1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Possible Virus problem

Discussion in 'Malware and Virus Removal Archive' started by markemark, 2010/10/10.

  1. 2010/10/10
    markemark

    markemark Inactive Thread Starter

    Joined:
    2010/10/10
    Messages:
    16
    Likes Received:
    0
    [Resolved] Possible Virus problem

    I was on youtube and clicked on a video. Some scan started on my computer. I was not able to stop the scan. I disconnected the computer from the internet and attempted to open my task manager, it would not open. I tried to open add and remove programs, it would not open.

    I was not able to access system restore. So I shut down the computer and rebooted in safe mode. I was able to use system restore from safe mode and everything seems to be working.

    I need to know if something was left behind after the system restore

    Here is the DDS log


    DDS (Ver_10-10-10.03) - NTFSx86
    Run by Mark Farrar at 8:43:01.06 on Sun 10/10/2010
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2404 [GMT -5:00]

    AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\PC Tools Firewall Plus\FWService.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Orbitdownloader\orbitdm.exe
    C:\Program Files\Orbitdownloader\orbitnet.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Documents and Settings\Mark Farrar\Desktop\dds.pif

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uSearch Page = hxxp://www.live.com
    uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
    TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
    uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe "
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [8169Diag] c:\program files\realtek\diagnostics utility\8169Diag.exe /hw
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe "
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe "
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
    mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [SearchSettings] c:\program files\pdfforge toolbar\SearchSettings.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\markfa~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d8053\Belkinwcui.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    Filter: text/html - {f37f0ce1-ea57-4139-bfd2-6b281ddd2987} -
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-9-26 165584]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-10-10 233136]
    R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-26 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-10 40384]
    R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-9-26 12672]
    R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2009-9-16 8960]
    R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-10-10 88040]
    R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2010-10-10 818432]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-10 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-10 40384]
    R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2009-9-16 11264]
    R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-10-10 70664]
    R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2010-10-10 58816]
    R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2010-10-10 115216]
    R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-7-28 517632]
    S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-9-16 16640]

    =============== Created Last 30 ================

    2010-10-10 13:21:01 -------- d-----w- c:\docume~1\markfa~1\applic~1\PCToolsFirewallPlus
    2010-10-10 13:19:30 38848 ----a-w- c:\windows\avastSS.scr
    2010-10-10 13:19:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-10-10 13:12:04 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2010-10-10 13:12:04 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2010-10-10 13:12:03 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2010-10-10 13:11:53 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
    2010-10-10 13:11:53 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
    2010-10-10 13:11:53 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
    2010-10-10 13:11:53 -------- d-----w- c:\program files\common files\PC Tools
    2010-10-10 13:11:52 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
    2010-10-10 13:11:49 -------- d-----w- c:\program files\PC Tools Firewall Plus
    2010-10-10 13:05:00 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2010-10-10 13:05:00 -------- d-----w- c:\windows\system32\wbem\Repository

    ==================== Find3M ====================

    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll

    ============= FINISH: 8:43:33.79 ===============

    Other DDS log


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-10.03)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/26/2009 4:01:48 PM
    System Uptime: 10/10/2010 8:24:05 AM (0 hours ago)

    Motherboard: Dell Inc. | | 0N185P
    Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 2926/266mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 466 GiB total, 406.641 GiB free.
    D: is CDROM ()
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP265: 7/12/2010 6:06:49 PM - System Checkpoint
    RP266: 7/13/2010 7:49:38 PM - System Checkpoint
    RP267: 7/14/2010 8:16:33 AM - Software Distribution Service 3.0
    RP268: 7/15/2010 9:08:55 AM - System Checkpoint
    RP269: 7/16/2010 2:17:04 PM - System Checkpoint
    RP270: 7/17/2010 3:43:17 PM - System Checkpoint
    RP271: 7/18/2010 7:10:42 PM - System Checkpoint
    RP272: 7/19/2010 7:35:21 PM - System Checkpoint
    RP273: 7/20/2010 9:04:57 PM - System Checkpoint
    RP274: 7/21/2010 10:54:44 PM - System Checkpoint
    RP275: 7/23/2010 3:05:48 PM - System Checkpoint
    RP276: 7/24/2010 3:40:25 PM - System Checkpoint
    RP277: 7/25/2010 6:45:41 PM - System Checkpoint
    RP278: 7/26/2010 7:34:19 PM - System Checkpoint
    RP279: 7/27/2010 9:48:41 PM - System Checkpoint
    RP280: 7/29/2010 7:57:49 AM - System Checkpoint
    RP281: 7/30/2010 9:10:50 AM - System Checkpoint
    RP282: 7/31/2010 2:43:28 PM - System Checkpoint
    RP283: 8/1/2010 5:31:15 PM - System Checkpoint
    RP284: 8/2/2010 5:47:50 PM - System Checkpoint
    RP285: 8/3/2010 8:08:45 AM - Software Distribution Service 3.0
    RP286: 8/4/2010 3:06:13 PM - System Checkpoint
    RP287: 8/5/2010 4:32:10 PM - System Checkpoint
    RP288: 8/6/2010 5:42:04 PM - System Checkpoint
    RP289: 8/7/2010 11:05:29 PM - System Checkpoint
    RP290: 8/9/2010 7:52:08 AM - System Checkpoint
    RP291: 8/10/2010 5:44:06 PM - System Checkpoint
    RP292: 8/11/2010 6:20:00 PM - System Checkpoint
    RP293: 8/11/2010 11:23:48 PM - Software Distribution Service 3.0
    RP294: 8/13/2010 7:08:56 AM - System Checkpoint
    RP295: 8/14/2010 9:46:50 AM - System Checkpoint
    RP296: 8/15/2010 10:30:38 AM - System Checkpoint
    RP297: 8/16/2010 3:17:56 PM - System Checkpoint
    RP298: 8/17/2010 4:23:01 PM - System Checkpoint
    RP299: 8/18/2010 5:11:22 PM - System Checkpoint
    RP300: 8/19/2010 5:11:33 PM - System Checkpoint
    RP301: 8/20/2010 7:12:00 PM - System Checkpoint
    RP302: 8/21/2010 9:07:37 PM - System Checkpoint
    RP303: 8/22/2010 9:48:47 PM - System Checkpoint
    RP304: 8/23/2010 10:10:56 PM - System Checkpoint
    RP305: 8/24/2010 10:49:11 PM - System Checkpoint
    RP306: 8/26/2010 8:42:17 AM - System Checkpoint
    RP307: 8/27/2010 3:39:55 PM - System Checkpoint
    RP308: 8/28/2010 5:18:29 PM - System Checkpoint
    RP309: 8/29/2010 6:51:25 PM - System Checkpoint
    RP310: 8/30/2010 8:06:59 PM - System Checkpoint
    RP311: 9/1/2010 9:15:31 AM - System Checkpoint
    RP312: 9/2/2010 10:39:21 AM - System Checkpoint
    RP313: 9/3/2010 10:37:20 PM - System Checkpoint
    RP314: 9/5/2010 11:56:00 AM - System Checkpoint
    RP315: 9/6/2010 4:43:43 PM - System Checkpoint
    RP316: 9/7/2010 5:07:15 PM - System Checkpoint
    RP317: 9/8/2010 6:01:08 PM - System Checkpoint
    RP318: 9/9/2010 6:01:59 PM - System Checkpoint
    RP319: 9/10/2010 8:14:47 PM - System Checkpoint
    RP320: 9/12/2010 10:41:04 AM - System Checkpoint
    RP321: 9/13/2010 11:55:39 AM - System Checkpoint
    RP322: 9/13/2010 11:48:49 PM - Software Distribution Service 3.0
    RP323: 9/15/2010 8:49:00 AM - System Checkpoint
    RP324: 9/15/2010 11:22:19 PM - Software Distribution Service 3.0
    RP325: 9/17/2010 8:20:41 AM - System Checkpoint
    RP326: 9/18/2010 9:56:53 AM - System Checkpoint
    RP327: 9/19/2010 10:17:03 AM - System Checkpoint
    RP328: 9/20/2010 11:13:17 AM - System Checkpoint
    RP329: 9/21/2010 12:48:15 PM - System Checkpoint
    RP330: 9/22/2010 2:08:01 PM - System Checkpoint
    RP331: 9/23/2010 3:26:47 PM - System Checkpoint
    RP332: 9/24/2010 5:54:57 PM - System Checkpoint
    RP333: 9/25/2010 9:38:09 PM - System Checkpoint
    RP334: 9/26/2010 10:42:31 PM - System Checkpoint
    RP335: 9/28/2010 9:14:06 AM - System Checkpoint
    RP336: 9/29/2010 10:32:22 AM - System Checkpoint
    RP337: 9/29/2010 9:30:14 PM - Software Distribution Service 3.0
    RP338: 9/30/2010 10:28:42 PM - System Checkpoint
    RP339: 10/2/2010 7:54:15 AM - System Checkpoint
    RP340: 10/3/2010 8:27:03 AM - System Checkpoint
    RP341: 10/4/2010 8:47:23 AM - System Checkpoint
    RP342: 10/5/2010 10:15:43 AM - System Checkpoint
    RP343: 10/6/2010 11:47:14 AM - System Checkpoint
    RP344: 10/6/2010 9:18:36 PM - Software Distribution Service 3.0
    RP345: 10/7/2010 10:05:25 PM - Software Distribution Service 3.0
    RP346: 10/9/2010 8:39:49 AM - System Checkpoint
    RP347: 10/10/2010 8:04:17 AM - Restore Operation
    RP348: 10/10/2010 8:19:27 AM - avast! Free Antivirus Setup

