Solved Fake antivirus "System" removal

Status
Not open for further replies.

swisstonyholmes

Posts: 98   +0
Hi to anybody who can help,

I'm in the process of trying to remove a fake antivirus program called "System...(something I can't remember the rest)" and have gone so far but I'm still getting pop ups and believe the system isn't running as it should.

I have run Malwarebytes and AVG scans which has removed most of the initial program but not all of it.

Any help is appreciated I have attached all of the required log files below.

Thanks in advance,

Tony.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5940

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

03/03/2011 10:22:52
mbam-log-2011-03-03 (10-22-52).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 268054
Time elapsed: 41 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 3
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44A1-9F4543D34546} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33331111-1111-1111-1111-611111193423} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33331111-1111-1111-1111-615111193427} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hFpBaPb06308 (Trojan.FakeAlert) -> Value: hFpBaPb06308 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{9A5096F9-426F-6C6D-04B3-20F62EF2AC66} (Trojan.ZbotR.Gen) -> Value: {9A5096F9-426F-6C6D-04B3-20F62EF2AC66} -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\compaq_owner\application data\adwarealert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner\application data\adwarealert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner\application data\adwarealert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\all users\application data\hfpbapb06308\hfpbapb06308.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner\application data\Sun\Java\deployment\cache\6.0\62\6261e87e-2c6cb849 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\adwarealert scheduled scan.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner\application data\Axbea\opxa.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner\application data\adwarealert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner\application data\adwarealert\Log\2007 dec 27 - 12_32_11 pm_750.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner\application data\adwarealert\Log\2007 dec 27 - 12_32_16 pm_046.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner\application data\adwarealert\Log\2007 dec 27 - 12_34_32 pm_375.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner\application data\adwarealert\Log\2007 dec 27 - 12_35_05 pm_531.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner\application data\adwarealert\Log\2007 dec 27 - 12_46_58 pm_796.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner\application data\adwarealert\Log\2007 dec 28 - 10_36_26 am_343.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner\application data\adwarealert\Settings\scanresults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6013

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/03/2011 22:38:02
mbam-log-2011-03-10 (22-38-02).txt

Scan type: Quick scan
Objects scanned: 161701
Time elapsed: 11 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-10 22:40:52
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 HDS728080PLAT20 rev.PF2OA28A
Running: bfkc4zf2.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kfrcykod.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 862C357B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 862C357B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 862C357B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 862C357B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 862C357B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 862C357B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-16 862C357B
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHDS728080PLAT20_________________________PF2OA28A#5&28b4ae51&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----




.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Compaq_Owner at 22:41:46.46 on 10/03/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.958.292 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
c:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.talktalk.co.uk/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=63&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=63&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=63&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://www.tiscali.co.uk/broadband
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_ActiveX.exe -update activex
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [EPSON Stylus Photo RX620 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9HE.EXE /P40 "EPSON Stylus Photo RX620 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo RX620"
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [EPSON Stylus Photo RX620 Series (Copy 2)] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9HE.EXE /P40 "EPSON Stylus Photo RX620 Series (Copy 2)" /O5 "LPT1:" /M "Stylus Photo RX620"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [EPSON Stylus Photo RX620 Series (Copy 3)] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9HE.EXE /P40 "EPSON Stylus Photo RX620 Series (Copy 3)" /O5 "LPT1:" /M "Stylus Photo RX620"
mRun: [EPSON Stylus Photo RX620 Series (Copy 4)] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9HE.EXE /P40 "EPSON Stylus Photo RX620 Series (Copy 4)" /O5 "LPT1:" /M "Stylus Photo RX620"
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: p0rt2.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {BE252E96-B805-4932-A296-184E9F30893B} = 194.72.9.34,194.72.0.98
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-19 517448]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [2007-5-14 508288]
.
=============== Created Last 30 ================
.
2011-03-03 19:15:40 -------- d-----w- c:\program files\ESET
2011-03-03 12:50:29 -------- d-----w- c:\program files\Panda Security
2011-03-03 09:51:17 -------- d-----w- c:\docume~1\compaq~1\applic~1\Qyex
2011-03-03 09:51:17 -------- d-----w- c:\docume~1\compaq~1\applic~1\Axbea
2011-03-03 09:39:26 -------- d-----w- c:\docume~1\compaq~1\applic~1\Malwarebytes
2011-03-03 09:39:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-03 09:39:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-03 09:39:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-03 09:39:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-03 08:42:53 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-03-03 08:42:53 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-03-03 08:42:46 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-03 08:42:46 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-03-03 08:42:34 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-03-03 08:42:34 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2011-02-27 11:13:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\hFpBaPb06308
.
==================== Find3M ====================
.
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HDS728080PLAT20 rev.PF2OA28A -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x862C3735]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x862c9990]; MOV EAX, [0x862c9a0c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x86338AB8]
3 CLASSPNP[0xF7670FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000066[0x86383F18]
5 ACPI[0xF7507620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86382940]
\Driver\atapi[0x86306290] -> IRP_MJ_CREATE -> 0x862C3735
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5c; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHDS728080PLAT20_________________________PF2OA28A#5&28b4ae51&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x862C357B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:43:34.86 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 22/09/2006 12:11:12
System Uptime: 10/03/2011 22:09:03 (0 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NODUSM
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket AM2 | 2204/199mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 69 GiB total, 55.53 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 0.173 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP703: 03/03/2011 13:10:02 - System Checkpoint
RP704: 09/03/2011 19:37:58 - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Adobe Shockwave Player 11
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
Bonjour
BufferChm
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Customer Experience Enhancement
Destinations
DeviceManagementQFolder
Enhanced Multimedia Keyboard Solution
EPSON CardMonitor
EPSON Copy Utility 3
EPSON PhotoQuicker3.5
EPSON PhotoStarter3.1
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
EPSON Web-To-Page
ESET Online Scanner v3
ESPRX620 Series Reference Guide
ESPRX620 Software Guide
FinePixViewer Resource
FinePixViewer Ver.5.2
FUJIFILM USB Driver
FullDPAppQFolder
GearDrvs
Google Earth
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Update
HPPhotoSmartExpress
HpSdpAppCoreApp
ImageMixer VCD2 LE for FinePix
InstantShareDevices
iTunes
J2SE Runtime Environment 5.0 Update 5
Java(TM) 6 Update 17
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Explorapedia - The World of Nature 1.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
OpenOffice.org Installer 1.0
OptionalContentQFolder
Panda ActiveScan 2.0
PC-Doctor 5 for Windows
PhotoGallery
PhotoImpression 5
PIF DESIGNER2.1
PowerCinema
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RandMap
RAW FILE CONVERTER LE
Realtek High Definition Audio Driver
Runtime 8.0 Libraries
SAMSUNG CDMA Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
ScanToWeb
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SkinsHP1
Skype Toolbars
Skype™ 5.0
SlideShow
SlideShowMusic
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Trust WB-1400T Webcam
Unload
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
10/03/2011 22:40:12, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
03/03/2011 12:40:35, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 855bfda0, parameter3 855bff14, parameter4 805c8d78.
03/03/2011 10:26:48, error: Service Control Manager [7031] - The Google Software Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
03/03/2011 10:25:54, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 iaStor IntelIde ViaIde
03/03/2011 10:23:24, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
03/03/2011 09:39:41, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Avgldx86 Avgmfx86 Fips ftsata2 StarOpen
03/03/2011 09:16:45, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
03/03/2011 09:16:45, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
03/03/2011 09:16:16, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Media Player Network Sharing Service service to connect.
03/03/2011 09:16:16, error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
03/03/2011 09:15:46, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG WatchDog service to connect.
03/03/2011 09:15:46, error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
03/03/2011 09:15:45, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
03/03/2011 09:15:45, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
03/03/2011 09:15:45, error: Service Control Manager [7034] - The CyberLink Task Scheduler (CTS) service terminated unexpectedly. It has done this 1 time(s).
03/03/2011 09:15:45, error: Service Control Manager [7034] - The CyberLink Media Library Service service terminated unexpectedly. It has done this 1 time(s).
03/03/2011 09:15:45, error: Service Control Manager [7034] - The CyberLink Background Capture Service (CBCS) service terminated unexpectedly. It has done this 1 time(s).
03/03/2011 09:15:45, error: Service Control Manager [7034] - The B's Recorder GOLD Library General Service service terminated unexpectedly. It has done this 1 time(s).
03/03/2011 09:15:45, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
03/03/2011 09:15:45, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
03/03/2011 09:15:45, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/03/2011 09:15:45, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2
03/03/2011 09:15:45, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
03/03/2011 09:15:45, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
03/03/2011 09:15:42, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect.
03/03/2011 09:15:42, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
03/03/2011 09:13:34, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
03/03/2011 08:44:34, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/03/2011 08:43:33, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/03/2011 08:42:01, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2751'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
03/03/2011 08:41:43, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

