Solved My other computer is infected with the system check virus

[signofzeta]

I can't download any files for my desktop computer, and my laptop computer is in a cleaning process right now, so I can't do the preliminary steps with malwarebytes, GMER and DDS.

If I want to use a thumbdrive to get malwarebytes, GMER and DDS into my really infected machine from my less infected machine, does the infection spread into my thumbdrive and thus infect the cleaner machine?

What should I do?

 

[Broni]

Wait until your laptop is clean.

 

[signofzeta]

I might be able to get malwarebytes, GMER, and DDS from the school computers, and save it onto the thumb drive, as a temporary means before the laptop is clean, so give me instruction on how to run these programs on the infected desktop PC, because as I observe, I couldn't run any programs on my infected machine, so there must be a way to run those 3 programs differently. I don't think I could access the thumb drive even if I wanted to.

Of course, the cleanup procedure wouldn't be as fast, as I can only bring in a few of the programs that you would probably tell me to run, from school, I mean, download the programs from the school computer and save it to my 512MB thumbdrive, in which I hope that the downloads aren't that huge. It also means that I would probably be sending in a response once a day until my laptop is clean.

 

[signofzeta]

I now have malwarebytes installer, GMER and DDS on a thumbdrive, downloaded from a clean computer. How do I run these programs, knowing that the System Check Virus won't allow me to run them?

 

[Broni]

See if you can run any of them from safe mode.

 

[signofzeta]

In safe mode, the desktop shortcuts and everything in the start menu is missing, other than logoff and shutdown. When I ctrl alt del, the task manager is greyed out. Because of that, I don't think I can access anything in my hard drive, thumb drive, or any other drive.

What should I do?

 

[Broni]

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

• When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
• Reboot your system using the boot CD you just created.
  • Note : If you do not know how to set your computer to boot from CD follow the steps here
• Your system should now display a REATOGO-X-PE desktop.
• Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
• Double-click on the OTLPE icon.
• When asked Do you wish to load the remote registry, select Yes
• When asked Do you wish to load remote user profile(s) for scanning, select Yes
• Ensure the box Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.

 

[signofzeta]

Ok, I managed to run Malwarebytes, GMER and DDS so I will post those. What I did was changed the start menu to the classic view, and it at least gave me access to the thumb drive, so we'll just continue from there.

 

[signofzeta]

Malwarebytes

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.28.01

Windows XP Service Pack 2 x86 FAT32 (Safe Mode/Networking)
Internet Explorer 6.0.2900.2180
Albert :: HP-DOWNSTAIRS [administrator]

27/02/2012 8:03:58 PM
mbam-log-2012-02-27 (20-03-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 307674
Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBAF53D4-11FE-482D-B516-B3103BC71F87} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 9
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[signofzeta]

GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-27 20:17:52
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 WDC_WD3200JS-60PDB0 rev.21.00M21
Running: ws0k4td3.exe; Driver: C:\DOCUME~1\Albert\LOCALS~1\Temp\pwdyikog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)

---- EOF - GMER 1.0.15 ----

 

[signofzeta]

DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Run by Albert at 20:18:11 on 2012-02-27
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1641 [GMT -6:00]
.
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A567C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AE87C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899877C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B097C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E1A96C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AD07C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898917C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F57DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8987E7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89371DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B0D7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F48324-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898147C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A2D7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899A67C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897947C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898217C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AC77C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897F97C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89BB57C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898677C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AAD7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E149E4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8998D7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89FFD684-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A767C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8981C7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898467C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89ADE7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899E07C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898927C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E2FBD4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898627C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E11984-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B2B7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898767C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8985F7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {893BADDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899457C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8913656C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898477C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A337C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8979B7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8980A7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {89C4852C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898367C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A6D7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B037C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A529054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8993F7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AF47C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {FFDFF540-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AF07C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8986D7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898A17C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {891A57DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {88DB51A4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BADB0D00-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89DDBC14-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89FBF8FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A52B91C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AD37C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89ABF7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {891149CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E6A6CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897E07C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E4BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F86C0C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A9C7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898787C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A9A7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898FF7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A917C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899897C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B927C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897C77C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897CE7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897DA7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {88CC793C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A1074CC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AD77C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899B87C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A0C8514-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899B37C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898397C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899727C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898CF7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A4F7C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897DB7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89DE8514-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898A57C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A2F7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89706724-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898B57C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899787C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899B97C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8988E7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899187C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B107C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A1027C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A078344-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898A87C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898AF7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897B07C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897E17C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A2B7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898697C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898307C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BAB38540-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AB27C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898DC7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897D67C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E922EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898F47C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8981A7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A427C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A357C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A457C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897D47C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B047C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898A97C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F74DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898187C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A7D7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898057C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899717C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89D11994-FFA4-00DE-0D24-347CA8A3377C}
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8982B7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A777C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89DE9C04-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A19C654-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897C27C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898637C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89C71DA4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BADB0D00-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898807C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A09C054-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8934662C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B1A7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899B77C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A257C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8990C7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000202-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897AC7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A0D7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898F97C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B697C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89EEE7AC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898347C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8981B7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8980B7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89DE3344-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898727C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AE77C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898DE7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89ED754C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898987C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A345DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89BBD7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F2B91C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897B87C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AA57C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A117C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897BC7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898567C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000246-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F9B054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B367C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89374DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A00E5FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89D75344-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A307C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898127C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898BE7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898EA7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A05635C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898547C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E546DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897C37C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A597C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F6241C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A5F6EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899137C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AE07C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898157C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899EE790-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898047C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E72DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A023604-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89FBB614-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899757C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A8C7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898ED7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8910D054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898087C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {892EA054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A4C7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {88210DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89EA4314-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898357C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898867C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {877B7DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897D97C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898107C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AC67C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A957C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8985B7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898287C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898CC7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8979E7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8996E7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899587C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8992A7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898AC7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {88C664EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {891C7DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E3B30C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8989F7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A547C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897917C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8994E7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F7EC6C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AC17C4-FFA4-00EF-0D24-347CA8A3377C}
FW: ZoneAlarm Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=4105
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet1.10\tools\BitCometBHO_1.3.3.2.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DISCover] c:\program files\disc\DISCover.exe nogui
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [niEJngRwieOhYh.exe] c:\documents and settings\all users\application data\niEJngRwieOhYh.exe
mRunOnce: [Malwarebytes Anti-Malware] q:\anitvirus stuff\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\albert\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet1.10\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet1.10\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet1.10\BitComet.exe/AddAllLink.htm
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet1.10\tools\BitCometBHO_1.3.3.2.dll/206
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: trymedia.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{93F73B16-8C5E-4EF5-B818-27602884AB72} : DhcpNameServer = 10.0.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\albert\application data\mozilla\firefox\profiles\mcoaaum2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
FF - Ext: Smart Bookmarks Bar: smartbookmarksbar@remy.juteau - %profile%\extensions\smartbookmarksbar@remy.juteau
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
============= SERVICES / DRIVERS ===============
.
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-17 11608]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-11-17 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-11-17 55024]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-17 136360]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-17 269480]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-17 66616]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
S2 MOUTRAP;MOUTRAP;c:\windows\system32\drivers\Moutrp2k.sys [2001-11-14 4868]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2006-11-19 16512]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-11-17 7408]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-10-9 392824]
.
=============== Created Last 30 ================
.
2012-02-28 01:55:07 -------- d-----w- c:\documents and settings\albert\application data\Malwarebytes
2012-02-27 03:36:37 355328 ---ha-w- c:\documents and settings\all users\application data\fmmJS5ZgPi2Fmg.exe
2012-02-27 03:34:00 450048 ---ha-w- c:\documents and settings\all users\application data\niEJngRwieOhYh.exe
2012-02-24 08:28:48 6552120 ---ha-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{1d385171-7538-48ad-86aa-fa72dac24688}\mpengine.dll
.
==================== Find3M ====================
.
2012-02-26 05:23:15 138784 ---ha-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-26 05:23:06 202008 ---ha-w- c:\windows\system32\PnkBstrB.exe
2012-02-22 05:43:15 234576 ---ha-w- c:\windows\system32\PnkBstrB.xtr
2012-01-29 11:10:42 237072 ---h--w- c:\windows\system32\MpSigStub.exe
2012-01-01 10:18:46 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2005-02-16 16:06:16 218112 ---ha-w- c:\program files\HijackThis.exe
.
============= FINISH: 20:18:51.09 ===============

 

[signofzeta]

Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 23/09/2006 10:48:19 AM
System Uptime: 27/02/2012 7:56:41 PM (1 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NODUSM
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ | Socket AM2 | 2405/199mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ | Socket AM2 | 2405/199mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 9.255 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.428 GiB free.
E: is CDROM ()
L: is Removable
M: is Removable
N: is Removable
O: is Removable
Q: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP541: 30/11/2011 2:56:44 AM - System Checkpoint
RP542: 01/12/2011 3:56:43 AM - System Checkpoint
RP543: 02/12/2011 4:30:01 AM - Software Distribution Service 3.0
RP544: 03/12/2011 4:56:49 AM - System Checkpoint
RP545: 04/12/2011 5:56:44 AM - System Checkpoint
RP546: 05/12/2011 6:56:43 AM - System Checkpoint
RP547: 06/12/2011 1:56:53 AM - Software Distribution Service 3.0
RP548: 07/12/2011 2:23:13 AM - System Checkpoint
RP549: 08/12/2011 1:56:50 AM - Software Distribution Service 3.0
RP550: 09/12/2011 1:57:02 AM - Software Distribution Service 3.0
RP551: 10/12/2011 2:56:46 AM - System Checkpoint
RP552: 11/12/2011 3:56:45 AM - System Checkpoint
RP553: 12/12/2011 4:56:45 AM - System Checkpoint
RP554: 13/12/2011 1:01:51 AM - Installed Skeleton Key
RP555: 13/12/2011 2:00:47 AM - Software Distribution Service 3.0
RP556: 14/12/2011 2:08:13 AM - System Checkpoint
RP557: 14/12/2011 3:00:16 AM - Software Distribution Service 3.0
RP558: 15/12/2011 3:27:51 AM - System Checkpoint
RP559: 16/12/2011 1:34:45 AM - Software Distribution Service 3.0
RP560: 17/12/2011 2:29:55 AM - System Checkpoint
RP561: 18/12/2011 3:25:49 AM - System Checkpoint
RP562: 19/12/2011 3:28:56 AM - System Checkpoint
RP563: 20/12/2011 1:34:50 AM - Software Distribution Service 3.0
RP564: 21/12/2011 2:26:16 AM - System Checkpoint
RP565: 22/12/2011 3:26:19 AM - System Checkpoint
RP566: 23/12/2011 1:34:56 AM - Software Distribution Service 3.0
RP567: 24/12/2011 2:26:36 AM - System Checkpoint
RP568: 25/12/2011 3:10:30 AM - System Checkpoint
RP569: 26/12/2011 3:27:42 AM - System Checkpoint
RP570: 27/12/2011 1:34:47 AM - Software Distribution Service 3.0
RP571: 01/01/2012 12:41:05 AM - Software Distribution Service 3.0
RP572: 02/01/2012 1:33:05 AM - System Checkpoint
RP573: 03/01/2012 1:34:50 AM - Software Distribution Service 3.0
RP574: 04/01/2012 1:50:55 AM - System Checkpoint
RP575: 05/01/2012 2:33:05 AM - System Checkpoint
RP576: 06/01/2012 12:43:01 AM - Software Distribution Service 3.0
RP577: 07/01/2012 1:58:24 AM - System Checkpoint
RP578: 08/01/2012 2:16:31 AM - System Checkpoint
RP579: 09/01/2012 2:18:44 AM - System Checkpoint
RP580: 10/01/2012 1:31:58 AM - Software Distribution Service 3.0
RP581: 11/01/2012 2:18:06 AM - System Checkpoint
RP582: 11/01/2012 3:00:17 AM - Software Distribution Service 3.0
RP583: 12/01/2012 3:27:51 AM - System Checkpoint
RP584: 13/01/2012 2:28:16 AM - Software Distribution Service 3.0
RP585: 14/01/2012 3:26:13 AM - System Checkpoint
RP586: 15/01/2012 3:28:43 AM - System Checkpoint
RP587: 16/01/2012 4:28:28 AM - System Checkpoint
RP588: 17/01/2012 12:29:15 AM - Software Distribution Service 3.0
RP589: 18/01/2012 2:23:45 AM - System Checkpoint
RP590: 19/01/2012 2:27:29 AM - System Checkpoint
RP591: 20/01/2012 2:27:56 AM - Software Distribution Service 3.0
RP592: 21/01/2012 3:27:50 AM - System Checkpoint
RP593: 22/01/2012 3:28:23 AM - System Checkpoint
RP594: 23/01/2012 4:27:55 AM - System Checkpoint
RP595: 24/01/2012 2:27:47 AM - Software Distribution Service 3.0
RP596: 25/01/2012 2:50:53 AM - System Checkpoint
RP597: 26/01/2012 3:27:56 AM - System Checkpoint
RP598: 27/01/2012 2:27:47 AM - Software Distribution Service 3.0
RP599: 28/01/2012 2:27:57 AM - System Checkpoint
RP600: 29/01/2012 3:27:57 AM - System Checkpoint
RP601: 30/01/2012 4:27:57 AM - System Checkpoint
RP602: 31/01/2012 2:27:47 AM - Software Distribution Service 3.0
RP603: 01/02/2012 2:28:03 AM - System Checkpoint
RP604: 02/02/2012 3:27:58 AM - System Checkpoint
RP605: 03/02/2012 2:27:47 AM - Software Distribution Service 3.0