    ==== Installed Programs ======================


    µTorrent
    7-Zip 4.65
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9
    Amazon MP3 Downloader 1.0.10
    AnyDVD
    Apple Application Support
    Applian FLV Player
    Ask Toolbar
    ATI Catalyst Control Center
    ATI Display Driver
    AutoUpdate
    avast! Free Antivirus
    Belkin F5D8053 N Wireless USB Adapter
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Localization All
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help English
    CCC Help French
    CCC Help German
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Portuguese
    CCC Help Spanish
    CCC Help Turkish
    CloneDVD2
    CloneDVDmobile
    CPUID CPU-Z 1.52.2
    Dell Backup and Recovery Manager
    Dell Driver Download Manager
    Dell Support Center (Support Software)
    Diagnostics Utility
    DivX Codec
    DivX Version Checker
    DVD Flick 1.3.0.7
    FrostWire 4.18.3
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB953955)
    Hotfix for Windows XP (KB954434)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB958347)
    Hotfix for Windows XP (KB959252)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel® Matrix Storage Manager
    IrfanView (remove only)
    iTunes
    Java(TM) 6 Update 13
    Junk Mail filter update
    LightScribe System Software 1.10.16.1
    MagicDisc 2.7.106
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB927977)
    Nero 8 Essentials
    neroxml
    Orbit Downloader
    PC Tools Firewall Plus 6.0
    PDFCreator
    pdfforge Toolbar v1.1.2
    PowerDVD DX
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for 2007 Microsoft Office System (KB2277947)
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for 2007 Microsoft Office System (KB982331)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB982308)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2251419)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    SIM editor 4.0
    Skins
    Sonic CinePlayer Decoder Pack
    Switch Sound File Converter
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Outlook 2007 Junk Email Filter (kb2291599)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951618-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    VCRedistSetup
    WavePad Sound Editor
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format Runtime
    Windows Presentation Foundation
    Windows Search 4.0
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    YouTube Downloader 2.5.3

    ==== Event Viewer Messages From Past Week ========

    10/8/2010 8:22:09 AM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 0022758E7265 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).
    10/7/2010 8:17:15 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0022758E7265 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).
    10/7/2010 8:16:37 AM, error: Dhcp [1002] - The IP address lease 192.168.254.101 for the Network Card with network address 0022758E7265 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    10/5/2010 6:17:25 AM, error: Dhcp [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 0022758E7265 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).
    10/4/2010 8:06:15 AM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 0022758E7265 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).
    10/3/2010 8:03:39 AM, error: Dhcp [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 0022758E7265 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).
    10/10/2010 8:29:38 AM, error: Service Control Manager [7000] - The Diag69xp service failed to start due to the following error: Access is denied.
    10/10/2010 8:19:37 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    10/10/2010 8:06:32 AM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
    10/10/2010 8:01:46 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
    10/10/2010 8:01:33 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi ElbyCDIO Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    10/10/2010 8:01:33 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    10/10/2010 8:01:33 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/10/2010 8:01:33 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/10/2010 8:01:33 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    10/10/2010 8:00:46 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    10/10/2010 8:00:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/10/2010 8:00:11 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    ==== End Of File ===========================
     
  2. 2010/10/10
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,680
    Likes Received:
    104
    I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them, and read the links above for educational value!

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.
     

  3. to hide this advert.

  4. 2010/10/10
    markemark

    markemark Inactive Thread Starter

    Joined:
    2010/10/10
    Messages:
    16
    Likes Received:
    0
    Frostwire and utorrent have been removed from my system
     
  5. 2010/10/10
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,680
    Likes Received:
    104
    Wait for further instructions from a Malware removal expert, but your not running XP SP3 (thus vulnerable), and your Java is ancient (and thus easy to compromise). But do not make any other changes to your system just yet.
     
  6. 2010/10/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Uninstall Ask Toolbar, known adware.

    =================================================================

    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. 2010/10/10
    markemark

    markemark Inactive Thread Starter

    Joined:
    2010/10/10
    Messages:
    16
    Likes Received:
    0
    Here is the log from Malwarebytes

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4791

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    10/10/2010 1:30:27 PM
    mbam-log-2010-10-10 (13-30-27).txt

    Scan type: Quick scan
    Objects scanned: 150734
    Time elapsed: 4 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 3
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> Delete on reboot.
    C:\Documents and Settings\Mark Farrar\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.