You're infected with a rootkit.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Broni,

Thanks for your help I have done as requested.


2011/03/11 14:30:41.0515 0516 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/11 14:30:41.0875 0516 ================================================================================
2011/03/11 14:30:41.0875 0516 SystemInfo:
2011/03/11 14:30:41.0875 0516
2011/03/11 14:30:41.0875 0516 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/11 14:30:41.0875 0516 Product type: Workstation
2011/03/11 14:30:41.0875 0516 ComputerName: YOUR-C94F920E24
2011/03/11 14:30:41.0875 0516 UserName: Compaq_Owner
2011/03/11 14:30:41.0875 0516 Windows directory: C:\WINDOWS
2011/03/11 14:30:41.0875 0516 System windows directory: C:\WINDOWS
2011/03/11 14:30:41.0875 0516 Processor architecture: Intel x86
2011/03/11 14:30:41.0875 0516 Number of processors: 1
2011/03/11 14:30:41.0875 0516 Page size: 0x1000
2011/03/11 14:30:41.0875 0516 Boot type: Normal boot
2011/03/11 14:30:41.0875 0516 ================================================================================
2011/03/11 14:30:42.0343 0516 Initialize success
2011/03/11 14:30:52.0562 2476 ================================================================================
2011/03/11 14:30:52.0562 2476 Scan started
2011/03/11 14:30:52.0562 2476 Mode: Manual;
2011/03/11 14:30:52.0562 2476 ================================================================================
2011/03/11 14:31:02.0453 2476 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/11 14:31:02.0625 2476 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/11 14:31:02.0984 2476 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/11 14:31:03.0187 2476 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/11 14:31:03.0875 2476 alcan5wn (0940030d5a5869067ccc03e3b0b8dec7) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
2011/03/11 14:31:04.0609 2476 alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
2011/03/11 14:31:06.0015 2476 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/03/11 14:31:07.0000 2476 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/11 14:31:08.0640 2476 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/11 14:31:09.0140 2476 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/11 14:31:10.0000 2476 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/11 14:31:10.0421 2476 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/11 14:31:10.0921 2476 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/03/11 14:31:11.0140 2476 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/03/11 14:31:11.0343 2476 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/03/11 14:31:11.0531 2476 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/03/11 14:31:11.0765 2476 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/03/11 14:31:12.0171 2476 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/03/11 14:31:12.0562 2476 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/03/11 14:31:13.0000 2476 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/03/11 14:31:13.0328 2476 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/11 14:31:13.0640 2476 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/11 14:31:13.0968 2476 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/11 14:31:14.0671 2476 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/11 14:31:15.0000 2476 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/11 14:31:15.0609 2476 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/11 14:31:17.0640 2476 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/11 14:31:18.0171 2476 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/11 14:31:18.0671 2476 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/11 14:31:19.0328 2476 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/11 14:31:19.0781 2476 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/11 14:31:20.0578 2476 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/11 14:31:21.0140 2476 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/11 14:31:21.0781 2476 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/11 14:31:22.0156 2476 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/11 14:31:22.0671 2476 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/11 14:31:23.0125 2476 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/11 14:31:23.0640 2476 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/11 14:31:24.0203 2476 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/11 14:31:25.0062 2476 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/03/11 14:31:25.0750 2476 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/11 14:31:26.0875 2476 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/11 14:31:27.0984 2476 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/11 14:31:29.0937 2476 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/11 14:31:31.0875 2476 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/11 14:31:32.0484 2476 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/03/11 14:31:34.0296 2476 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/11 14:31:37.0875 2476 IntcAzAudAddService (64be56b8858ca0153c725c720ffd194f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/03/11 14:31:42.0578 2476 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/11 14:31:43.0453 2476 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/11 14:31:44.0156 2476 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/11 14:31:44.0734 2476 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/11 14:31:45.0671 2476 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/11 14:31:46.0593 2476 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/11 14:31:47.0578 2476 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/11 14:31:48.0343 2476 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/11 14:31:48.0953 2476 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/11 14:31:49.0359 2476 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/11 14:31:49.0781 2476 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/11 14:31:50.0265 2476 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/11 14:31:51.0015 2476 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/11 14:31:51.0718 2476 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/11 14:31:52.0046 2476 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/11 14:31:52.0281 2476 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/11 14:31:52.0515 2476 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/11 14:31:53.0031 2476 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/11 14:31:56.0609 2476 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/11 14:31:57.0953 2476 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/11 14:31:59.0390 2476 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/11 14:32:00.0953 2476 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/11 14:32:04.0453 2476 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/11 14:32:05.0640 2476 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/11 14:32:07.0578 2476 