RP606: 04/02/2012 2:28:00 AM - System Checkpoint
RP607: 05/02/2012 3:27:59 AM - System Checkpoint
RP608: 06/02/2012 4:28:00 AM - System Checkpoint
RP609: 07/02/2012 2:27:50 AM - Software Distribution Service 3.0
RP610: 07/02/2012 3:00:18 AM - Software Distribution Service 3.0
RP611: 08/02/2012 2:27:54 AM - Software Distribution Service 3.0
RP612: 09/02/2012 2:28:05 AM - System Checkpoint
RP613: 10/02/2012 2:27:46 AM - Software Distribution Service 3.0
RP614: 11/02/2012 2:28:03 AM - System Checkpoint
RP615: 12/02/2012 3:28:06 AM - System Checkpoint
RP616: 13/02/2012 4:28:06 AM - System Checkpoint
RP617: 14/02/2012 2:27:55 AM - Software Distribution Service 3.0
RP618: 15/02/2012 2:28:04 AM - System Checkpoint
RP619: 15/02/2012 3:00:18 AM - Software Distribution Service 3.0
RP620: 16/02/2012 3:00:21 AM - Software Distribution Service 3.0
RP621: 17/02/2012 2:27:44 AM - Software Distribution Service 3.0
RP622: 18/02/2012 2:28:20 AM - System Checkpoint
RP623: 19/02/2012 2:58:05 AM - System Checkpoint
RP624: 20/02/2012 3:28:04 AM - System Checkpoint
RP625: 21/02/2012 12:35:23 AM - Software Distribution Service 3.0
RP626: 22/02/2012 5:58:01 AM - System Checkpoint
RP627: 23/02/2012 6:28:08 AM - System Checkpoint
RP628: 24/02/2012 2:28:34 AM - Software Distribution Service 3.0
RP629: 25/02/2012 5:13:13 AM - System Checkpoint
RP630: 26/02/2012 5:28:04 AM - System Checkpoint
RP631: 27/02/2012 5:49:57 AM - System Checkpoint
.
==== Installed Programs ======================
.
A Simple Unit Converter 0.9.9.0
Ad-Aware SE Personal
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.3.4
Adobe Reader Chinese Traditional Fonts
Adobe Shockwave Player 11
Advanced Batch Converter
AGEIA PhysX v7.05.17
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
Alien Outbreak 2
Ancient Sudoku
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
Audacity 1.2.6
AutoUpdate
Avira AntiVir Personal - Free Antivirus
Baldur's Gate & Tales of the Sword Coast
Baldur's Gate(TM) II - Throne of Bhaal (TM)
Battle.net
Battlefield 1942
Battlefield Heroes
Battlefield Vietnam(TM)
Bejeweled 2 Deluxe
Big Kahuna Reef
BitComet 1.10
Blackhawk Striker 2
Blasterball 2 Remix
Blasterball 2 Revolution
Bonjour
Bookworm Deluxe
Bounce Symphony
BufferChm
CameraDrivers
CameraUserGuides
Canon MP Navigator 2.0
Canon MP170
Canon Utilities Easy-PhotoPrint
CCScore
CDBurnerXP
Chuzzle Deluxe
Citrix XenApp Web Plugin
Commando
Compact Wireless-G USB Adapter
Compatibility Pack for the 2007 Office system
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
Diner Dash
Dissolution of Eternity
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DocProc
DocumentViewer
Doom 3
DOOM 3 Demo
DOOM 3: Resurrection of Evil
Doom Builder
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easy-WebPrint
Easy Internet Sign-up
EAX(tm) Unified (SHELL)
Enemy Territory - Quake Wars(TM)
Enemy Territory - QUAKE Wars(TM) 1.1 Patch
Enemy Territory - QUAKE Wars(TM) 1.1 Patch
Enemy Territory - QUAKE Wars(TM) Beta 1.1 Patch
Enemy Territory - QUAKE Wars(TM) Beta 2 1.1 Patch
Enemy Territory - QUAKE Wars(TM) SDK 1.4
Enhanced Multimedia Keyboard Solution
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
Everest Poker (Remove Only)
Fairies
Fallout
Fallout 2 Unofficial Patch 1.02.25
Fallout2
Family Feud
FATE
Fax
Fax_CDA
FINAL FANTASY VIII
Flip Words
FO2 Expansion Pack 1.2
FreeRIP v3.091
Full Tilt Poker
GemMaster Mystic
GtkRadiant-1.3.8-ET
Hexen II
Hexen II Mission Pack
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 6.1
HP DVD Play 2.1
HP Games 3.43.97
HP Imaging Device Functions 7.0
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 6.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP PSC & OfficeJet 5.3.B
HP PSC & OfficeJet 6.1.A
HP Rhapsody
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
HP Web Helper
hpiCamDrvQFolder
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
HyperCam 2
Icewind Dale
Icewind Dale - Heart of Winter
Icewind Dale II
Insaniquarium Deluxe
InstantShareDevices
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java DB 10.4.1.3
Java(TM) 6 Update 20
Java(TM) 6 Update 3
Java(TM) SE Development Kit 6 Update 13
Jewel Quest
