000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF543B000 \SystemRoot\System32\drivers\afd.sys
0xF6E39000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF5370000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF5300000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF6E09000 \SystemRoot\System32\Drivers\Fips.SYS
0xF52DA000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF77C7000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xF5239000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF794B000 \SystemRoot\system32\drivers\hpfxbulk.sys
0xF77D7000 \SystemRoot\system32\drivers\HPFXGEN.SYS
0xF6DB9000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xF794F000 \SystemRoot\system32\DRIVERS\Dot4Scan.sys
0xF7953000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF76B7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF76E7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF66E5000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7817000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B5C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA5EC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB9E4B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB9F38000 \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
0xB9EB8000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB9C3C000 \SystemRoot\system32\DRIVERS\srv.sys
0xB9773000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 41):
0 System Idle Process
4 System
528 C:\WINDOWS\system32\smss.exe
600 csrss.exe
624 C:\WINDOWS\system32\winlogon.exe
668 C:\WINDOWS\system32\services.exe
680 C:\WINDOWS\system32\lsass.exe
828 C:\WINDOWS\system32\svchost.exe
940 svchost.exe
1052 C:\WINDOWS\system32\svchost.exe
1148 svchost.exe
1300 svchost.exe
1360 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1628 C:\WINDOWS\explorer.exe
1664 C:\WINDOWS\system32\spoolsv.exe
400 svchost.exe
440 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
452 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
512 C:\Program Files\Java\jre6\bin\jqs.exe
644 C:\WINDOWS\system32\HPZipm12.exe
856 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
996 C:\WINDOWS\system32\svchost.exe
1116 wdfmgr.exe
1208 C:\Program Files\Viewpoint\Common\ViewpointService.exe
1484 C:\Program Files\AVG\AVG8\avgrsx.exe
1504 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
1812 C:\WINDOWS\SOUNDMAN.EXE
1828 C:\WINDOWS\zHotkey.exe
1900 C:\Program Files\Digital Media Reader\shwiconEM.exe
1792 C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
1924 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
1960 C:\PROGRA~1\AVG\AVG8\avgtray.exe
1660 unsecapp.exe
1720 wmiprvse.exe
2060 C:\Program Files\Mozilla Firefox\firefox.exe
2360 alg.exe
2816 wmiprvse.exe
3616 C:\Program Files\Mozilla Firefox\plugin-container.exe
4052 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
3864 C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
1020 C:\Documents and Settings\Tito Flaque\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800JB-00JJC0, Rev: 05.01C05

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 304A9F057B00D1A4CC32B9CE350DCE5B41B70AA7

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.

Done!

