Inactive Possible undetected infection

TJGarner · 2010/11/12

[Inactive] Possible undetected infection

My niece moved back to town and said "My computer doesn't work any more." When asked what is wrong with it, she said that the on button didn't work. Actually, I think the problem was the user and not the computer, but that is not why I am posting this.

When I got the computer it sounded awful. I cleaned it up, updated the OS and virus definitions, and followed the steps at the beginning of this forum. I would like someone a little more qualified to look at this PC and confirm that it is clean.

The particulars:I ran a Full Virus Scan with AVG 2011 free version. Not sure how many viruses where detected, sorry.

I ran Malwarebytes and here is the log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5093

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/11/2010 7:06:41 AM
mbam-log-2010-11-11 (07-06-41).txt

Scan type: Quick scan
Objects scanned: 213901
Time elapsed: 1 hour(s), 7 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 24
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 10
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\sysdivx.video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\voipwet.btgn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\voipwet.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{609f107d-88ee-4d19-b56f-6c21a3e9dc1f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{60c84877-62d8-4996-88e5-baf3d115f09f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6aea32a1-63d2-4de6-a1f8-c2132972c15f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9924dc07-f8d2-4a19-a396-9871b55612d7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7a23a1e8-b2ab-4c50-ad12-9e19b747e17c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d4170a6e-8ce3-444b-aca4-b3a0af12c55c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{212b4e0f-bea8-4894-800d-2c7e2ef097ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3dd88b10-20e4-4085-bb2c-5a58b49910a9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f94e2b67-3d7a-4f94-af35-5bbedaad3ac4} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5ef40ac5-1bbe-4436-a9e3-f129c0d605d8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7a23a1e8-b2ab-4c50-ad12-9e19b747e17c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0ac49246-419b-4ee0-8917-8818daad6a4e} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\sysdivx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecurePCCleaner (Rogue.PCCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Keegan\Application Data\SecurePCCleaner (Rogue.PCCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Keegan\Application Data\SecurePCCleaner\Logs (Rogue.PCCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mitzi\Application Data\SecurePCCleaner (Rogue.PCCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mitzi\Application Data\SecurePCCleaner\Logs (Rogue.PCCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Keegan\Application Data\Ultimate Cleaner (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Keegan\Application Data\Ultimate Cleaner\backup (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Keegan\Application Data\Ultimate Cleaner\logs (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\SecurePCCleaner\Abbr (Rogue.PCCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SecurePCCleaner\ProdCode (Rogue.PCCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Keegan\Application Data\SecurePCCleaner\Logs\update.log (Rogue.PCCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mitzi\Application Data\SecurePCCleaner\Logs\update.log (Rogue.PCCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Keegan\Application Data\Ultimate Cleaner\settings.dat (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Britainy\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Britainy\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Britainy\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Britainy\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Britainy\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Keegan\Application Data\Microsoft\Internet Explorer\Quick Launch\Start UltimateCleaner 2007.lnk (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.

I ran GMER:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-12 19:13:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST325082 rev.3.AD
Running: u1fvpeif[1].exe; Driver: C:\DOCUME~1\Tony\LOCALS~1\Temp\fxddapow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xED75F6C0]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF119C620]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xED75F810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xED75F8B0]

---- Kernel code sections - GMER 1.0.15 ----

? nsrs.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5AC8360, 0x307AC7, 0xE8000020]
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF780D760]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3000] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3000] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3000] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3000] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3000] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3000] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3000] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3000] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3000] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3000] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3000] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3000] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[2124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3000] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [2124:2432] 6C806D60
Thread iexplore.exe [2124:276] 6C806D60
Thread iexplore.exe [2124:4004] 6C806D60