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/11 14:32:09.0187 2476 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/11 14:32:10.0375 2476 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/11 14:32:11.0625 2476 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/11 14:32:12.0718 2476 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/11 14:32:14.0140 2476 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/11 14:32:14.0953 2476 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/11 14:32:15.0656 2476 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/11 14:32:16.0484 2476 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/11 14:32:17.0078 2476 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/11 14:32:17.0828 2476 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/11 14:32:18.0546 2476 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/11 14:32:19.0000 2476 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/11 14:32:19.0593 2476 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/11 14:32:20.0234 2476 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/11 14:32:21.0078 2476 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/11 14:32:23.0343 2476 nv (ce58f42b11be20a47c3d8d2f38da254e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/11 14:32:27.0140 2476 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/03/11 14:32:27.0906 2476 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/03/11 14:32:28.0500 2476 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/11 14:32:29.0156 2476 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/11 14:32:30.0250 2476 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/11 14:32:31.0812 2476 PAC207 (54183d1ec4a8658bbacb31acd0c8f6df) C:\WINDOWS\system32\DRIVERS\PFC027.SYS
2011/03/11 14:32:32.0687 2476 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/11 14:32:33.0328 2476 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/11 14:32:33.0921 2476 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/11 14:32:34.0546 2476 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/11 14:32:35.0125 2476 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/11 14:32:35.0593 2476 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/11 14:32:40.0375 2476 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/11 14:32:41.0156 2476 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/03/11 14:32:41.0859 2476 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/03/11 14:32:43.0703 2476 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/11 14:32:44.0609 2476 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/11 14:32:45.0187 2476 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/11 14:32:48.0812 2476 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/11 14:32:50.0031 2476 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/11 14:32:51.0109 2476 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/11 14:32:52.0078 2476 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/11 14:33:02.0078 2476 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/11 14:33:03.0875 2476 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/11 14:33:04.0671 2476 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/11 14:33:05.0656 2476 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/11 14:33:06.0609 2476 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/03/11 14:33:08.0078 2476 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/11 14:33:10.0546 2476 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/11 14:33:11.0765 2476 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/11 14:33:13.0937 2476 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/11 14:33:14.0921 2476 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/11 14:33:15.0406 2476 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/11 14:33:16.0281 2476 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/11 14:33:16.0687 2476 ss_bus (bd15182e9d2d3fabc1d1313badbd2415) C:\WINDOWS\system32\DRIVERS\ss_bus.sys
2011/03/11 14:33:17.0125 2476 ss_mdfl (67d1144f249a3c5e03ebd7a2304dee11) C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
2011/03/11 14:33:17.0750 2476 ss_mdm (954b7ce2d54c703d6a8471d6b05a5e13) C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
2011/03/11 14:33:18.0265 2476 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/03/11 14:33:18.0843 2476 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/11 14:33:19.0187 2476 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/11 14:33:19.0562 2476 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/11 14:33:21.0000 2476 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/11 14:33:21.0484 2476 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/11 14:33:21.0890 2476 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/11 14:33:22.0796 2476 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/11 14:33:23.0203 2476 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/11 14:33:24.0265 2476 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/11 14:33:25.0234 2476 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/11 14:33:25.0843 2476 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/11 14:33:26.0312 2476 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/11 14:33:26.0718 2476 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/11 14:33:27.0250 2476 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/03/11 14:33:27.0687 2476 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/11 14:33:28.0031 2476 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/11 14:33:28.0421 2476 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/11 14:33:28.0875 2476 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/11 14:33:29.0359 2476 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/11 14:33:29.0703 2476 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/03/11 14:33:30.0328 2476 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/11 14:33:30.0843 2476 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/11 14:33:32.0312 2476 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/11 14:33:33.0234 2476 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/11 14:33:33.0968 2476 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/11 14:33:34.0218 2476 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/11 14:33:34.0234 2476 ================================================================================
2011/03/11 14:33:34.0234 2476 Scan finished
2011/03/11 14:33:34.0234 2476 ================================================================================
2011/03/11 14:33:34.0250 1628 Detected object count: 1
2011/03/11 14:33:57.0562 1628 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/03/11 14:33:57.0625 1628 \HardDisk0 - ok
2011/03/11 14:33:57.0625 1628 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/03/11 14:34:06.0031 3984 Deinitialize success
 
Good :)

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Broni,

I have completed the requested fixes reports are attached, please note that AVG has been removed but not re-installed.

Thanks.