Diesel350 · #7 09-03-2010

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000b9c

Kernel Drivers (total 155):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7438000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7427000 pci.sys
0xF7487000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 aliide.sys
0xF798D000 cmdide.sys
0xF798F000 toside.sys
0xF7991000 viaide.sys
0xF7993000 intelide.sys
0xF7497000 MountMgr.sys
0xF7408000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF74A7000 VolSnap.sys
0xF789B000 cpqarray.sys
0xF73F0000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF73D8000 atapi.sys
0xF789F000 aha154x.sys
0xF7717000 sparrow.sys
0xF78A3000 symc810.sys
0xF74B7000 aic78xx.sys
0xF78A7000 dac960nt.sys
0xF74C7000 ql10wnt.sys
0xF78AB000 amsint.sys
0xF771F000 asc.sys
0xF78AF000 asc3550.sys
0xF7727000 mraid35x.sys
0xF772F000 i2omp.sys
0xF78B3000 ini910u.sys
0xF74D7000 ql1240.sys
0xF74E7000 aic78u2.sys
0xF7737000 symc8xx.sys
0xF773F000 sym_hi.sys
0xF7747000 sym_u3.sys
0xF774F000 ABP480N5.SYS
0xF7757000 asc3350p.sys
0xF7995000 cd20xrnt.sys
0xF74F7000 ultra.sys
0xF73BF000 adpu160m.sys
0xF775F000 dpti2o.sys
0xF7507000 ql1080.sys
0xF7517000 ql1280.sys
0xF7527000 ql12160.sys
0xF7767000 perc2.sys
0xF7997000 perc2hib.sys
0xF776F000 hpn.sys
0xF78B7000 cbidf2k.sys
0xF7393000 dac2w2k.sys
0xF7537000 disk.sys
0xF7547000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7373000 fltmgr.sys
0xF7361000 sr.sys
0xF7557000 Lbd.sys
0xF7567000 PxHelp20.sys
0xF734A000 KSecDD.sys
0xF72BD000 Ntfs.sys
0xF7290000 NDIS.sys
0xF7577000 sisagp.sys
0xF7587000 viaagp.sys
0xF7777000 nv_agp.sys
0xF7276000 Mup.sys
0xF7597000 agp440.sys
0xF75A7000 alim1541.sys
0xF75B7000 amdagp.sys
0xF75C7000 agpCPQ.sys
0xF7206000 \SystemRoot\system32\DRIVERS\amdk7.sys
0xF7857000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF69A3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF785F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6991000 \SystemRoot\system32\DRIVERS\NVENET.sys
0xF71F6000 \SystemRoot\system32\drivers\nvax.sys
0xF695B000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF6938000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6839000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6791000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7867000 \SystemRoot\System32\Drivers\Modem.SYS
0xF71E6000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF71D6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6A57000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7977000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF63C1000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF63AD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6A47000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF786F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7877000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7AF0000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF6A37000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7983000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6396000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6A27000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6A17000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF787F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6385000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6A07000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7887000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF788F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF69F7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79B1000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6327000 \SystemRoot\system32\DRIVERS\update.sys
0xF71A6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF69E7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF69D7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79B3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7165000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF79B5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B40000 \SystemRoot\System32\Drivers\Null.SYS
0xF79B7000 \SystemRoot\System32\Drivers\Beep.SYS
0xF779F000 \SystemRoot\System32\drivers\vga.sys
0xF79B9000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79BB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77A7000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77AF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF715D000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF513D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF50E4000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF50CB000 \SystemRoot\System32\Drivers\avgtdix.sys
0xF50A3000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7159000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF5081000 \SystemRoot\System32\drivers\afd.sys
0xF7617000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF4FB6000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF4F1E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7647000 \SystemRoot\System32\Drivers\Fips.SYS
0xF4EF8000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF77CF000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF4A0C000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF7943000 \SystemRoot\system32\drivers\hpfxbulk.sys
0xF77DF000 \SystemRoot\system32\drivers\HPFXGEN.SYS
0xF76A7000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xF7947000 \SystemRoot\system32\DRIVERS\Dot4Scan.sys
0xF794B000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF76D7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF76F7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF630B000 \SystemRoot\System32\drivers\Dxapi.sys
0xF781F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B50000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA5EC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB9E4B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB9F38000 \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
0xB9EB4000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB9D04000 \SystemRoot\system32\DRIVERS\srv.sys
0xB983B000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 41):
0 System Idle Process
4 System
528 C:\WINDOWS\system32\smss.exe
600 csrss.exe
624 C:\WINDOWS\system32\winlogon.exe
668 C:\WINDOWS\system32\services.exe
680 C:\WINDOWS\system32\lsass.exe
836 C:\WINDOWS\system32\svchost.exe
940 svchost.exe
1048 C:\WINDOWS\system32\svchost.exe
1140 svchost.exe
1292 svchost.exe
1348 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1628 C:\WINDOWS\explorer.exe
1668 C:\WINDOWS\system32\spoolsv.exe
404 svchost.exe
444 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
456 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
496 C:\Program Files\Java\jre6\bin\jqs.exe
560 C:\WINDOWS\system32\HPZipm12.exe
592 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
1012 C:\WINDOWS\system32\svchost.exe
1104 wdfmgr.exe
1256 C:\Program Files\Viewpoint\Common\ViewpointService.exe
1588 C:\Program Files\AVG\AVG8\avgrsx.exe
1596 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
1952 C:\WINDOWS\SOUNDMAN.EXE
1996 C:\WINDOWS\zHotkey.exe
2012 C:\Program Files\Digital Media Reader\shwiconEM.exe
2024 C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
2032 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
204 C:\PROGRA~1\AVG\AVG8\avgtray.exe
312 C:\WINDOWS\system32\wuauclt.exe
1368 unsecapp.exe
2180 wmiprvse.exe
2196 alg.exe
2680 wmiprvse.exe
2724 C:\Program Files\Mozilla Firefox\firefox.exe
3480 C:\Program Files\Mozilla Firefox\plugin-container.exe
4044 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
1608 C:\Documents and Settings\Tito Flaque\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800JB-00JJC0, Rev: 05.01C05