JMP Student Edition
Junk Mail filter update
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
LAME v3.98.2 for Audacity
LightScribe 1.4.84.1
linksadoor 1.29
Magic Set Editor 2 - 0.3.8 beta
Mah Jong Quest
Malwarebytes Anti-Malware version 1.60.1.1000
Media Center Extender
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Away Mode
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Money 2006
Microsoft Office 2000 Professional
Microsoft Platform SDK (3790.1830)
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Morrowind
Mozilla Firefox (3.6.27)
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
Mystery Case Files
netbrdg
NewCopy
NewCopy_CDA
Notifier
NVIDIA Drivers
OfotoXMI
Omni-Bot 0.72 STABLE
OmniPage SE 2.0
OpenOffice.org 3.1
OptionalContentQFolder
Otto
PanoStandAlone
PC-Doctor 5 for Windows
PCDADDIN
PCDHELP
PhotoGallery
Physics Quizzes
Planescape - Torment
Poker Superstars
Polar Bowler
Polar Golfer
PowerISO
Project64 1.6
PSPrinters08
PSTAPlugin
PunkBuster Services
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Qtracker
Quake III Team Arena
Quake 4(TM)
Quake II
Quake II MP: Ground Zero
Quake II MP: The Reckoning
Quake III Arena
Quake III Arena Point Release 1.32
Quake Live Mozilla Plugin
Quicken 2006
QuickTime
RandMap
Readme
RealPlayer
Realtek High Definition Audio Driver
Return to Castle Wolfenstein - Game of The Year Edition
Return to Castle Wolfenstein DEMO
Ricochet Lost Worlds
Scan
ScannerCopy
Scourge of Armagon
SCRABBLE
SecureW2 Client 3.1.2
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Segoe UI
SFR
SHASTA
ShowInfo
Skeleton Key
SKIN0001
SkinsHP1
SKINXSDK
Skulltag
Skype™ 3.8
SlideShow
SlideShowMusic
Slingo Deluxe
Snowy The Bears Adventure
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
SopCast 3.0.3
Spear of Destiny
Starcraft
staticcr
Status
Steam
Super Granny
SUPERAntiSpyware Free Edition
Tennis Titans
TextPad 4.7
Toolbox
tooltips
Tornado Jockey
Tradewinds
TrayApp
TVUPlayer 2.2.1.30 Beta
Unload
Unlocker 1.8.5
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VDMSound
VDMSound 2.0.4
VideoLAN VLC media player 0.8.6b
VPRINTOL
Warcraft II BNE
WebFldrs XP
WebReg
WildTangent Web Driver
Winamp (remove only)
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
WinRAR archiver
WIRELESS
Wolfenstein
Wolfenstein - Enemy Territory
Wolfenstein - Enemy Territory Map Test
Wolfenstein 3D
Wolfenstein(TM) 1.2 Patch
Wolfenstein(TM) 1.2 Patch
Xfire (remove only)
XML Paper Specification Shared Components Pack 1.0
YDKJ The 5th Dementia
You Don't Know Jack - Sports 1.0
You Don't Know Jack - Volume 2 1.0
You Don't Know Jack - XL 1.0
You Don't Know Jack 4 1.00
You Don't Know Jack 6 - The Lost Gold
YOU DON'T KNOW JACK Movies
YOU DON'T KNOW JACK® 2
YOU DON'T KNOW JACK® 3 - Abwärts!
.
==== Event Viewer Messages From Past Week ========
.
27/02/2012 7:58:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 avgio avipbb Fips SASDIFSV SASKUTIL SCDEmu sptd ssmdrv
27/02/2012 7:52:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
27/02/2012 7:39:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
27/02/2012 7:38:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 avgio avipbb Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SCDEmu sptd ssmdrv Tcpip
27/02/2012 7:38:51 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: Access is denied.
27/02/2012 7:38:51 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2012 7:38:51 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2012 7:38:51 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2012 7:38:51 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2012 7:38:51 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2012 7:38:51 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2012 7:37:55 PM, error: sptd [4] - Driver detected an internal error in its data structures for .
27/02/2012 7:37:47 PM, error: SRService [104] - The System Restore initialization process failed.
24/02/2012 9:05:13 PM, error: atapi [5] - A parity error was detected on \Device\Ide\IdePort2.
20/02/2012 1:06:47 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
.
==== End Of File ===========================