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 122):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xF7B30000 \WINDOWS\system32\KDCOM.DLL
0xF7A40000 \WINDOWS\system32\BOOTVID.dll
0xF7501000 ACPI.sys
0xF7B32000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74F0000 pci.sys
0xF7630000 isapnp.sys
0xF7BF8000 pciide.sys
0xF78B0000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7B34000 viaide.sys
0xF7B36000 intelide.sys
0xF7640000 MountMgr.sys
0xF74D1000 ftdisk.sys
0xF78B8000 PartMgr.sys
0xF7650000 VolSnap.sys
0xF73FC000 iaStor.sys
0xF73E4000 atapi.sys
0xF7660000 disk.sys
0xF7670000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73C4000 fltmgr.sys
0xF73B2000 sr.sys
0xF7680000 PxHelp20.sys
0xF739B000 KSecDD.sys
0xF730E000 Ntfs.sys
0xF72E1000 NDIS.sys
0xF7690000 ohci1394.sys
0xF76A0000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF72C7000 Mup.sys
0xF78C0000 avgrkx86.sys
0xF76B0000 AVGIDSEH.Sys
0xF77B0000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7780000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF69D3000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF69BF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7A00000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF699B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7A08000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7790000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF77A0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF77C0000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6978000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7A10000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF6950000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7AEC000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xF6905000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xF68CE000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xF7C3D000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF77D0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7AF0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF68B7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77E0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77F0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7A18000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF68A6000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7800000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7A20000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7A28000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7820000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A30000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7A38000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B70000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6848000 \SystemRoot\system32\DRIVERS\update.sys
0xF7B00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7830000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xF7840000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7850000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B7E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF3E3E000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF3E1A000 \SystemRoot\system32\drivers\portcls.sys
0xF7860000 \SystemRoot\system32\drivers\drmk.sys
0xF7870000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xF7ABC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7880000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7920000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7B84000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CF4000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B86000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7930000 \SystemRoot\System32\drivers\vga.sys
0xF7B88000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B8A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7940000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7948000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7AC4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF3D97000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF3D3E000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF3CF6000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xF3CCE000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF3CAC000 \SystemRoot\System32\drivers\afd.sys
0xF78A0000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7950000 \SystemRoot\System32\Drivers\StarOpen.SYS
0xF3C81000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF3C11000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF6DC3000 \SystemRoot\System32\Drivers\Fips.SYS
0xF3BEB000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7958000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF6DA3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF6D93000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF3B0F000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xF6834000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF682C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF3AC3000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF3A33000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7BEA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF3ABB000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7918000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D86000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xB9CFC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB9A53000 \SystemRoot\system32\drivers\wdmaud.sys
0xF6D73000 \SystemRoot\system32\drivers\sysaudio.sys
0xB979B000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB94D6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB95DB000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xB93A5000 \SystemRoot\System32\Drivers\HTTP.sys
0xB92D5000 \SystemRoot\system32\DRIVERS\srv.sys
0xB96BB000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xB9145000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xB89C2000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 49):
0 System Idle Process
4 System
652 C:\WINDOWS\system32\smss.exe
700 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
760 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
892 csrss.exe
920 C:\WINDOWS\system32\winlogon.exe
968 C:\WINDOWS\system32\services.exe
980 C:\WINDOWS\system32\lsass.exe
1132 C:\WINDOWS\system32\svchost.exe
1200 svchost.exe
1292 C:\WINDOWS\system32\svchost.exe
1348 svchost.exe
1492 svchost.exe
1728 C:\WINDOWS\system32\spoolsv.exe
1736 C:\WINDOWS\explorer.exe
204 C:\WINDOWS\RTHDCPL.EXE
260 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
300 C:\hp\KBD\kbd.exe
604 C:\WINDOWS\PixArt\PAC207\Monitor.exe
644 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
692 C:\Program Files\Java\jre6\bin\jusched.exe
852 C:\Program Files\AVG\AVG10\avgtray.exe
844 C:\WINDOWS\system32\ctfmon.exe
1240 C:\Program Files\Windows Media Player\wmpnscfg.exe
1392 C:\Program Files\FinePixViewer\QuickDCF2.exe
1680 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
2024 svchost.exe
192 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
144 C:\Program Files\AVG\AVG10\avgwdsvc.exe
268 C:\WINDOWS\system32\bgsvcgen.exe
248 C:\Program Files\Bonjour\mDNSResponder.exe
516 C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
580 C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
1996 C:\WINDOWS\system32\svchost.exe
1664 C:\Program Files\Java\jre6\bin\jqs.exe
1944 C:\WINDOWS\system32\nvsvc32.exe
2220 C:\WINDOWS\system32\svchost.exe
2388 C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
2492 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
2540 C:\Program Files\AVG\AVG10\avgnsx.exe
2568 C:\Program Files\AVG\AVG10\avgemcx.exe
2584 C:\WINDOWS\system32\wuauclt.exe
2672 wmpnetwk.exe
1280 alg.exe
484 C:\WINDOWS\system32\wuauclt.exe
2624 <unknown>
2852 C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe
2736 C:\Program Files\AVG\AVG10\avgmfapx.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000011`3a4ec000 (FAT32)

PhysicalDrive0 Model Number: HDS728080PLAT20, Rev: PF2OA28A

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 4A3BF69CA3259413E25A52D6E01242850E3B0E3A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