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 304A9F057B00D1A4CC32B9CE350DCE5B41B70AA7

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Broni · #8 09-03-2010

Our fix didn't work, so we have to use different way....

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.
Double click on NTBR_CD.exe file and a folder of the same name will appear.
Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.
Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
Read the warning and then continue as prompted.
You first need to select your keyboard layout - press Enter for English.
Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
On the following screen enter 5 to select Install Standard MBR code.
Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
When asked to confirm please do so.
Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

Diesel350 · #9 09-03-2010

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000b9c

Kernel Drivers (total 155):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7438000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7427000 pci.sys
0xF7487000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 aliide.sys
0xF798D000 cmdide.sys
0xF798F000 toside.sys
0xF7991000 viaide.sys
0xF7993000 intelide.sys
0xF7497000 MountMgr.sys
0xF7408000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF74A7000 VolSnap.sys
0xF789B000 cpqarray.sys
0xF73F0000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF73D8000 atapi.sys
0xF789F000 aha154x.sys
0xF7717000 sparrow.sys
0xF78A3000 symc810.sys
0xF74B7000 aic78xx.sys
0xF78A7000 dac960nt.sys
0xF74C7000 ql10wnt.sys
0xF78AB000 amsint.sys
0xF771F000 asc.sys
0xF78AF000 asc3550.sys
0xF7727000 mraid35x.sys
0xF772F000 i2omp.sys
0xF78B3000 ini910u.sys
0xF74D7000 ql1240.sys
0xF74E7000 aic78u2.sys
0xF7737000 symc8xx.sys
0xF773F000 sym_hi.sys
0xF7747000 sym_u3.sys
0xF774F000 ABP480N5.SYS
0xF7757000 asc3350p.sys
0xF7995000 cd20xrnt.sys
0xF74F7000 ultra.sys
0xF73BF000 adpu160m.sys
0xF775F000 dpti2o.sys
0xF7507000 ql1080.sys
0xF7517000 ql1280.sys
0xF7527000 ql12160.sys
0xF7767000 perc2.sys
0xF7997000 perc2hib.sys
0xF776F000 hpn.sys
0xF78B7000 cbidf2k.sys
0xF7393000 dac2w2k.sys
0xF7537000 disk.sys
0xF7547000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7373000 fltmgr.sys
0xF7361000 sr.sys
0xF7557000 Lbd.sys
0xF7567000 PxHelp20.sys
0xF734A000 KSecDD.sys
0xF72BD000 Ntfs.sys
0xF7290000 NDIS.sys
0xF7577000 sisagp.sys
0xF7587000 viaagp.sys
0xF7777000 nv_agp.sys
0xF7276000 Mup.sys
0xF7597000 agp440.sys
0xF75A7000 alim1541.sys
0xF75B7000 amdagp.sys
0xF75C7000 agpCPQ.sys
0xF7206000 \SystemRoot\system32\DRIVERS\amdk7.sys
0xF7857000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6A40000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF785F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6A2E000 \SystemRoot\system32\DRIVERS\NVENET.sys
0xF71F6000 \SystemRoot\system32\drivers\nvax.sys
0xF69F8000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF69D5000 \SystemRoot\system32\DRIVERS\ks.sys
0xF68D6000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF682E000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7867000 \SystemRoot\System32\Drivers\Modem.SYS
0xF71E6000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF71D6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6AF4000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7977000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF645E000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF644A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6AE4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF786F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7877000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7AE9000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF6AD4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7983000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6433000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6AC4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6AB4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF787F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6422000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6AA4000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7887000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF788F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6A94000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79B1000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF63C4000 \SystemRoot\system32\DRIVERS\update.sys