    Here is the only log I could get from GMER. It quit working twice so the third time I ran irt in safe mode

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-10-10 17:01:48
    Windows 5.1.2600 Service Pack 3
    Running: 2r9vlypg.exe; Driver: C:\DOCUME~1\MARKFA~1\LOCALS~1\Temp\fwrcipoc.sys


    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Fastfat \Fat F680DD20

    ---- EOF - GMER 1.0.15 ----

    Here is the MBR Check log

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 144):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xF7987000 \WINDOWS\system32\KDCOM.DLL
    0xF7897000 \WINDOWS\system32\BOOTVID.dll
    0xF7358000 ACPI.sys
    0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7347000 pci.sys
    0xF7487000 isapnp.sys
    0xF7A4F000 pciide.sys
    0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7497000 MountMgr.sys
    0xF7328000 ftdisk.sys
    0xF798B000 dmload.sys
    0xF7302000 dmio.sys
    0xF770F000 PartMgr.sys
    0xF74A7000 VolSnap.sys
    0xF72EA000 atapi.sys
    0xF720F000 iaStor.sys
    0xF71F7000 jraid.sys
    0xF71DF000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    0xF74B7000 disk.sys
    0xF74C7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF71BF000 fltMgr.sys
    0xF71AD000 sr.sys
    0xF798D000 DLACDBHM.SYS
    0xF7196000 DRVMCDB.SYS
    0xF74D7000 PxHelp20.sys
    0xF717F000 KSecDD.sys
    0xF70F2000 Ntfs.sys
    0xF70C5000 NDIS.sys
    0xF70AB000 Mup.sys
    0xF7637000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF5A1C000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xF5A08000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF59E0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF781F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF59BC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7827000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF599C000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
    0xF7647000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF794B000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF5983000 \SystemRoot\System32\Drivers\AnyDVD.sys
    0xF7657000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF7667000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF5960000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF782F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xF7677000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF7B28000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF7687000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7957000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF5949000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF7697000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF76A7000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF7837000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF5938000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF76B7000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF783F000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF7847000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF5908000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF658D000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF784F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF7857000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF657D000 \SystemRoot\system32\DRIVERS\pctNdis.sys
    0xF58EB000 \SystemRoot\system32\DRIVERS\mcdbus.sys
    0xF79C5000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF588D000 \SystemRoot\system32\DRIVERS\update.sys
    0xF5DF2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF656D000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF79C7000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF76F7000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xAD058000 \SystemRoot\system32\drivers\AtiHdmi.sys
    0xAD034000 \SystemRoot\system32\drivers\portcls.sys
    0xADF82000 \SystemRoot\system32\drivers\drmk.sys
    0xACABA000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xA80B3000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xA597E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xA6212000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xA80A7000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF79B5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xA444E000 \SystemRoot\System32\Drivers\Null.SYS
    0xF79B7000 \SystemRoot\System32\Drivers\Beep.SYS
    0xA61FA000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
    0xA61F2000 \SystemRoot\System32\drivers\vga.sys
    0xF79B9000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF79BB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xA4DD7000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xA4DCF000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xA5BF7000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA3405000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA33AC000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xA3375000 \??\C:\WINDOWS\system32\drivers\pctgntdi.sys
    0xA334F000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xA596E000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xA3327000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xA3305000 \SystemRoot\System32\drivers\afd.sys
    0xA45DB000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xA32DA000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA326A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA45CB000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA4DBF000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
    0xA3243000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xA4DAF000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0x99E49000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x98209000 \SystemRoot\system32\DRIVERS\rt2870.sys
    0x9ACDB000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x99DE9000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0x9A2C9000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x9812E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xA40E2000 \SystemRoot\System32\drivers\Dxapi.sys
    0xADB34000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0x98BD8000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF065000 \SystemRoot\System32\ati2cqag.dll
    0xBF0FE000 \SystemRoot\System32\atikvmag.dll
    0xBF182000 \SystemRoot\System32\atiok3x2.dll
    0xBF1CD000 \SystemRoot\System32\ati3duag.dll
    0xBF571000 \SystemRoot\System32\ativvaxx.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xACF8C000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x98376000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
    0xF7B0A000 \SystemRoot\System32\Drivers\DLADResM.SYS
    0x95F04000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS
    0xF77D7000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS
    0xACF78000 \SystemRoot\System32\Drivers\DLAPoolM.SYS
    0xAD113000 \SystemRoot\System32\Drivers\DLABMFSM.SYS
    0xAD10B000 \SystemRoot\System32\Drivers\DLABOIOM.SYS
    0x95EEE000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS
    0x95ED7000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS
    0x9A253000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0x95EC0000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0x95943000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0x95A68000 \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys
    0x957D4000 \SystemRoot\system32\DRIVERS\srv.sys
    0x957BF000 \SystemRoot\system32\drivers\wdmaud.sys
    0x95B68000 \SystemRoot\system32\drivers\sysaudio.sys
    0x9546D000 \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
    0x95C78000 \??\C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys
    0x9542A000 \??\C:\WINDOWS\system32\drivers\pctplfw.sys
    0x94C81000 \SystemRoot\System32\Drivers\HTTP.sys
    0xF774F000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x94936000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 59):
    0 System Idle Process
    4 System
    960 C:\WINDOWS\system32\smss.exe
    1312 csrss.exe
    1344 C:\WINDOWS\system32\winlogon.exe
    1388 C:\WINDOWS\system32\services.exe
    1400 C:\WINDOWS\system32\lsass.exe
    1636 C:\WINDOWS\system32\ati2evxx.exe
    1656 C:\WINDOWS\system32\svchost.exe
    1704 svchost.exe
    1908 C:\WINDOWS\system32\svchost.exe
    2000 svchost.exe
    240 svchost.exe
    320 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    372 C:\WINDOWS\system32\ati2evxx.exe
    748 C:\WINDOWS\explorer.exe
    936 C:\Program Files\Java\jre6\bin\jusched.exe
    948 C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
    956 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    992 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    996 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    1052 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    1076 C:\WINDOWS\RTHDCPL.EXE
    1092 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    1132 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    1216 C:\Program Files\iTunes\iTunesHelper.exe
    1236 C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    1268 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    1276 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    1300 C:\WINDOWS\system32\ctfmon.exe
    1296 C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    1532 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    1892 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    2040 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    600 C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
    728 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    1044 C:\Program Files\MagicDisc\MagicDisc.exe
    2864 C:\WINDOWS\system32\spoolsv.exe
    2944 svchost.exe
    2980 C:\Program Files\Application Updater\ApplicationUpdater.exe
    3048 C:\Program Files\Java\jre6\bin\jqs.exe
    3068 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    3080 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    3516 C:\Program Files\PC Tools Firewall Plus\FWService.exe
    3692 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    392 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    720 wdfmgr.exe
    348 C:\WINDOWS\system32\searchindexer.exe
    1964 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    2128 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    3348 C:\WINDOWS\system32\wuauclt.exe
    3448 C:\Program Files\iPod\bin\iPodService.exe
    4576 C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
    5224 alg.exe
    4784 C:\Program Files\Internet Explorer\iexplore.exe
    4920 C:\Program Files\Windows Live\Toolbar\wltuser.exe
    4224 C:\WINDOWS\system32\searchprotocolhost.exe
    4248 searchfilterhost.exe
    4480 C:\Documents and Settings\Mark Farrar\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD5000AAKS-75A7B2, Rev: 01.03B01

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
    SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B


    Done!
     