ComboFix 11-03-11.02 - Compaq_Owner 12/03/2011 11:06:22.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.958.634 [GMT 0:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-02-12 to 2011-03-12 )))))))))))))))))))))))))))))))
.
.
2011-03-12 10:49 . 2009-06-30 10:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-03-03 19:15 . 2011-03-03 19:15 -------- d-----w- c:\program files\ESET
2011-03-03 12:50 . 2011-03-03 12:52 -------- d-----w- c:\program files\Panda Security
2011-03-03 10:05 . 2011-03-03 10:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-03-03 09:51 . 2011-03-03 10:22 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Axbea
2011-03-03 09:51 . 2011-03-03 10:16 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Qyex
2011-03-03 09:50 . 2011-03-03 09:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-03 09:39 . 2011-03-03 09:39 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2011-03-03 09:39 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-03 09:39 . 2011-03-03 09:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-03 09:39 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-03 09:39 . 2011-03-03 09:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-03 09:33 . 2011-03-03 09:33 -------- d-----w- c:\documents and settings\Administrator
2011-03-03 08:42 . 2008-04-13 19:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-03-03 08:42 . 2008-04-13 19:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-03-03 08:42 . 2001-08-17 13:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-03 08:42 . 2001-08-17 13:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-03-03 08:42 . 2008-04-13 19:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-03-03 08:42 . 2008-04-13 19:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2011-02-27 11:13 . 2011-03-03 10:22 -------- d-----w- c:\documents and settings\All Users\Application Data\hFpBaPb06308
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-04 04:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 04:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 04:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 04:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-04 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-04 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-04 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-04 04:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 04:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-19 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"nwiz"="nwiz.exe" [2006-01-24 1519616]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"EPSON Stylus Photo RX620 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE" [2004-05-19 98304]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"EPSON Stylus Photo RX620 Series (Copy 2)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE" [2004-05-19 98304]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"EPSON Stylus Photo RX620 Series (Copy 3)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE" [2004-05-19 98304]
"EPSON Stylus Photo RX620 Series (Copy 4)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE" [2004-05-19 98304]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Exif Launcher 2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2006-11-2 294912]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-24 27136]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Ryanair Bargains 1.0.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\Ryanair Bargains 1.0.lnk
backup=c:\windows\pss\Ryanair Bargains 1.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 17:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 11:01 319488 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2006-02-24 18:46 147456 ----a-w- c:\program files\CyberLink\PowerCinema\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-01-19 16:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/03/2011 10:49 28552]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [14/05/2007 10:26 508288]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PAVBOOT
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-03-12 c:\windows\Tasks\User_Feed_Synchronization-{7F96E3C4-052F-4733-A97C-8F467FB28FB3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.talktalk.co.uk/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=63&bd=PRESARIO&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=63&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://www.tiscali.co.uk/broadband
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: p0rt2.com
TCP: {BE252E96-B805-4932-A296-184E9F30893B} = 194.72.9.34,194.72.0.98
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-PCDrProfiler - (no file)
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
MSConfigStartUp-SpeedTouch USB Diagnostics - c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe
MSConfigStartUp-STManager - c:\program files\SpeedTouch\Dr SpeedTouch\drst.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 - c:\program files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-12 11:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-03-12 11:13:17
ComboFix-quarantined-files.txt 2011-03-12 11:13
.
Pre-Run: 59,952,365,568 bytes free
Post-Run: 60,045,729,792 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 29A74A8383BC957635D3282131EDB8A2
 
Looks good.

How is computer doing?

You can reinstall AVG at any time now.

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Broni,

I will go ahead and install AVG 2011, the system seems quicker and I have noticed no more random popups during internet explorer sessions. The OTL ,scan only gave one log as shown below,

Thanks.

OTL logfile created on: 12/03/2011 19:42:37 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

958.00 Mb Total Physical Memory | 637.00 Mb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.90 Gb Total Space | 55.95 Gb Free Space | 81.20% Space Free | Partition Type: NTFS
Drive D: | 5.61 Gb Total Space | 0.17 Gb Free Space | 3.09% Space Free | Partition Type: FAT32

Computer Name: YOUR-C94F920E24 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/12 19:41:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe
PRC - [2006/04/04 18:27:00 | 000,294,912 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- C:\Program Files\FinePixViewer\QuickDCF2.exe
PRC - [2006/02/24 18:47:02 | 000,114,784 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2006/02/24 18:47:00 | 000,266,338 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2006/02/24 18:46:20 | 001,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2006/02/15 14:34:58 | 000,249,856 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
PRC - [2005/04/30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe


========== Modules (SafeList) ==========

MOD - [2011/03/12 19:41:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/05/03 21:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2006/02/24 18:47:02 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/02/24 18:47:00 | 000,266,338 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/02/24 18:46:20 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/04/30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)


========== Driver Services (SafeList) ==========

DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/06/16 10:12:29 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007/05/14 10:26:10 | 000,508,288 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2006/03/08 13:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 14:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 14:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 16:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/30 16:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 16:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 16:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005/03/09 14:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 14:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/08 10:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 10:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=63&bd=PRESARIO&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=63&bd=PRESARIO&pf=desktop
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=63&bd=PRESARIO&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=63&bd=PRESARIO&pf=desktop
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2077987376-2347476677-2580861467-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=63&bd=PRESARIO&pf=desktop
IE - HKU\S-1-5-21-2077987376-2347476677-2580861467-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2077987376-2347476677-2580861467-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2077987376-2347476677-2580861467-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.talktalk.co.uk/
IE - HKU\S-1-5-21-2077987376-2347476677-2580861467-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2077987376-2347476677-2580861467-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2077987376-2347476677-2580861467-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\


O1 HOSTS File: ([2011/03/12 11:10:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-2077987376-2347476677-2580861467-1008\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2077987376-2347476677-2580861467-1008\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2077987376-2347476677-2580861467-1008\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus Photo RX620 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus Photo RX620 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus Photo RX620 Series (Copy 3)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus Photo RX620 Series (Copy 4)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher 2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJI PHOTO FILM CO., LTD.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2077987376-2347476677-2580861467-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2077987376-2347476677-2580861467-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2077987376-2347476677-2580861467-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2077987376-2347476677-2580861467-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2077987376-2347476677-2580861467-1008\..Trusted Domains: p0rt2.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 16:32:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/12 19:41:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2011/03/12 11:05:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/12 11:03:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/12 11:03:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/12 11:03:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/12 11:03:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/12 11:03:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/12 11:03:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/03/12 10:54:46 | 006,225,384 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\AppRemover.exe
[2011/03/12 10:49:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/12 10:49:21 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2011/03/10 22:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Tech
[2011/03/10 22:20:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Geek
[2011/03/10 12:27:50 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Compaq_Owner\Desktop\TDSSKiller.exe
[2011/03/09 18:51:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\old
[2011/03/03 19:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/03 12:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/03/03 10:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/03/03 10:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/03/03 09:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Qyex
[2011/03/03 09:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Axbea
[2011/03/03 09:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/03 09:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/03/03 09:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
[2011/03/03 09:39:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/03 09:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/03 09:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/03 09:39:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/03 09:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/03 09:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/03 09:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/03 09:14:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/02/27 11:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\hFpBaPb06308