0xF71A6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6A84000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF6A74000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79B3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7161000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF79B5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B38000 \SystemRoot\System32\Drivers\Null.SYS
0xF79B7000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7797000 \SystemRoot\System32\drivers\vga.sys
0xF79B9000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79BB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF779F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77A7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7159000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF51DA000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF5181000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF5168000 \SystemRoot\System32\Drivers\avgtdix.sys
0xF5140000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7155000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF50F6000 \SystemRoot\System32\drivers\afd.sys
0xF7617000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF502B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF4FBB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7647000 \SystemRoot\System32\Drivers\Fips.SYS
0xF4F95000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF77AF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF77B7000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xF4F44000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF7947000 \SystemRoot\system32\drivers\hpfxbulk.sys
0xF77CF000 \SystemRoot\system32\drivers\HPFXGEN.SYS
0xF7697000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xF794B000 \SystemRoot\system32\DRIVERS\Dot4Scan.sys
0xF794F000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF76C7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF76F7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF63A8000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7817000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B45000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA5F0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB9E4B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB9F08000 \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
0xB9EB4000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB9C3C000 \SystemRoot\system32\DRIVERS\srv.sys
0xB9863000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 41):
0 System Idle Process
4 System
528 C:\WINDOWS\system32\smss.exe
600 csrss.exe
624 C:\WINDOWS\system32\winlogon.exe
668 C:\WINDOWS\system32\services.exe
680 C:\WINDOWS\system32\lsass.exe
836 C:\WINDOWS\system32\svchost.exe
936 svchost.exe
1048 C:\WINDOWS\system32\svchost.exe
1148 svchost.exe
1300 svchost.exe
1364 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1620 C:\WINDOWS\explorer.exe
1656 C:\WINDOWS\system32\spoolsv.exe
392 svchost.exe
436 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
448 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
508 C:\Program Files\Java\jre6\bin\jqs.exe
592 C:\WINDOWS\system32\HPZipm12.exe
808 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
844 C:\WINDOWS\system32\svchost.exe
1132 wdfmgr.exe
1208 C:\Program Files\Viewpoint\Common\ViewpointService.exe
1512 C:\Program Files\AVG\AVG8\avgrsx.exe
1504 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
1608 C:\WINDOWS\SOUNDMAN.EXE
1908 C:\WINDOWS\zHotkey.exe
1900 C:\Program Files\Digital Media Reader\shwiconEM.exe
1952 C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
1980 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
1988 C:\PROGRA~1\AVG\AVG8\avgtray.exe
904 C:\WINDOWS\system32\wuauclt.exe
596 unsecapp.exe
2280 alg.exe
2284 wmiprvse.exe
2688 C:\Program Files\Mozilla Firefox\firefox.exe
2772 wmiprvse.exe
3668 C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
3696 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
3756 C:\Documents and Settings\Tito Flaque\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800JB-00JJC0, Rev: 05.01C05

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Broni · #10 09-03-2010

Excellent!
Good job

Please, re-run Combofix and post fresh log.

Diesel350 · #11 09-04-2010

Attached .....

Broni · #12 09-04-2010

Please, uninstall TweakNow RegCleaner.
Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/...eaking_13.html

=========================================================================

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

======================================================================

Combofix log looks good

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Diesel350 · #13 09-04-2010

Yes seems to be running better.