 

[Broni]

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

Download Bootkit Remover to your Desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[signofzeta]

Oh another thing, can a virus spread into a thumbdrive, because I sort of ran the 3 programs from the thumbdrive into my infected desktop, then attached the thumbdrive onto my laptop so I can copy and paste the results here.

So far no symptoms have happened yet on my laptop, other than the "can't start security center" problem.

 

[Broni]

Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

 

[signofzeta]

I currently have MBR.dat on a thumbdrive, and I assume it needs to be on the infected computer itself. I removed the thumbdrive, and the computer restarted itself, which kind of shows that that file needs to be in the hard drive of the infected computer.

I managed to make a copy of it and put it on the desktop, but I don't know if it is going to make my machine reboot. I'm removing thumb drive now.

Ok, computer restarted, but I had no choice, since I ran aswMBR through the thumb drive.

 

[Broni]

I don't need MBR.dat for now. I need aswMBR scan log.

 

[signofzeta]

aswMBR

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-27 20:47:26
-----------------------------
20:47:26.984 OS Version: Windows 5.1.2600 Service Pack 2
20:47:26.984 Number of processors: 2 586 0x4B02
20:47:26.984 ComputerName: HP-DOWNSTAIRS UserName: Albert
20:47:27.687 Initialize success
20:48:54.968 AVAST engine defs: 12022701
20:50:15.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
20:50:15.546 Disk 0 Vendor: WDC_WD3200JS-60PDB0 21.00M21 Size: 305245MB BusType: 3
20:50:15.562 Disk 0 MBR read successfully
20:50:15.578 Disk 0 MBR scan
20:50:15.593 Disk 0 unknown MBR code
20:50:15.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 296220 MB offset 63
20:50:15.640 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 9014 MB offset 606674880
20:50:15.656 Disk 0 scanning sectors +625136400
20:50:15.734 Disk 0 scanning C:\WINDOWS\system32\drivers
20:50:24.078 Service scanning
20:50:43.562 Modules scanning
20:50:49.562 Disk 0 trace - called modules:
20:50:49.593 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:50:49.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a693ab8]
20:50:49.781 3 CLASSPNP.SYS[f765805b] -> nt!IofCallDriver -> \Device\0000007f[0x8a70e708]
20:50:49.953 5 ACPI.sys[f74a3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8a5ebd98]
20:50:50.718 AVAST engine scan C:\WINDOWS
20:51:11.359 AVAST engine scan C:\WINDOWS\system32
20:54:34.093 AVAST engine scan C:\WINDOWS\system32\drivers
20:54:50.046 AVAST engine scan C:\Documents and Settings\Albert
20:56:27.531 File: C:\Documents and Settings\Albert\Local Settings\temp\mor.exe **INFECTED** Win32:Spyware-gen [Spy]
21:00:34.671 AVAST engine scan C:\Documents and Settings\All Users
21:00:48.718 File: C:\Documents and Settings\All Users\Application Data\fmmJS5ZgPi2Fmg.exe **INFECTED** Win32:FakeAlert-CCD [Trj]
21:01:33.109 File: C:\Documents and Settings\All Users\Application Data\niEJngRwieOhYh.exe **INFECTED** Win32:FakeAlert-CCD [Trj]
21:02:56.078 Scan finished successfully
21:11:52.609 Disk 0 MBR has been saved successfully to "Q:\anitvirus stuff\MBR.dat"
21:11:52.640 The log file has been saved successfully to "Q:\anitvirus stuff\aswMBR.txt"

 

[Broni]

Good.
Go on....

 

[signofzeta]

bootkit

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 53b87386f68c4cb2306da5ba771dbe8b

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

 

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[signofzeta]