    Last edited: 2010/10/10
  8. 2010/10/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  9. 2010/10/10
    markemark

    markemark Inactive Thread Starter

    Joined:
    2010/10/10
    Messages:
    16
    Likes Received:
    0
    I thank you for your time and you fast response. It is sincerely apprciated. Thank you

    During the scan, I got a message that a file was unreadable and I should run Checkdisk Utility. Where is this program located? Should I wait until your done?

    Again thank you

    ComboFix 10-10-10.02 - Mark Farrar 10/10/2010 21:17:41.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2354 [GMT -5:00]
    Running from: c:\documents and settings\Mark Farrar\Desktop\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\pdfforge Toolbar\SearchSettings.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-11 to 2010-10-11 )))))))))))))))))))))))))))))))
    .

    2010-10-10 20:56 . 2010-10-10 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2010-10-10 18:23 . 2010-10-10 18:23 -------- d-----w- c:\documents and settings\Mark Farrar\Application Data\Malwarebytes
    2010-10-10 18:23 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-10 18:23 . 2010-10-10 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-10 18:23 . 2010-10-10 18:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-10 18:23 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-10 14:06 . 2010-10-10 14:07 -------- d-----w- c:\program files\SpywareBlaster
    2010-10-10 14:04 . 2010-10-10 14:04 -------- d-----w- c:\program files\CCleaner
    2010-10-10 13:05 . 2010-10-10 13:05 -------- d-----w- c:\windows\system32\wbem\Repository

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ------- Sigcheck -------

    [-] 2008-04-14 . 873E59A956BF580184D81D5B0FE662DB . 1033216 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM "= "c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "AnyDVD "= "c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-06-15 4398016]
    "Messenger (Yahoo!) "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
    "LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-20 455968]
    "DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-09-16 148888]
    "8169Diag "= "c:\program files\Realtek\Diagnostics Utility\8169Diag.exe" [2008-02-26 909312]
    "IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
    "StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-14 61440]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
    "PDVDDXSrv "= "c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
    "RTHDCPL "= "RTHDCPL.EXE" [2008-08-18 16806912]
    "GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "NeroFilterCheck "= "c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
    "DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "SearchSettings "= "c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]
    "00PCTFW "= "c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
    "avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator "= "Narrator.exe" [2008-04-14 53760]

    c:\documents and settings\Mark Farrar\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-9-27 576000]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Belkin F5D8053 N Wireless USB Adapter Utility.lnk - c:\program files\Belkin\F5D8053\Belkinwcui.exe [2007-9-17 1732608]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/26/2009 4:11 PM 165584]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [10/10/2010 8:12 AM 233136]
    R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/8/2010 1:51 AM 380928]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/26/2009 4:11 PM 17744]
    R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [10/10/2010 8:12 AM 88040]
    R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [10/10/2010 8:11 AM 70664]
    R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [10/10/2010 8:11 AM 58816]
    S2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [9/16/2009 5:02 PM 8960]
    S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [9/16/2009 5:02 PM 11264]
    S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [10/10/2010 8:11 AM 115216]
    S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [9/16/2009 5:02 PM 16640]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-09-20 02:46 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-10 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

    2010-03-13 c:\windows\Tasks\wavepadDowngrade.job
    - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2009-11-04 17:03]

    2010-08-08 c:\windows\Tasks\wavepadShakeIcon.job
    - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2009-11-04 17:03]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1344)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2010-10-10 21:20:20
    ComboFix-quarantined-files.txt 2010-10-11 02:20

    Pre-Run: 437,740,302,336 bytes free
    Post-Run: 438,061,568,000 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug= "do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 844F3D17311CCDF9A0D17EF383889067
     
  10. 2010/10/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)

    Combofix log looks clean now.

    ===============================================================

    1. Click Start, click Run, type chkdsk /f /r, and then click OK.
    2. At the command prompt, type Y to let the disk scanner run when you restart the computer.
    3. Restart the computer.
    4. Chkdsk will run.

    When done....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  11. 2010/10/11
    markemark

    markemark Inactive Thread Starter

    Joined:
    2010/10/10
    Messages:
    16
    Likes Received:
    0
    Had to go to bed, it was getting late.

    Here is the OTL.txt

    Part 1

    OTL logfile created on: 10/11/2010 8:44:30 AM - Run 1
    OTL by OldTimer - Version 3.2.15.0 Folder = C:\Documents and Settings\Mark Farrar\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465.72 Gb Total Space | 407.96 Gb Free Space | 87.60% Space Free | Partition Type: NTFS