OTL Extras logfile created on: 9/4/2010 6:56:53 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Tito Flaque\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 201.00 Mb Available Physical Memory | 45.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 42.10 Gb Free Space | 56.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TITO
Current User Name: Tito Flaque
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Backup This Folder] -- C:\Program Files\Second Backup\SecondBackup.exe %1..MBAUP (EPC)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiSpywareOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet

isabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet

isabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet

isabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet

isabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*

isabled:Orb -- (Orb Networks)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01ADCC5D-45B4-45E4-AC5C-C06E044B16DF}" = hppIOFiles
"{07CEBBBD-E6EF-4265-BC65-777BD5C1FCD7}" = Point
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EF45FEA-E3C1-4660-854A-810C1BA169E2}" = hppLJ3390
"{173D5E9E-8ABC-4EB2-B371-18AF8812A91D}" = hppFaxUtility
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366E24C6-9097-4F63-BF42-3F3EF356A960}" = Photosynth 2.0.1519.16
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{44AFC504-45DA-4308-95B7-AA46AEF6AC79}" = Photo Uploader
"{4D82392D-AF90-4159-9A14-887BBC835191}" = hpp3390usg
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{606E5C0D-6039-42A7-988E-9D51DE773AFF}" = hppFonts
"{663D8AAF-CB71-4056-8C60-1D85BC576C6E}" = hppTooCool
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8B677453-F9D2-4387-B030-E669B28B8A08}" = hppToolBoxFX
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{993CD8D4-AED6-45E2-8AA5-D7DFAA60DE6F}" = hppScanTo
"{A0B42136-C813-4FB4-84A1-C41E6F12410B}" = hppSendFax
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5A93185-26A8-4F02-B021-D6E6A4396441}" = hppManuals3390
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B3076A28-345A-4d89-90A3-B68866C0DFB8}" = eFax Messenger 4.3
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3621EAA-00D6-4791-97BF-7E8EE3437BF2}" = Visualizer Photo Resize
"{D5E31EEE-CD8A-4E01-87F1-119C4A3201FD}" = hppscan3390
"{DB7F1657-6164-40AE-8A94-8F785C0C3E3F}" = hppFaxDrv3390
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E94E150C-762B-4cd1-8A54-7228A07C0710}" = HP LaserJet 3050/3052/3055/3390/3392 2.0
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F05E2B98-DA04-4FFA-8D08-DA218E6A2B47}" = Point
"{F2270CE2-0373-4D39-8783-2F1542B7D310}" = hpzTLBXFX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F751F153-0D23-4ED5-85D5-BAE46893D1F9}" = Point
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FE3F3C9B-2C29-4FEE-A74F-11E436729F2C}" = Scan
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Auto_Files_Backup_System_2005.12" = Second Backup 9.8.15
"AVG8Uninstall" = AVG 8.5
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"CSCLIB" = Canon Camera Support Core Library
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab HD Decrypter 4_is1" = DVDFab HD Decrypter 4.1.2.0
"EOS Utility" = Canon Utilities EOS Utility
"Glary Utilities_is1" = Glary Utilities 2.27.0.982
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn (Remove Only)
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Orb" = Winamp Remote
"PhotoStitch" = Canon Utilities PhotoStitch
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Streamripper.Plugin" = Streamripper Plugin 1.62.2 (Remove only)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SystemRequirementsLab" = System Requirements Lab
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 6/30/2009 7:08:12 PM | Computer Name = TITO | Source = MsiInstaller | ID = 11706
Description = Product: Scan -- Error 1706.No valid source could be found for product
Scan. The Windows Installer cannot continue.

Error - 6/30/2009 7:09:05 PM | Computer Name = TITO | Source = MsiInstaller | ID = 11706
Description = Product: Scan -- Error 1706.No valid source could be found for product
Scan. The Windows Installer cannot continue.

Error - 6/30/2009 7:09:49 PM | Computer Name = TITO | Source = MsiInstaller | ID = 11706
Description = Product: Scan -- Error 1706.No valid source could be found for product
Scan. The Windows Installer cannot continue.