Combofix

ComboFix 12-02-27.02 - Albert 27/02/2012 22:01:22.3.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1611 [GMT -6:00]
Running from: c:\documents and settings\Albert\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {88DB51A4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {89C4852C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000202-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000246-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {877B7DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {88210DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {88C664EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {88CC793C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8910D054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {891149CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8913656C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {891A57DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {891C7DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {892EA054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8934662C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89371DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89374DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {893BADDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89706724-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897917C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897947C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8979B7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8979E7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897AC7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897B07C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897B87C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897BC7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897C27C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897C37C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897C77C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897CE7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897D47C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897D67C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897D97C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897DA7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897DB7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897E07C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897E17C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {897F97C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898047C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898057C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898087C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8980A7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8980B7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898107C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898127C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898147C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898157C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898187C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8981A7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8981B7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8981C7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898217C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898287C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8982B7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898307C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898347C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898357C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898367C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898397C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898467C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898477C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898547C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898567C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8985B7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8985F7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898627C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898637C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898677C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898697C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8986D7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898727C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898767C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898787C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8987E7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898807C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898867C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8988E7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898917C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898927C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898987C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8989F7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898A17C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898A57C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898A87C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898A97C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898AC7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898AF7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898B57C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898BE7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898CC7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898CF7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898DC7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898DE7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898EA7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898ED7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898F47C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898F97C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {898FF7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8990C7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899137C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899187C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8992A7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8993F7C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899457C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8994E7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899587C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8996E7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899717C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899727C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899757C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899787C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899877C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899897C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8998D7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899A67C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899B37C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899B77C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899B87C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899B97C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899E07C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {899EE790-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A0D7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A117C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A257C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A2B7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A2D7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A2F7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A307C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A337C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A357C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A427C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A457C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A4C7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A4F7C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A547C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A567C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A597C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A5F6EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A6D7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A767C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A777C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A7D7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A8C7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A917C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A957C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A9A7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89A9C7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AA57C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AAD7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AB27C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89ABF7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AC17C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AC67C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AC77C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AD07C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AD37C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AD77C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89ADE7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AE07C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AE77C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AE87C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AF07C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89AF47C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B037C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B047C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B097C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B0D7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B107C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B1A7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B2B7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B367C4-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B697C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89B927C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89BB57C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89BBD7C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89C71DA4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89D11994-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89D75344-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89DDBC14-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89DE3344-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89DE8514-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89DE9C04-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E11984-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E149E4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E1A96C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E2FBD4