---- EOF - GMER 1.0.15 ----

I ran MBRCheck
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 149):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7992000 \WINDOWS\system32\KDCOM.DLL
0xF78A2000 \WINDOWS\system32\BOOTVID.dll
0xF7492000 nsrs.sys
0xF7363000 ACPI.sys
0xF7994000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7352000 pci.sys
0xF74A2000 isapnp.sys
0xF7A5A000 pciide.sys
0xF7712000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74B2000 MountMgr.sys
0xF7333000 ftdisk.sys
0xF7998000 dmload.sys
0xF730D000 dmio.sys
0xF771A000 PartMgr.sys
0xF74C2000 VolSnap.sys
0xF7256000 iaStor.sys
0xF723E000 atapi.sys
0xF7722000 cercsr6.sys
0xF7226000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF74D2000 disk.sys
0xF74E2000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7206000 fltmgr.sys
0xF71F4000 sr.sys
0xF71DE000 DRVMCDB.SYS
0xF74F2000 PxHelp20.sys
0xF71C7000 KSecDD.sys
0xF713A000 Ntfs.sys
0xF710D000 NDIS.sys
0xF70F3000 Mup.sys
0xF772A000 avgrkx86.sys
0xF7502000 AVGIDSEH.Sys
0xF7076000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xF7652000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5AC8000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF5AB4000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF5A96000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF77FA000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5A72000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7802000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7672000 \SystemRoot\system32\DRIVERS\IntelC53.sys
0xF5A4F000 \SystemRoot\system32\DRIVERS\ks.sys
0xF5928000 \SystemRoot\system32\DRIVERS\IntelC51.sys
0xF5893000 \SystemRoot\system32\DRIVERS\IntelC52.sys
0xF780A000 \SystemRoot\system32\DRIVERS\mohfilt.sys
0xF7812000 \SystemRoot\System32\Drivers\Modem.SYS
0xF57C5000 \SystemRoot\system32\drivers\P17.sys
0xF57A1000 \SystemRoot\system32\drivers\portcls.sys
0xF7682000 \SystemRoot\system32\drivers\drmk.sys
0xF5775000 \SystemRoot\system32\DRIVERS\ctoss2k.sys
0xF5755000 \SystemRoot\system32\DRIVERS\ctsfm2k.sys
0xF5741000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7692000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7956000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF781A000 \SystemRoot\system32\drivers\Afc.sys
0xF79DE000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF76A2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF65EA000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7822000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF65DA000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7B47000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF65CA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7962000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF572A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF65BA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF65AA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF782A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5719000 \SystemRoot\system32\DRIVERS\psched.sys
0xF659A000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7832000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF783A000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF56E9000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF658A000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7842000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF784A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79E0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF568B000 \SystemRoot\system32\DRIVERS\update.sys
0xF797A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF657A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7662000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79FA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF5683000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF2A04000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xF7A12000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A72000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A14000 \SystemRoot\System32\Drivers\Beep.SYS
0xF227A000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF2272000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF226A000 \SystemRoot\System32\drivers\vga.sys
0xF7A16000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A18000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF2262000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF225A000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF566B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF152A000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF14D1000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF1471000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xF144B000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF1403000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xF2222000 \SystemRoot\system32\drivers\ip6fw.sys
0xF11D6000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF11B4000 \SystemRoot\System32\drivers\afd.sys
0xF2202000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF1192000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF2252000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF1167000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF10F7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF21F2000 \SystemRoot\System32\Drivers\Fips.SYS
0xF0CA5000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xF20D4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF2104000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF2192000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF15D1000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF18EA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEC780000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEBCAF000 \SystemRoot\System32\Drivers\dump_iastor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7096000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7882000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7AE4000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF7522000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7AB3000 \SystemRoot\System32\DLA\DLADResN.SYS
0xBA589000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xED145000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF7A36000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF77A2000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xBA571000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xBA55B000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xEB007000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA48E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF79D0000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF79D4000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xED75D000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xBA3FD000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA355000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA3C9000 \??\C:\WINDOWS\system32\drivers\PfModNT.sys
0xF21C2000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xED052000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xBA265000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xB9DF0000 \SystemRoot\system32\drivers\wdmaud.sys
0xF2A44000 \SystemRoot\system32\drivers\sysaudio.sys
0xB89AD000 \??\C:\DOCUME~1\Tony\LOCALS~1\Temp\fxddapow.sys
0xB9FD9000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB8982000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 52):
0 System Idle Process
4 System
752 C:\WINDOWS\system32\smss.exe
784 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
956 csrss.exe
988 C:\WINDOWS\system32\winlogon.exe
1040 C:\WINDOWS\system32\services.exe
1052 C:\WINDOWS\system32\lsass.exe
1256 C:\WINDOWS\system32\svchost.exe
1324 svchost.exe
1420 C:\WINDOWS\system32\svchost.exe
1504 svchost.exe
1620 svchost.exe
1752 C:\WINDOWS\system32\spoolsv.exe
1920 svchost.exe
1956 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1976 C:\Program Files\AVG\AVG10\avgwdsvc.exe
1996 C:\Program Files\Bonjour\mDNSResponder.exe
2020 C:\WINDOWS\system32\CTSVCCDA.EXE
488 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
516 C:\WINDOWS\system32\nvsvc32.exe
556 C:\WINDOWS\system32\PnkBstrA.exe
604 C:\WINDOWS\system32\svchost.exe
964 C:\Program Files\Viewpoint\Common\ViewpointService.exe
1308 C:\WINDOWS\system32\MsPMSPSv.exe
1376 C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
1532 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
1700 C:\Program Files\AVG\AVG10\avgnsx.exe
1840 C:\Program Files\AVG\AVG10\avgemcx.exe
2220 C:\Program Files\Canon\CAL\CALMAIN.exe
2928 alg.exe
644 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
692 C:\Program Files\AVG\AVG10\avgcsrvx.exe
2636 C:\WINDOWS\explorer.exe
3496 C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
2452 C:\WINDOWS\system32\rundll32.exe
656 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
3540 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
2324 C:\WINDOWS\system32\svchost.exe
636 C:\Program Files\Real\RealPlayer\realplay.exe
3932 C:\WINDOWS\system32\rundll32.exe
2564 C:\Program Files\iTunes\iTunesHelper.exe
524 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
668 C:\Program Files\AVG\AVG10\avgtray.exe
2284 C:\WINDOWS\system32\ctfmon.exe
2180 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
2392 C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
1560 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
3132 C:\Program Files\iPod\bin\iPodService.exe
3512 C:\Program Files\Internet Explorer\iexplore.exe
3000 C:\Program Files\Internet Explorer\iexplore.exe
3972 C:\Documents and Settings\Tony\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3250824AS, Rev: 3.ADH