Error - 8/25/2010 7:10:37 PM | Computer Name = TITO | Source = MsiInstaller | ID = 11500
Description = Product: Java(TM) 6 Update 21 -- Error 1500.Another installation is
in progress. You must complete that installation before continuing this one.

Error - 8/25/2010 7:10:39 PM | Computer Name = TITO | Source = MsiInstaller | ID = 11500
Description = Product: Java(TM) 6 Update 21 -- Error 1500.Another installation is
in progress. You must complete that installation before continuing this one.

Error - 8/25/2010 7:10:42 PM | Computer Name = TITO | Source = MsiInstaller | ID = 11500
Description = Product: Java(TM) 6 Update 21 -- Error 1500.Another installation is
in progress. You must complete that installation before continuing this one.

Error - 8/25/2010 7:10:56 PM | Computer Name = TITO | Source = MsiInstaller | ID = 11500
Description = Product: Java(TM) 6 Update 21 -- Error 1500.Another installation is
in progress. You must complete that installation before continuing this one.

Error - 8/25/2010 7:15:45 PM | Computer Name = TITO | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb979909,
P2 1033, P3 1618, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 8/25/2010 7:22:48 PM | Computer Name = TITO | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb976576,
P2 1033, P3 1618, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 8/26/2010 5:57:12 PM | Computer Name = TITO | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

[ System Events ]
Error - 9/3/2010 6:55:59 AM | Computer Name = TITO | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 9/3/2010 6:55:59 AM | Computer Name = TITO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl SASDIFSV

Error - 9/3/2010 2:56:30 PM | Computer Name = TITO | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 9/3/2010 2:56:30 PM | Computer Name = TITO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl SASDIFSV

Error - 9/3/2010 8:24:29 PM | Computer Name = TITO | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 9/3/2010 8:24:29 PM | Computer Name = TITO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl SASDIFSV

Error - 9/4/2010 11:24:00 AM | Computer Name = TITO | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 9/4/2010 11:24:00 AM | Computer Name = TITO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl SASDIFSV

Error - 9/4/2010 6:53:38 PM | Computer Name = TITO | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 9/4/2010 6:53:38 PM | Computer Name = TITO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl SASDIFSV

< End of report >

Diesel350 · #14 09-04-2010

OTL logfile created on: 9/4/2010 6:56:53 PM - Run 1

Broni · #15 09-04-2010

Good

Your computer would greatly benefit from adding another 512MB of RAM.

==========================================================================

We need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

======================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)
[10 C:\Documents and Settings\Tito Flaque\My Documents\*.tmp files -> C:\Documents and Settings\Tito Flaque\My Documents\*.tmp -> ]
[2008/01/17 00:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2008/01/17 01:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/09/04 17:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/08/09 21:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tito Flaque\Application Data\Uniblue


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

Disable your active antivirus program.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
- Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Diesel350 · #16 09-04-2010

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Sep 04 22:34:46 2010

Found and removed: C:\Program Files\Java\jre1.6.0_04

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: C:\Documents and Settings\Tito Flaque\Application Data\Sun\Java\jre1.6.0_04

Found and removed: C:\Documents and Settings\Tito Flaque\Application Data\Sun\Java\jre1.6.0_11

Found and removed: C:\Documents and Settings\Tito Flaque\Application Data\Sun\Java\jre1.6.0_12

Found and removed: C:\Documents and Settings\Tito Flaque\Application Data\Sun\Java\jre1.6.0_13

Found and removed: C:\Documents and Settings\Tito Flaque\Application Data\Sun\Java\jre1.6.0_14

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Classes\JavaPlugin.160_04

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\Classes\JavaPlugin.160_07

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_04

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_04

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331 866D117AB7000B0D610004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331 866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331 866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160040}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: Software\Classes\JavaPlugin.142

Found and removed: Software\Classes\JavaPlugin.160_04

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\JavaPlugin.160_07

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_04\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_04\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_07

Found and removed: Software\JavaSoft\Java2D\1.6.0_04

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_07

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_04

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_04.b12\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Sep 04 22:39:57 2010

------------------------------------

Finished reporting.