========== Files - Modified Within 30 Days ==========

[2011/03/12 19:44:35 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7F96E3C4-052F-4733-A97C-8F467FB28FB3}.job
[2011/03/12 19:42:36 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/03/12 19:41:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2011/03/12 19:40:49 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/03/12 19:40:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/12 19:40:42 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/12 11:10:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/12 11:05:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/03/12 10:54:49 | 006,225,384 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\AppRemover.exe
[2011/03/12 10:53:19 | 000,530,078 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\AVGInstLog.cab
[2011/03/12 10:46:40 | 004,286,091 | R--- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2011/03/12 10:43:08 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe
[2011/03/11 14:30:06 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Compaq_Owner\Desktop\TDSSKiller.exe
[2011/03/11 14:29:45 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\tdsskiller.zip
[2011/03/10 22:54:45 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/10 22:41:29 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
[2011/03/10 22:25:38 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\bfkc4zf2.exe
[2011/03/10 22:09:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/03 12:46:50 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/03/03 09:39:22 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/03 09:13:33 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/02/13 09:27:20 | 000,189,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/12 16:11:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/12 11:41:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/12 10:50:46 | 000,199,425 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

========== Files Created - No Company Name ==========

[2011/03/12 11:03:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/12 11:03:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/12 11:03:18 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/12 11:03:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/12 11:03:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/12 10:53:13 | 000,530,078 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\AVGInstLog.cab
[2011/03/12 10:46:40 | 004,286,091 | R--- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2011/03/12 10:43:08 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe
[2011/03/11 14:29:36 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\tdsskiller.zip
[2011/03/10 22:41:28 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
[2011/03/10 22:25:37 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\bfkc4zf2.exe
[2011/03/03 10:24:35 | 1005,113,344 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/03 09:39:22 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/03 09:13:33 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2009/09/17 16:16:01 | 000,035,536 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/12 14:46:16 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/06/12 14:46:16 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/06/12 14:46:16 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/06/12 14:46:16 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/06/12 14:46:16 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/06/12 14:46:16 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/06/12 14:46:16 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/06/12 14:46:16 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/06/12 14:46:16 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/06/12 14:46:16 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/06/12 14:46:16 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/06/12 14:46:16 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/06/12 14:46:16 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/06/12 14:46:16 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/06/12 14:46:16 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/06/12 14:46:16 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/03/13 13:30:07 | 000,000,314 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2008/08/13 10:47:56 | 000,000,053 | ---- | C] () -- C:\WINDOWS\P2kRotate.ini
[2008/04/07 14:27:20 | 000,124,880 | ---- | C] () -- C:\WINDOWS\bw6uinst.exe
[2008/04/07 13:58:46 | 000,000,078 | ---- | C] () -- C:\WINDOWS\readplay.ini
[2007/10/10 13:45:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2007/08/07 07:58:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2007/08/07 07:40:52 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/01/24 13:35:49 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/01/19 16:24:58 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/03 19:24:04 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/01/03 19:22:43 | 000,008,818 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2006/12/29 18:17:45 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/12/29 18:15:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\lfd.dat
[2006/12/29 18:15:23 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\oiso.bin
[2006/11/02 09:27:46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2006/10/04 10:19:53 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/10/02 12:55:06 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/10/02 12:44:56 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2006/10/02 12:44:56 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2006/10/02 12:44:56 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2006/10/02 12:44:23 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/10/02 12:44:23 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/10/02 12:44:23 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/10/02 12:40:37 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE RX620EI.ini
[2006/10/02 12:22:48 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2006/05/24 21:03:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/24 20:40:41 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/05/24 20:36:21 | 000,012,986 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/05/24 20:36:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/05/24 20:30:27 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006/05/24 20:27:32 | 000,000,102 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/24 20:22:15 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/05/24 20:20:56 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/05/24 20:18:02 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/24 20:18:02 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/05/24 20:18:02 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/24 20:18:02 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/05/24 20:18:02 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/24 20:18:02 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/05/24 20:18:02 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/24 20:18:02 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/24 20:18:01 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/05/24 20:18:01 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/05/24 20:18:01 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/05/24 20:02:40 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/24 19:59:28 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/05/24 19:59:28 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/05/24 19:59:11 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 17:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/12/05 16:49:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/05 16:36:34 | 000,382,466 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/12/05 16:36:34 | 000,053,892 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/12/05 16:34:46 | 000,189,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/05 16:31:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/05 16:30:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/24 12:10:06 | 000,000,573 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/23 15:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 15:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2010/10/19 09:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/19 09:52:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/03 10:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hFpBaPb06308
[2006/10/02 12:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2008/10/07 06:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/09/17 08:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/03/03 10:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Axbea
[2007/01/21 13:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\EPSON
[2006/11/02 11:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\FUJIFILM
[2006/10/30 12:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2011/03/03 10:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Qyex
[2007/08/07 08:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Samsung
[2007/02/06 09:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Smart Panel
[2007/01/03 19:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template
[2007/08/08 15:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WinBatch
[2011/03/12 19:44:35 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7F96E3C4-052F-4733-A97C-8F467FB28FB3}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/12/05 16:32:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/09/02 18:00:32 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2011/03/12 11:05:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/04 04:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2008/06/18 14:52:13 | 000,000,074 | ---- | M] () -- C:\CMLoader.log
[2011/03/12 11:13:17 | 000,012,120 | ---- | M] () -- C:\ComboFix.txt
[2005/12/05 16:32:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/03/03 09:13:33 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/03/12 19:40:42 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2005/12/05 16:32:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/26 13:17:37 | 000,000,725 | -H-- | M] () -- C:\IPH.PH
[2005/12/05 16:32:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/19 15:30:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/16 18:14:00 | 000,230,432 | ---- | M] () -- C:\PA207.DAT
[2011/03/12 19:40:41 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys
[2011/03/11 14:34:06 | 000,040,980 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_11.03.2011_14.30.41_log.txt
[2008/06/16 13:59:42 | 000,000,382 | ---- | M] () -- C:\twacker.log