    Computer Name: MARKSCOMP | User Name: Mark Farrar | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | File Age = 90 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/11 08:42:03 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark Farrar\Desktop\OTL.exe
    PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/06/15 09:25:08 | 004,398,016 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    PRC - [2010/01/12 11:41:00 | 003,168,216 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    PRC - [2010/01/08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
    PRC - [2009/11/09 11:20:14 | 000,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
    PRC - [2009/09/16 17:02:05 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
    PRC - [2009/05/21 12:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
    PRC - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/02/11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009/02/06 18:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
    PRC - [2009/02/04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2008/04/14 07:00:00 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/02/26 16:15:30 | 000,909,312 | ---- | M] (Realtek) -- C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
    PRC - [2007/09/17 19:15:30 | 001,732,608 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
    PRC - [2006/09/11 04:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/11 08:42:03 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark Farrar\Desktop\OTL.exe
    MOD - [2010/02/04 13:17:27 | 000,129,984 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll
    MOD - [2008/04/14 07:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/01/08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    SRV - [2009/11/09 11:20:14 | 000,818,432 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
    SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MARKFA~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/06/09 15:41:03 | 000,106,432 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
    DRV - [2010/01/13 08:59:28 | 000,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
    DRV - [2010/01/12 09:34:14 | 000,070,664 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
    DRV - [2010/01/07 12:40:26 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
    DRV - [2010/01/07 11:35:06 | 000,058,816 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)
    DRV - [2010/01/01 12:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV - [2009/11/23 13:54:20 | 000,088,040 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
    DRV - [2009/05/26 00:36:18 | 000,093,184 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV - [2009/05/26 00:35:52 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2009/05/25 17:16:06 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
    DRV - [2009/05/03 20:57:54 | 000,130,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
    DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2008/08/18 18:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
    DRV - [2008/08/18 17:20:06 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/04/14 07:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/14 07:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/04/14 00:16:22 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
    DRV - [2007/12/03 11:13:48 | 000,011,264 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)
    DRV - [2007/11/20 01:14:08 | 000,016,640 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
    DRV - [2007/11/20 01:04:50 | 000,008,960 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
    DRV - [2007/07/28 15:50:36 | 000,517,632 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
    DRV - [2007/07/23 15:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
    DRV - [2007/07/23 15:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2007/07/23 15:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2007/07/23 15:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2007/07/23 15:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2007/07/23 15:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2007/07/23 15:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2007/07/23 15:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2007/07/23 14:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2007/07/23 14:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2007/07/23 14:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2007/07/23 14:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
    DRV - [2001/08/17 21:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 21:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 21:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 21:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 21:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 20:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 20:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 20:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 20:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 20:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 20:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 20:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 20:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 20:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 20:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2010/10/10 21:19:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
    O4 - HKLM..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe (Realtek)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
    O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin F5D8053 N Wireless USB Adapter Utility.lnk = C:\Program Files\Belkin\F5D8053\Belkinwcui.exe (Belkin)
    O4 - Startup: C:\Documents and Settings\Mark Farrar\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Mark Farrar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mark Farrar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/10/11 08:42:00 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mark Farrar\Desktop\OTL.exe
    [2010/10/10 21:32:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/10/10 21:17:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/10/10 21:13:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/10/10 21:13:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/10/10 21:13:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/10/10 21:13:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/10/10 21:12:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/10/10 21:12:55 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2010/10/10 21:12:38 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/10 15:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    [2010/10/10 14:23:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010/10/10 13:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Farrar\Application Data\Malwarebytes
    [2010/10/10 13:23:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/10/10 13:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/10/10 13:23:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/10/10 13:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/10/10 13:23:18 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mark Farrar\Desktop\mbam-setup-1.46.exe
    [2010/10/10 09:18:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
    [2010/10/10 09:18:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
    [2010/10/10 09:18:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
    [2010/10/10 09:18:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
    [2010/10/10 09:18:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
    [2010/10/10 09:18:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
    [2010/10/10 09:18:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
    [2010/10/10 09:18:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
    [2010/10/10 09:18:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
    [2010/10/10 09:18:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
    [2010/10/10 09:18:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
    [2010/10/10 09:18:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
    [2010/10/10 09:18:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
    [2010/10/10 09:18:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
    [2010/10/10 09:18:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
    [2010/10/10 09:18:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
    [2010/10/10 09:18:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
    [2010/10/10 09:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
    [2010/10/10 09:05:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mark Farrar\Recent
    [2010/10/10 09:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2010/10/10 08:21:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Farrar\Application Data\PCToolsFirewallPlus
    [2010/10/10 08:19:30 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010/10/10 08:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/10/10 08:12:04 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
    [2010/10/10 08:12:04 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
    [2010/10/10 08:12:03 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
    [2010/10/10 08:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/10/10 08:11:53 | 000,070,664 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
    [2010/10/10 08:11:53 | 000,058,816 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis.sys
    [2010/10/10 08:11:53 | 000,032,680 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys
    [2010/10/10 08:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2010/10/10 08:11:52 | 000,115,216 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
    [2010/10/10 08:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Firewall Plus
    [2010/10/10 08:04:28 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2010/07/29 19:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Farrar\Desktop\rock wouldja
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/10/11 08:45:42 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\Mark Farrar\ntuser.dat
    [2010/10/11 08:42:03 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark Farrar\Desktop\OTL.exe
    [2010/10/10 23:43:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/10/10 23:42:34 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
    [2010/10/10 23:42:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/10/10 23:42:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/10/10 23:42:15 | 000,151,824 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
    [2010/10/10 23:42:12 | 3220,160,512 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/10 21:36:55 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mark Farrar\ntuser.ini
    [2010/10/10 21:31:37 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Backup and Recovery Manager.lnk
    [2010/10/10 21:19:37 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/10/10 21:19:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/10/10 21:17:04 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/10/10 21:10:47 | 003,876,864 | R--- | M] () -- C:\Documents and Settings\Mark Farrar\Desktop\ComboFix.exe
    [2010/10/10 17:08:13 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Mark Farrar\Desktop\MBRCheck.exe
    [2010/10/10 17:03:03 | 000,000,552 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/10/10 17:03:03 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/10/10 13:34:04 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mark Farrar\Desktop\2r9vlypg.exe
    [2010/10/10 13:23:53 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/10 13:23:19 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mark Farrar\Desktop\mbam-setup-1.46.exe
    [2010/10/10 09:18:32 | 000,579,408 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/10/10 09:18:32 | 000,496,380 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/10/10 09:18:32 | 000,091,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/10/10 09:06:45 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Mark Farrar\Desktop\SpywareBlaster.lnk
    [2010/10/10 09:04:05 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Mark Farrar\Desktop\CCleaner.lnk
    [2010/10/10 08:42:49 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\Mark Farrar\Desktop\dds.pif
    [2010/10/10 08:19:37 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/10/10 08:19:37 | 000,001,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/10/10 08:12:29 | 000,152,772 | ---- | M] () -- C:\Documents and Settings\Mark Farrar\My Documents\hosts.zip
    [2010/10/10 08:10:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
    [2010/10/05 18:30:51 | 000,000,131 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2010/09/26 12:31:38 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Mark Farrar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/09/26 12:31:38 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/09/22 01:25:08 | 003,175,618 | -H-- | M] () -- C:\Documents and Settings\Mark Farrar\Local Settings\Application Data\IconCache.db
    [2010/09/15 15:10:10 | 000,134,656 | ---- | M] () -- C:\Documents and Settings\Mark Farrar\My Documents\ApplicationInWordandWebCompatible_001.doc
    [2010/09/07 10:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010/09/07 10:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/09/07 09:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/08/16 18:22:29 | 000,012,213 | ---- | M] () -- C:\Documents and Settings\Mark Farrar\Desktop\GOOD DOG.docx
    [2010/08/16 17:33:34 | 000,011,848 | ---- | M] () -- C:\Documents and Settings\Mark Farrar\Desktop\SPEAKING SPANISH.docx
    [2010/08/12 19:12:32 | 000,731,279 | ---- | M] () -- C:\Documents and Settings\Mark Farrar\My Documents\0812001903.3g2
    [2010/08/12 19:11:34 | 000,609,212 | ---- | M] () -- C:\Documents and Settings\Mark Farrar\My Documents\0812001903.jpg
    [2010/08/12 07:05:52 | 000,267,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/08 23:37:17 | 000,019,012 | -H-- | M] () -- C:\Documents and Settings\Mark Farrar\Desktop\C_on_Seat-2.jpg
    [2010/08/08 09:47:57 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
    [2010/07/27 07:53:22 | 000,012,951 | ---- | M] () -- C:\Documents and Settings\Mark Farrar\My Documents\TOTALLY HITS 2010.docx
    [2010/07/25 12:12:16 | 003,442,840 | ---- | M] () -- C:\Documents and Settings\Mark Farrar\My Documents\totallyhits.docx
    [2010/07/25 10:31:44 | 000,665,649 | ---- | M] () -- C:\Documents and Settings\Mark Farrar\My Documents\0701002245.3g2
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/10/10 21:17:04 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/10/10 21:17:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/10/10 21:13:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/10/10 21:13:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/10/10 21:13:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/10/10 21:13:21 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/10/10 21:13:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/10/10 21:10:47 | 003,876,864 | R--- | C] () -- C:\Documents and Settings\Mark Farrar\Desktop\ComboFix.exe
    [2010/10/10 17:08:13 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Mark Farrar\Desktop\MBRCheck.exe
    [2010/10/10 17:03:49 | 3220,160,512 | -HS- | C] () -- C:\hiberfil.sys
    [2010/10/10 13:34:01 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mark Farrar\Desktop\2r9vlypg.exe
    [2010/10/10 13:23:53 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/10 09:18:40 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
    [2010/10/10 09:06:45 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Mark Farrar\Desktop\SpywareBlaster.lnk
    [2010/10/10 09:04:05 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Mark Farrar\Desktop\CCleaner.lnk
    [2010/10/10 08:42:46 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\Mark Farrar\Desktop\dds.pif
    [2010/10/10 08:19:37 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/10/10 08:12:29 | 000,152,772 | ---- | C] () -- C:\Documents and Settings\Mark Farrar\My Documents\hosts.zip
    [2010/10/10 08:12:04 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
    [2010/10/10 08:12:04 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
    [2010/10/10 08:12:03 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
    [2010/10/10 08:11:53 | 000,007,435 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.cat
    [2010/10/10 08:11:53 | 000,007,399 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctNdis-DNS.cat
    [2010/10/10 08:11:52 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplfw.cat
    [2010/10/05 10:15:41 | 005,242,880 | ---- | C] () -- C:\Documents and Settings\Mark Farrar\ntuser.dat
    [2010/09/15 15:10:10 | 000,134,656 | ---- | C] () -- C:\Documents and Settings\Mark Farrar\My Documents\ApplicationInWordandWebCompatible_001.doc
    [2010/08/16 17:52:30 | 000,012,213 | ---- | C] () -- C:\Documents and Settings\Mark Farrar\Desktop\GOOD DOG.docx
    [2010/08/16 17:24:55 | 000,011,848 | ---- | C] () -- C:\Documents and Settings\Mark Farrar\Desktop\SPEAKING SPANISH.docx
    [2010/08/12 19:17:26 | 000,731,279 | ---- | C] () -- C:\Documents and Settings\Mark Farrar\My Documents\0812001903.3g2
    [2010/08/12 19:17:26 | 000,665,649 | ---- | C] () -- C:\Documents and Settings\Mark Farrar\My Documents\0701002245.3g2
    [2010/08/12 19:17:26 | 000,609,212 | ---- | C] () -- C:\Documents and Settings\Mark Farrar\My Documents\0812001903.jpg
    [2010/08/08 23:37:50 | 000,019,012 | -H-- | C] () -- C:\Documents and Settings\Mark Farrar\Desktop\C_on_Seat-2.jpg
    [2010/07/25 12:11:38 | 003,442,840 | ---- | C] () -- C:\Documents and Settings\Mark Farrar\My Documents\totallyhits.docx
    [2010/01/31 15:47:33 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
    [2009/10/28 09:30:16 | 000,001,042 | ---- | C] () -- C:\WINDOWS\entpack.ini
    [2009/10/16 13:17:55 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/10/16 13:17:54 | 000,110,592 | ---- | C] () -- C:\Documents and Settings\Mark Farrar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/09/26 19:25:38 | 000,000,131 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2009/09/16 19:53:55 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
    [2009/09/16 19:51:56 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2009/09/16 17:08:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2009/09/16 17:03:44 | 000,000,298 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2008/04/25 16:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2006/07/13 06:36:36 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll

    ========== LOP Check ==========

    [2010/10/10 08:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2009/09/27 13:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
    [2009/10/15 19:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2009/11/23 18:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2009/09/26 19:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
    [2009/09/16 17:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2010/10/10 23:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/03/02 08:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2010/03/24 21:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Farrar\Application Data\Amazon
    [2010/06/02 19:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Farrar\Application Data\FMZilla
    [2010/10/07 18:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Farrar\Application Data\FrostWire
    [2009/10/01 21:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Farrar\Application Data\GrabPro
    [2009/11/23 18:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Farrar\Application Data\NCH Swift Sound
    [2010/10/10 09:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Farrar\Application Data\Orbit
    [2010/10/10 08:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Farrar\Application Data\PCToolsFirewallPlus
    [2010/01/31 17:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Farrar\Application Data\pdfforge
    [2010/01/31 17:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Farrar\Application Data\Search Settings
    [2010/05/08 12:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Farrar\Application Data\SlySoft
    [2010/10/10 09:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Farrar\Application Data\uTorrent
    [2009/09/16 17:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Farrar\Application Data\Windows Desktop Search
    [2009/09/26 16:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark Farrar\Application Data\Windows Search
    [2010/10/10 23:42:34 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
    [2010/03/13 11:54:02 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadDowngrade.job
    [2010/08/08 09:47:57 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

    ========== Purity Check ==========
     
  12. 2010/10/11
    markemark

    markemark Inactive Thread Starter

    Joined:
    2010/10/10
    Messages:
    16
    Likes Received:
    0
    Part 2

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/10/10 17:03:03 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/10/10 21:17:04 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2008/01/18 22:45:46 | 000,333,203 | RHS- | M] () -- C:\bootmgr
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/10/10 21:20:20 | 000,008,361 | ---- | M] () -- C:\ComboFix.txt
    [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2009/09/16 19:54:28 | 000,004,754 | RH-- | M] () -- C:\dell.sdr
    [2010/10/10 23:42:12 | 3220,160,512 | -HS- | M] () -- C:\hiberfil.sys
    [2008/04/25 16:29:32 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2008/04/25 16:29:32 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2008/04/14 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/14 07:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/10/10 23:42:05 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2008/04/25 16:29:00 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/07 10:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/04/25 04:21:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2008/04/25 04:21:09 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2008/04/25 04:21:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/04/25 16:29:41 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/09/26 16:02:02 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Mark Farrar\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2008/04/25 16:33:01 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Mark Farrar\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/10/10 13:34:04 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mark Farrar\Desktop\2r9vlypg.exe
    [2010/10/10 21:10:47 | 003,876,864 | R--- | M] () -- C:\Documents and Settings\Mark Farrar\Desktop\ComboFix.exe
    [2009/08/21 10:14:40 | 002,561,080 | ---- | M] () -- C:\Documents and Settings\Mark Farrar\Desktop\FLVPlayerSetup.exe
    [2009/12/21 08:15:46 | 015,452,536 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mark Farrar\Desktop\IE7-WindowsXP-x86-enu.exe
    [2009/10/18 08:15:14 | 001,359,360 | ---- | M] (Irfan Skiljan) -- C:\Documents and Settings\Mark Farrar\Desktop\iview425_setup.exe
    [2010/10/10 13:23:19 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mark Farrar\Desktop\mbam-setup-1.46.exe
    [2010/10/10 17:08:13 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Mark Farrar\Desktop\MBRCheck.exe
    [2010/10/11 08:42:03 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark Farrar\Desktop\OTL.exe
    [2010/01/31 15:46:49 | 017,776,464 | ---- | M] (pdfforge GbR) -- C:\Documents and Settings\Mark Farrar\Desktop\PDFCreator-0_9_9_setup.exe
    [2009/07/27 04:38:49 | 000,338,624 | ---- | M] (NCH Software) -- C:\Documents and Settings\Mark Farrar\Desktop\switchsetup.exe
    [2009/12/19 13:25:24 | 003,096,366 | ---- | M] () -- C:\Documents and Settings\Mark Farrar\Desktop\YouTubeDownloaderSetup253b.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2009/12/09 22:21:00 | 002,556,048 | ---- | M] (www.orbitdownloader.com ) -- C:\Documents and Settings\Mark Farrar\My Documents\OrbitDownloaderSetup.exe
    [2009/12/13 12:32:28 | 005,362,640 | ---- | M] () -- C:\Documents and Settings\Mark Farrar\My Documents\SetupAnyDVD6607.exe
    [2010/06/17 21:51:38 | 006,399,024 | ---- | M] () -- C:\Documents and Settings\Mark Farrar\My Documents\SetupAnyDVD6660.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2008/04/14 07:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/09/26 16:02:01 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Mark Farrar\Favorites\Desktop.ini
    [2010/02/27 12:03:04 | 000,000,468 | ---- | M] () -- C:\Documents and Settings\Mark Farrar\Favorites\NCH Audio and Telephony Software.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/10/11 08:40:24 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Mark Farrar\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2008/04/14 07:00:00 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2007/04/03 06:37:24 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2007/04/03 06:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/14 06:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 12:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/03 06:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/03 06:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/03 06:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2007/04/03 06:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2007/04/03 06:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