Diesel350 · #17 09-04-2010

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\*{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\Tito Flaque\My Documents\~WRL0180.tmp deleted successfully.
C:\Documents and Settings\Tito Flaque\My Documents\~WRL0356.tmp deleted successfully.
C:\Documents and Settings\Tito Flaque\My Documents\~WRL0575.tmp deleted successfully.
C:\Documents and Settings\Tito Flaque\My Documents\~WRL0803.tmp deleted successfully.
C:\Documents and Settings\Tito Flaque\My Documents\~WRL1355.tmp deleted successfully.
C:\Documents and Settings\Tito Flaque\My Documents\~WRL1393.tmp deleted successfully.
C:\Documents and Settings\Tito Flaque\My Documents\~WRL1497.tmp deleted successfully.
C:\Documents and Settings\Tito Flaque\My Documents\~WRL1905.tmp deleted successfully.
C:\Documents and Settings\Tito Flaque\My Documents\~WRL3395.tmp deleted successfully.
C:\Documents and Settings\Tito Flaque\My Documents\~WRL3881.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\SITEguard folder moved successfully.
C:\Documents and Settings\All Users\Application Data\STOPzilla!\Quarantine folder moved successfully.
C:\Documents and Settings\All Users\Application Data\STOPzilla! folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\Tito Flaque\Application Data\Uniblue\Registry Booster2 folder moved successfully.
C:\Documents and Settings\Tito Flaque\Application Data\Uniblue folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Nelly
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 7669160 bytes
->FireFox cache emptied: 17447955 bytes
->Flash cache emptied: 895 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

User: Tito Flaque
->Temp folder emptied: 992147 bytes
->Temporary Internet Files folder emptied: 65670 bytes
->Java cache emptied: 136941 bytes
->FireFox cache emptied: 99338347 bytes
->Flash cache emptied: 5549 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 354 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2725118 bytes

Total Files Cleaned = 123.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: LogMeInRemoteUser

User: Nelly
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner

User: Tito Flaque
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.11.0 log created on 09042010_224228

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Diesel350 · #18 09-04-2010

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 7 [color=red]Out of date![/color]
[color=red]Error creating install.txt after 3 tries! Trying alternate method...[/color]
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 8.5
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
CCleaner
Java(TM) 6 Update 21
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3.4
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
[color=red]Ad-Aware AAWService.exe is disabled![/color]
[color=red]Ad-Aware AAWTray.exe is disabled![/color]
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:
[color=red]Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)[/color]

``````````End of Log````````````

Broni · #19 09-05-2010

All good, so far

Diesel350 · #20 09-05-2010

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, September 5, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, September 05, 2010 13:23:41
Records in database: 4191893
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
H:\
I:\
J:\
L:\

Scan statistics:
Objects scanned: 90977
Threats found: 2
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 04:12:35

File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\Agent.OMZ.Fix.exe.vir Infected: Worm.Win32.AutoRun.bdea 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\IEDFix.exe.vir Infected: Hoax.Win32.Renos.vcef 1
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP353\A0040322.exe Infected: Worm.Win32.AutoRun.bdea 1
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP353\A0040325.exe Infected: Hoax.Win32.Renos.vcef 1

Selected area has been scanned.

Similar Topics
Topic	Replies	Forum
Desktop icons don't load, programs run slowly	1	Virus and Malware Removal
Programs opening slow	4	Windows OS
Problems opening programs in Win XP	17	Virus and Malware Removal
Programs and files (rar and zip) open very slowly	1	Windows OS
Word (office xp) opening very slowly!	13	Software Apps

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

TechSpot

Programs opening up very slowly

Follow TechSpot

Subscribe to our Newsletter