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E3B30C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E4BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E546DC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E6A6CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E72DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89E922EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89EA4314-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89ED754C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89EEE7AC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F2B91C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F48324-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F57DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F6241C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F74DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F7EC6C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F86C0C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89F9B054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89FBB614-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89FBF8FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {89FFD684-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A00E5FC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A023604-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A05635C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A078344-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A09C054-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A0C8514-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A1027C4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A1074CC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A19C654-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A345DDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A529054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8A52B91C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BAB38540-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BADB0D00-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BADB0D00-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {FFDFF540-FFA4-00DE-0D24-347CA8A3377C}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Albert\Desktop\System Check.lnk
c:\documents and settings\Albert\Start Menu\Programs\System Check
c:\documents and settings\Albert\Start Menu\Programs\System Check\System Check.lnk
c:\documents and settings\Albert\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\documents and settings\Albert\WINDOWS
c:\documents and settings\All Users\Application Data\~fmmJS5ZgPi2Fmg
c:\documents and settings\All Users\Application Data\~fmmJS5ZgPi2Fmgr
c:\documents and settings\All Users\Application Data\fmmJS5ZgPi2Fmg
c:\documents and settings\All Users\Application Data\fmmJS5ZgPi2Fmg.exe
c:\documents and settings\All Users\Application Data\niEJngRwieOhYh.exe
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Annie\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest\WINDOWS
c:\documents and settings\HP_Administrator\WINDOWS
c:\documents and settings\MCX1\WINDOWS
c:\windows\EventSystem.log
c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe
c:\windows\kb913800.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\GTGina.dll
.
c:\windows\system32\drivers\intelppm.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))))
.
.
2012-02-28 01:55 . 2012-02-28 01:55 -------- d-----w- c:\documents and settings\Albert\Application Data\Malwarebytes
2012-02-24 08:28 . 2012-02-08 06:03 6552120 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{1D385171-7538-48AD-86AA-FA72DAC24688}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 05:23 . 2009-07-20 05:22 138784 ---ha-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-26 05:23 . 2007-04-18 04:38 202008 ---ha-w- c:\windows\system32\PnkBstrB.exe
2012-02-22 05:43 . 2009-06-24 17:31 234576 ---ha-w- c:\windows\system32\PnkBstrB.xtr
2012-02-08 06:03 . 2008-11-16 23:26 6552120 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-01-29 11:10 . 2009-10-02 19:41 237072 ---h--w- c:\windows\system32\MpSigStub.exe
2012-01-01 10:18 . 2012-01-01 10:18 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 21:24 . 2010-06-11 04:55 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2005-02-16 16:06 . 2006-10-29 02:53 218112 ---ha-w- c:\program files\HijackThis.exe
2008-08-16 22:42 . 2008-08-16 22:42 13112 ---ha-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 22:42 . 2008-08-16 22:42 70456 ---ha-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 22:42 . 2008-08-16 22:42 91448 ---ha-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 22:42 . 2008-08-16 22:42 20800 ---ha-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 22:43 . 2008-08-16 22:43 206136 ---ha-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 22:42 . 2008-08-16 22:42 31032 ---ha-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 22:42 . 2008-08-16 22:42 40248 ---ha-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 13:41 . 2008-05-21 13:41 479232 ---ha-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 13:41 . 2008-05-21 13:41 548864 ---ha-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 13:41 . 2008-05-21 13:41 626688 ---ha-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 18:58 . 2008-06-05 18:58 648504 ---ha-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 22:42 . 2008-08-16 22:42 23864 ---ha-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-14 7557120]
"nwiz"="nwiz.exe" [2006-02-14 1519616]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-16 49152]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-05-31 180269]
"DISCover"="c:\program files\DISC\DISCover.exe" [2007-10-31 1095256]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
.
c:\documents and settings\MCX1\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-31 27136]
.
c:\documents and settings\Albert\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-31 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-18 21:41 352256 ---ha-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\QUAKE\\WINQUAKE.EXE"=
"c:\\QUAKE\\GLQUAKE.EXE"=
"c:\\Program Files\\Wolfenstein - Enemy Territory original no patch\\ET.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory Map Test\\ET.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Hexen II\\h2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\Return to Castle Wolfenstein - Game of The Year Edition\\WolfMP.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\HP Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ettv.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Qtracker\\qtracker.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Black Isle\\Baldur's Gate\\BGMain2.exe"=
"c:\\Program Files\\BitComet1.10\\BitComet.exe"=
"c:\\Hexen II\\H2mp.exe"=
"c:\\Program Files\\Warcraft II BNE\\Warcraft II BNE.exe"=
"c:\\Program Files\\DOSBox-0.73\\dosbox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Valve\\Steam\\steamapps\\common\\wolfenstein 3d\\Wolf3d.bat"=
"c:\\Hexen II\\GLH2.EXE"=
"c:\\Program Files\\Black Isle\\Icewind Dale\\IDMain.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Valve\\Steam\\steamapps\\common\\doom 3 demo\\Doom3.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Quake2\\quake2.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\Doom 3\\Doom3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\id Software\\Quake 4\\Quake4.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Skulltag\\skulltag.exe"=
"c:\\Program Files\\Skulltag\\doomseeker.exe"=
"c:\\Program Files\\Skulltag\\rcon_utility.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14261:TCP"= 14261:TCP:BitComet 14261 TCP
"14261:UDP"= 14261:UDP:BitComet 14261 UDP
"8633:TCP"= 8633:TCP:BitComet 8633 TCP
"8633:UDP"= 8633:UDP:BitComet 8633 UDP
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
.
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 7:19 PM 13592]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07/10/2006 6:43 PM 691696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/11/2008 3:11 PM 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/11/2008 3:11 PM 55024]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [17/11/2009 1:43 PM 136360]
S2 MOUTRAP;MOUTRAP;c:\windows\system32\drivers\Moutrp2k.sys [14/11/2001 12:44 PM 4868]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [19/11/2006 1:28 AM 16512]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/11/2008 3:11 PM 7408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2012-02-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=4105
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet1.10\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet1.10\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet1.10\BitComet.exe/AddAllLink.htm
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: trymedia.com
TCP: DhcpNameServer = 10.0.1.1
FF - ProfilePath - c:\documents and settings\Albert\Application Data\Mozilla\Firefox\Profiles\mcoaaum2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
FF - Ext: Smart Bookmarks Bar: smartbookmarksbar@remy.juteau - %profile%\extensions\smartbookmarksbar@remy.juteau
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-niEJngRwieOhYh.exe - c:\documents and settings\All Users\Application Data\niEJngRwieOhYh.exe
AddRemove-FINAL FANTASY VIII - c:\program files\Eidos Interactive\Square Soft
AddRemove-linksadoor_is1 - c:\documents and settings\George\Application Data\Mozilla\Firefox\Profiles\ktxq0dty.default\extensions\unins000.exe
AddRemove-Malwarebytes' Anti-Malware_is1 - q:\anitvirus stuff\Malwarebytes' Anti-Malware\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-27 22:09
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(580)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(608)
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\l3codeca.acm
.
Completion time: 2012-02-27 22:26:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-28 04:26
.
Pre-Run: 9,794,449,408 bytes free
Post-Run: 14,895,443,968 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 2910284B05F9C151E55C9F43970014A0

 

[Broni]

Looks pretty good.

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.

Then we have one system file missing.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box and paste it into the main textfield:
  

  :filefind
  intelppm.sys

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[signofzeta]

unhide

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 02/28/2012 12:15:14 AM
Windows Version: Windows XP

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 231863 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 17305 files processed.

The C:\DOCUME~1\Albert\LOCALS~1\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* HideIcons policy was found and deleted!

Program finished at: 02/28/2012 12:24:25 AM
Execution time: 0 hours(s), 9 minute(s), and 11 seconds(s)

 

[signofzeta]

systemlook

SystemLook 30.07.11 by jpshortstuff
Log created at 00:26 on 28/02/2012 by Albert
Administrator - Elevation successful

========== filefind ==========

Searching for "intelppm.sys"
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\intelppm.sys --a---- 36352 bytes [20:31 12/09/2008] [18:31 13/04/2008] 8C953733D8F36EB2133F5BB58808B66B

-= EOF =-