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >
[2006/02/19 02:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2005/12/05 16:31:36 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/12/05 16:23:36 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/12/05 16:23:36 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/19 15:38:52 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/09/22 11:17:45 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/12/05 16:35:30 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/03/12 10:54:49 | 006,225,384 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\AppRemover.exe
[2011/03/10 22:25:38 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\bfkc4zf2.exe
[2011/03/12 10:46:40 | 004,286,091 | R--- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2011/03/12 10:43:08 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBRCheck.exe
[2011/03/12 19:41:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2011/03/11 14:30:06 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Compaq_Owner\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 04:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/09/22 11:17:44 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Favorites\Desktop.ini
[2006/05/24 20:44:21 | 000,001,875 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Favorites\Visit eBay.co.uk.lnk
[2006/05/24 20:45:02 | 000,001,884 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Favorites\Yahoo! UK & Ireland.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/03/12 19:44:32 | 000,491,520 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 00:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/03 17:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/03 17:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 14:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 17:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 00:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/03 17:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/03 17:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/03 17:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/03 17:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/03 17:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1998/05/07 09:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\Compaq_Owner\My Documents\YELLOW BRICK RD.dvd:Afp_AfpInfo

< End of report >
 
Good news then :)

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-2077987376-2347476677-2580861467-1008\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-21-2077987376-2347476677-2580861467-1008\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2011/03/03 09:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Qyex
    [2011/03/03 09:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Axbea
    [2011/02/27 11:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\hFpBaPb06308
    @Alternate Data Stream - 48 bytes -> C:\Documents and Settings\Compaq_Owner\My Documents\YELLOW BRICK RD.dvd:Afp_AfpInfo
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Broni,

Ok I will do that but before then I have just re-installed AVG 2011 and it has found what I think are false positives, I have seen this virus popping up on many discussions lately on your forum and I have attached the log file for your viewing.

I'm now worried the AVG has quarantined files and programs I use, see what you think.

Just for your information I have NOT completed your above mentioned task and await further instructions.

Thanks,


"Scan ""Whole computer scan"" completed."
"Infections";"158";"158";"0"
"Folders selected for scanning:";"Whole computer scan"
"Scan started:";"12 March 2011, 20:10:07"
"Scan finished:";"12 March 2011, 21:17:30 (1 hour(s) 7 minute(s) 22 second(s))"
"Total object scanned:";"602046"
"User who launched the scan:";"Compaq_Owner"

"Infections"
"";"File";"Infection";"Result"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190315.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190314.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190313.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190312.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190311.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190310.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190309.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190308.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190307.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190306.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190305.exe";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190304.exe";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190303.exe";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190302.exe";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190301.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190300.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190299.exe";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190298.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190297.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190296.exe";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190295.exe";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190294.exe";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190293.exe";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190292.exe";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190291.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190290.exe";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190289.exe";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190288.exe";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190287.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190286.exe";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190285.exe";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190284.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190283.exe";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190282.exe";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190281.exe";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190280.exe";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190279.exe";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190278.exe";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190277.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190276.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\xcopy.exe";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\winlogon.exe";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\userinit.exe";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\taskmgr.exe";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\svchost.exe";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\spoolsv.exe";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\services.exe";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\RPONOFF.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\regsvr32.exe";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\regedt32.exe";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\PROUnstl.exe";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\PING.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\PEER.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\ODBCAD32.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\NET.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\mount.exe";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\makecab.exe";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\LogViewer.exe";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\FATFMT32.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\expand.exe";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\DSKPART.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\drivers\PROUnstl.exe";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\dmadmin.exe";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\DISKPART.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\CLIPSRV.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\chkdsk.exe";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\system32\attrib.exe";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\PC-Doctor 5 for Win PE\RunProfiler.exe";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\PC-Doctor 5 for Win PE\PCDrNDISUIOInstaller.exe";"Virus found Win32/Murof";"Healed"
"";"D:\MiniNT\PC-Doctor 5 for Win PE\pcdrexdx.exe";"Virus found Win32/Murof";"Healed"
"";"D:\I386\APPS\APP02791\src\BIN\IMGESN.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\I386\APPS\APP02791\src\BIN\IMGENU.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\I386\APPS\APP02791\src\BIN\IMGDEU.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\I386\APPS\APP02791\src\BIN\IMGDAN.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\I386\APPS\APP02791\src\BIN\IMGCHT.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\I386\APPS\APP02791\src\BIN\IMGCHS.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\I386\APPS\APP02791\src\BIN\CONTENT.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\I386\APPS\APP00682\SUPPORT\TOOLS\MSRDPCLI.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\I386\APPS\APP00682\SUPPORT\TOOLS\FASTWIZ.EXE";"Virus found Win32/Murof";"Healed"
"";"D:\I386\APPS\APP00682\SUPPORT\TOOLS\ACT20.EXE";"Virus found Win32/Murof";"Healed"
"";"C:\Temp\ytb612_efgsip.exe";"Virus found Win32/Murof";"Healed"
"";"C:\Temp\psa30se_en_us.exe";"Virus found Win32/Murof";"Healed"
"";"C:\Temp\AdbeRdr708_en_US.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190275.EXE";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190274.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190273.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190272.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190271.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190270.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190269.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190268.EXE";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190267.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190266.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190265.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190264.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190263.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190262.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190261.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190260.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190259.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190258.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190257.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190256.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190255.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190254.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190253.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190252.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190251.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190250.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190249.EXE";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190248.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190247.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190246.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190245.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190244.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190243.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190242.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190241.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190240.exe";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP708\A0190239.EXE";"Virus found Win32/Murof";"Healed"
"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP703\A0189632.exe";"Trojan horse Cryptic.CHT";"Moved to Virus Vault"
"";"C:\Python22\w9xpopen.exe";"Virus found Win32/Murof";"Healed"
"";"C:\Python22\UNWISE.EXE";"Virus found Win32/Murof";"Healed"
"";"C:\Python22\Removepywin32.exe";"Virus found Win32/Murof";"Healed"
"";"C:\Python22\pythonw.exe";"Virus found Win32/Murof";"Healed"
"";"C:\Python22\python.exe";"Virus found Win32/Murof";"Healed"
"";"C:\Python22\Lib\site-packages\win32\win32popenWin9x.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\VINETLINK\autorun.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\register\REGINIT.EXE";"Virus found Win32/Murof";"Healed"
"";"C:\hp\recovery\wizard\fscommand\WizardLink.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\recovery\wizard\fscommand\SysRecoveryLink.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\recovery\wizard\fscommand\RunLink.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\recovery\wizard\fscommand\RTCDLink.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\recovery\wizard\fscommand\RestoreLink.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\recovery\wizard\fscommand\RecordnowLink.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\recovery\wizard\fscommand\CreatorLink.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\recovery\wizard\fscommand\CDLogic.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\recovery\wizard\fscommand\AppRecoveryLink.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\recovery\bin\PE_Patch.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\drivers\video_nVidia_UMA\setup.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\drivers\video_nVidia_UMA\nvudisp.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\drivers\Realtek_HD_Audio\SoundMan.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\drivers\Realtek_HD_Audio\RtlUpd.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\drivers\Realtek_HD_Audio\Alcmtr.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\bin\SetIni.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\bin\SendKey.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\bin\RPCOPY.EXE";"Virus found Win32/Murof";"Healed"
"";"C:\hp\bin\Python-2.2.3.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\bin\KillWind.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\bin\HPLocale.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\bin\HPCONTXT.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\bin\FullScreen.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\bin\Finis.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\bin\Dumpel.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\bin\CleanRec.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\bin\autorun.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\bin\automod32.exe";"Virus found Win32/Murof";"Healed"
"";"C:\hp\bin\ASK.EXE";"Virus found Win32/Murof";"Healed"
 