    < End of report >
     
  13. 2010/10/11
    markemark

    markemark Inactive Thread Starter

    Joined:
    2010/10/10
    Messages:
    16
    Likes Received:
    0
    And finally Extras.txt

    OTL Extras logfile created on: 10/11/2010 8:44:30 AM - Run 1
    OTL by OldTimer - Version 3.2.15.0 Folder = C:\Documents and Settings\Mark Farrar\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465.72 Gb Total Space | 407.96 Gb Free Space | 87.60% Space Free | Partition Type: NTFS

    Computer Name: MARKSCOMP | User Name: Mark Farrar | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | File Age = 90 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
    "{0B34A675-6029-AC00-90EF-74D28B842882}" = CCC Help Chinese Standard
    "{0B50356E-ED2C-E8B8-1DCF-370D92048416}" = CCC Help Korean
    "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
    "{0E5C9A93-F910-B2D4-A2C2-3BD9DA952A4C}" = Skins
    "{140BF940-2769-50D6-0D54-0AC1BDE01BA4}" = CCC Help Japanese
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3106DC33-E869-8341-4730-E4FF289BCCF9}" = CCC Help Turkish
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{453173DB-9744-2A1E-6BCB-3DD55773D506}" = Catalyst Control Center Graphics Previews Common
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{523DF39E-DF7D-488F-8022-783946571033}" = Nero 8 Essentials
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6509DE4F-DCCF-578B-40A8-101348F6A65D}" = CCC Help Portuguese
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{6C5415FA-D8D1-6F19-435A-705417AB72E4}" = CCC Help Italian
    "{6FD60C58-7319-044A-0072-6D8EAA0A1926}" = Catalyst Control Center Graphics Full New
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7374D6DD-3D36-6D3E-5EE1-789E2813DC27}" = ccc-core-static
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{8300B23B-CEFA-E2C4-D771-DFBE3EB607B3}" = Catalyst Control Center Localization All
    "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
    "{88253B77-33C9-4A9D-9E4C-4579E39D9158}" = Diagnostics Utility
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8C56376D-9057-B9E4-44CE-9C4EB39DAA66}" = Catalyst Control Center Graphics Light
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{9CC26B88-6560-56DA-0FB2-5CD93A616739}" = CCC Help Spanish
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{ACB4C3FB-2682-11B5-32CA-10A29A73A1B2}" = Catalyst Control Center Graphics Full Existing
    "{AE60F600-FD60-40C4-A990-72F9BFEE475C}" = Dell Backup and Recovery Manager
    "{AF8A834A-6EAE-46E2-754D-38F13CF47977}" = CCC Help French
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BBC7164B-A04A-A4D6-48E2-02819DF6CA01}" = ccc-core-preinstall
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C5A7668E-2AF7-69E1-45FD-F59A230629E0}" = ccc-utility
    "{C773BF86-547F-06FA-ED45-DF284236E8A5}" = CCC Help Chinese Traditional
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{D998C238-6EFB-7CC3-6E14-940CE7E06762}" = CCC Help Hungarian
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E6511D1C-B58C-DA1F-DC9B-D09E95C0C071}" = CCC Help German
    "{E6607F5B-50E7-4B54-81B7-F0600E3C8CF4}" = Belkin F5D8053 N Wireless USB Adapter
    "{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
    "{EE914C1D-B4FC-BBCA-1BB0-142E36615043}" = CCC Help English
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FC3E1F14-ACCE-3030-18A3-10B778F535B7}" = Catalyst Control Center Core Implementation
    "7-Zip" = 7-Zip 4.65
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
    "AnyDVD" = AnyDVD
    "Applian FLV Player2.0.24" = Applian FLV Player
    "ATI Display Driver" = ATI Display Driver
    "avast5" = avast! Free Antivirus
    "CCleaner" = CCleaner
    "CloneDVD2" = CloneDVD2
    "CloneDVDmobile" = CloneDVDmobile
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
    "DVD Flick_is1" = DVD Flick 1.3.0.7
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "InstallShield_{E6607F5B-50E7-4B54-81B7-F0600E3C8CF4}" = Belkin F5D8053 N Wireless USB Adapter
    "IrfanView" = IrfanView (remove only)
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PC Tools Firewall Plus" = PC Tools Firewall Plus 6.0
    "SIM editor" = SIM editor 4.0
    "SpywareBlaster_is1" = SpywareBlaster 4.4
    "Switch" = Switch Sound File Converter
    "WavePad" = WavePad Sound Editor
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "309a46b1dc89b774" = Dell Driver Download Manager

    ========== Last 10 Event Log Errors ==========

    [ Antivirus Events ]
    Error - 11/5/2009 6:56:17 PM | Computer Name = MARKSCOMP | Source = avast! | ID = 33554522
    Description =

    Error - 11/5/2009 11:54:28 PM | Computer Name = MARKSCOMP | Source = avast! | ID = 33554522
    Description =

    Error - 11/6/2009 3:46:26 PM | Computer Name = MARKSCOMP | Source = avast! | ID = 33554522
    Description =

    Error - 11/10/2009 12:23:47 AM | Computer Name = MARKSCOMP | Source = avast! | ID = 33554522
    Description =

    Error - 11/10/2009 12:23:59 AM | Computer Name = MARKSCOMP | Source = avast! | ID = 33554522
    Description =