Broni,

I presume you have heard of this recent problem then?

The only file I can see it has removed to the vault is shown below.

"";"C:\System Volume Information\_restore{D5F7A20F-1294-41E9-A947-A77075103E2E}\RP703\A0189632.exe";"Trojan horse Cryptic.CHT";"Moved to Virus Vault"

I did experience this before I posted on this forum and tried to restore the files but with no success.

I will now continue with the rest of your fix and post the results in a few minutes.

Thanks.
 
That particular entry doesn't matter. It's one of your restore points, so no harm done, if it was removed.
 
Broni,

I have now completed the following,

Java update completed but during the removal the JavaRa program crashed at the end I think I have included the log file generated.

OTL scans and fix completed log files shown below

Security check scans completed log files shown below.

I have NOT completed an ESET scan yet as I know this could take some time, I thought I would let you look through the log files first and post the results of the ESET scan later.

Thanks.


JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Mar 12 23:07:38 2011

Found and removed: C:\Program Files\Java\jre1.5.0_05

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_11

Found and removed: C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_12

Found and removed: C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_13

Found and removed: C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_15

Found and removed: C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_17

Found and removed: Software\JavaSoft\Java2D\1.5.0_05

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510005

Found and removed: SOFTWARE\Classes\JavaPlugin.150_05

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150050}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\Classes\JavaPlugin.160_07

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_05

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\JavaPlugin.160_07

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_07

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_07

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Mar 12 23:08:19 2011

------------------------------------

Finished reporting.



All processes killed
========== OTL ==========
Error: Unable to stop service pavboot!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pavboot deleted successfully.
C:\WINDOWS\system32\drivers\pavboot.sys moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-2077987376-2347476677-2580861467-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-2077987376-2347476677-2580861467-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\Compaq_Owner\Application Data\Qyex folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Axbea folder moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\hFpBaPb06308\ not found.
ADS C:\Documents and Settings\Compaq_Owner\My Documents\YELLOW BRICK RD.dvd:Afp_AfpInfo deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Compaq_Owner
->Temp folder emptied: 10520243 bytes
->Temporary Internet Files folder emptied: 12044108 bytes
->Java cache emptied: 2027 bytes
->Flash cache emptied: 566 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2424966 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 28064 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 24.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Compaq_Owner
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03122011_231024

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2011
ESET Online Scanner v3
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
``````````End of Log````````````
 
Good going :)

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
 
Broni,

I'm unable to run the ESET scanner firstly your link seems to be broken and I get the following message when trying to run the scanner followed by an error not allowing me to continue.

See what you think.

Error Message reads:

You are trying to launch ESET Online Scanner in a different browser than Internet Explorer. Please agree to the download of ESET Smart Installer - an application which installs and launches ESET Online Scanner in a separate window. At the end of the scan, there will be an option to uninstall ESET Online Scanner and all its components.

To download ESET Smart Installer click the link below.

esetsmartinstaller_enu.exe
After successful installation of ESET Smart Installer is ESET Online Scanner launched in a new window.
 
Broni,

I get the following error message when I try to run the installer if this helps,

C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\FR40LYZF\esetsmartinstaller_enu[1].exe is not a valid Win32 application.
 
Try this scan instead....

Please run a BitDefender Online Scan

  • Disable your antivirus program.
  • Click Start Scanner button.
  • Click Free scan now button
  • Allow browser plug-in to be installed when prompted.
  • Click I Agree to agree to the EULA.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on View report.
  • Notepad will open with scan results.
  • Save the report to your desktop and post its content in your next reply.
 
Broni,

BitDefender failed to update its virus definitions although it is giving me the option to continue the scan anyway although the results will properly not be 100% accurate.

Do you want me to continue with the scan?
 
Broni,

Just a side note I have disabled AVG real time protection although you did say in one of your earlier posts that AVG may interfere with other scans, could this be the case and should I remove it?
 
Status
Not open for further replies.
Back