    [ Application Events ]
    Error - 10/10/2010 9:53:27 PM | Computer Name = MARKSCOMP | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 10/10/2010 9:53:27 PM | Computer Name = MARKSCOMP | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 10/11/2010 12:42:31 AM | Computer Name = MARKSCOMP | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 10/11/2010 12:42:31 AM | Computer Name = MARKSCOMP | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 10/11/2010 12:42:31 AM | Computer Name = MARKSCOMP | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 10/11/2010 12:42:31 AM | Computer Name = MARKSCOMP | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 10/11/2010 9:37:22 AM | Computer Name = MARKSCOMP | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 10/11/2010 9:37:22 AM | Computer Name = MARKSCOMP | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 10/11/2010 9:37:22 AM | Computer Name = MARKSCOMP | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 10/11/2010 9:37:22 AM | Computer Name = MARKSCOMP | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    [ System Events ]
    Error - 10/10/2010 6:06:13 PM | Computer Name = MARKSCOMP | Source = Service Control Manager | ID = 7000
    Description = The Diag69xp service failed to start due to the following error: %%5

    Error - 10/10/2010 6:06:35 PM | Computer Name = MARKSCOMP | Source = Service Control Manager | ID = 7000
    Description = The Diag69xp service failed to start due to the following error: %%5

    Error - 10/10/2010 6:06:48 PM | Computer Name = MARKSCOMP | Source = Service Control Manager | ID = 7000
    Description = The Diag69xp service failed to start due to the following error: %%5

    Error - 10/10/2010 9:53:27 PM | Computer Name = MARKSCOMP | Source = PSched | ID = 14103
    Description = QoS [Adapter {DB4DE2A9-80F8-4B99-89FE-27394E249342}]: The netcard driver
    failed the query for OID_GEN_LINK_SPEED.

    Error - 10/10/2010 10:18:11 PM | Computer Name = MARKSCOMP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.

    Error - 10/11/2010 12:42:21 AM | Computer Name = MARKSCOMP | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.254.101 for the Network Card with network
    address 0022758E7265 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 10/11/2010 12:43:21 AM | Computer Name = MARKSCOMP | Source = Service Control Manager | ID = 7023
    Description = The HID Input Service service terminated with the following error:
    %%126

    Error - 10/11/2010 12:43:38 AM | Computer Name = MARKSCOMP | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.104 for the Network Card with network
    address 0022758E7265 has been denied by the DHCP server 192.168.254.254 (The DHCP
    Server sent a DHCPNACK message).

    Error - 10/11/2010 9:37:22 AM | Computer Name = MARKSCOMP | Source = PSched | ID = 14103
    Description = QoS [Adapter {DB4DE2A9-80F8-4B99-89FE-27394E249342}]: The netcard driver
    failed the query for OID_GEN_LINK_SPEED.

    Error - 10/11/2010 9:38:18 AM | Computer Name = MARKSCOMP | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    MYCOMPUTER that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{DB4DE2A9-80F8-4B9. The master browser is stopping or an election is
    being forced.


    < End of report >
     
  14. 2010/10/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =================================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  15. 2010/10/11
    markemark

    markemark Inactive Thread Starter

    Joined:
    2010/10/10
    Messages:
    16
    Likes Received:
    0
    I work nights so my next posts will not be so timely.

    Here is the OTL Log, the other logs will follow.

    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 321 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 321 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Mark Farrar
    ->Temp folder emptied: 10763194 bytes
    ->Temporary Internet Files folder emptied: 72844285 bytes
    ->Java cache emptied: 2027 bytes
    ->Flash cache emptied: 8742 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 483 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 48125370 bytes

    Total Files Cleaned = 126.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: Mark Farrar
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.15.0 log created on 10112010_204518

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Mark Farrar\Local Settings\Temporary Internet Files\Content.IE5\YZMY8RO9\PortalServe[1].htm moved successfully.
    C:\Documents and Settings\Mark Farrar\Local Settings\Temporary Internet Files\Content.IE5\M64UI7YK\audmeasure[1].gif moved successfully.
    C:\Documents and Settings\Mark Farrar\Local Settings\Temporary Internet Files\Content.IE5\M64UI7YK\p-01-0VIaSjnOLg[1].gif moved successfully.
    C:\Documents and Settings\Mark Farrar\Local Settings\Temporary Internet Files\Content.IE5\HL16XW43\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[1].htm moved successfully.
    C:\Documents and Settings\Mark Farrar\Local Settings\Temporary Internet Files\Content.IE5\HL16XW43\ads[7].htm moved successfully.
    C:\Documents and Settings\Mark Farrar\Local Settings\Temporary Internet Files\Content.IE5\HL16XW43\iframescript[1].htm moved successfully.
    C:\Documents and Settings\Mark Farrar\Local Settings\Temporary Internet Files\Content.IE5\HL16XW43\p-01-0VIaSjnOLg[1].gif moved successfully.
    C:\Documents and Settings\Mark Farrar\Local Settings\Temporary Internet Files\Content.IE5\9ERN7WPC\95633-active-possible-virus-problem[1].htm moved successfully.
    C:\Documents and Settings\Mark Farrar\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
    File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  16. 2010/10/11
    markemark

    markemark Inactive Thread Starter

    Joined:
    2010/10/10
    Messages:
    16
    Likes Received:
    0
    Here is the Security Check Log

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    avast! Free Antivirus
    PC Tools Firewall Plus 6.0
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 21
    Adobe Flash Player
    Adobe Reader 9
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    PC Tools Firewall Plus FWService.exe
    PC Tools Firewall Plus FirewallGUI.exe
    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 avastUI.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  17. 2010/10/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button
     
  18. 2010/10/13
    markemark

    markemark Inactive Thread Starter

    Joined:
    2010/10/10
    Messages:
    16
    Likes Received:
    0
    Just want to let you know, I work nights. I will do the last scan you requested this weekend, including Adobe Reader update.
     
  19. 2010/10/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No problem :)
     
  20. 2010/10/15
    markemark

    markemark Inactive Thread Starter

    Joined:
    2010/10/10
    Messages:
    16
    Likes Received:
    0
    Here is the result of the online scan

    C:\Documents and Settings\Mark Farrar\My Documents\Incomplete\T-39456-Angie Martinez - If I Could Go.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Documents and Settings\Mark Farrar\My Documents\My Videos\SetupGamevance.exe a variant of Win32/Adware.Gamevance.AJ application
    C:\Program Files\pdfforge Toolbar\SearchSettings.exe Win32/Adware.Toolbar.Dealio application
    C:\Program Files\pdfforge Toolbar\SearchSettingsRes409.dll Win32/Adware.Toolbar.Dealio application
    C:\Program Files\pdfforge Toolbar\WidgiHelper.exe Win32/Adware.Toolbar.Dealio application
    C:\Qoobox\Quarantine\C\Program Files\pdfforge Toolbar\SearchSettings.dll.vir Win32/Adware.Toolbar.Dealio application
    C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP346\A0110762.exe Win32/Adware.SpywareProtect2009 application
    C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP347\A0110884.exe Win32/PSW.Delf.NQS trojan
    C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP350\A0118755.dll Win32/Adware.Toolbar.Dealio application


    And Adobe Reader has been updated
     
  21. 2010/10/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Documents and Settings\Mark Farrar\My Documents\Incomplete\T-39456-Angie Martinez - If I Could Go.mp3 
      C:\Documents and Settings\Mark Farrar\My Documents\My Videos\SetupGamevance.exe 
      C:\Program Files\pdfforge Toolbar
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===============================================================

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.