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

DDS Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/10/2007 4:52:48 PM
System Uptime: 11/11/2010 7:07:31 AM (36 hours ago)

Motherboard: Dell Inc. | | 0U7077
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 162.451 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01771028&REV_03\3&172E68DD&0&F2
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01771028&REV_03\3&172E68DD&0&F2
Service:

==== System Restore Points ===================

RP959: 11/8/2010 4:20:14 PM - System Checkpoint
RP960: 11/8/2010 7:19:24 PM - Removed Battlefield 2: Deluxe Edition
RP961: 11/8/2010 7:23:07 PM - Removed J2SE Runtime Environment 5.0 Update 10
RP962: 11/8/2010 7:23:37 PM - Removed J2SE Runtime Environment 5.0 Update 8
RP963: 11/8/2010 7:24:07 PM - Removed J2SE Runtime Environment 5.0 Update 11
RP964: 11/8/2010 7:24:37 PM - Removed Java(TM) 6 Update 2
RP965: 11/8/2010 7:26:57 PM - Removed RollerCoaster Tycoon 3
RP966: 11/8/2010 7:35:03 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP967: 11/8/2010 7:35:11 PM - Installed AVG 2011
RP968: 11/8/2010 7:35:32 PM - Installed AVG 2011
RP969: 11/8/2010 7:55:07 PM - Software Distribution Service 3.0
RP970: 11/8/2010 7:58:14 PM - Removed Steam
RP971: 11/8/2010 10:11:49 PM - Software Distribution Service 3.0
RP972: 11/8/2010 10:59:57 PM - Software Distribution Service 3.0
RP973: 11/9/2010 3:01:36 AM - Software Distribution Service 3.0
RP974: 11/10/2010 3:00:32 AM - Software Distribution Service 3.0
RP975: 11/10/2010 5:17:32 PM - Software Distribution Service 3.0
RP976: 11/10/2010 5:24:30 PM - Removed Sonic Update Manager
RP977: 11/11/2010 6:11:59 PM - System Checkpoint
RP978: 11/12/2010 7:11:54 PM - System Checkpoint

==== Installed Programs ======================

Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.2
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe® Photoshop® Album Starter Edition 3.0
AIM 6
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AVG 2011
BuddyList Ops 1.0.0.1
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Cincinnati Bengals ScreenServer
Compatibility Pack for the 2007 Office system
Creative MediaSource
Dell Resource CD
Disc2Phone
DivX Content Uploader
DivX Web Player
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) 537EP V9x DF PCI Modem
iTunes
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Move Networks Player for Internet Explorer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PC VGA Camer@ Plus
PC VGA Camera
PDF Settings
Peggle Extreme
Picture Package Music Transfer
Portal
PowerDVD 5.5
Print to Fax
QuickTime
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Sony Picture Utility
Sony USB Driver
Sound Blaster Live! 24-bit
SpeechRedist
SUPERAntiSpyware Free Edition
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 12

==== Event Viewer Messages From Past Week ========

11/9/2010 12:57:50 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqupgrd.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
11/9/2010 12:57:50 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqtrig.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
11/9/2010 12:57:50 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqtgsvc.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
11/9/2010 12:57:50 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqsvc.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
11/9/2010 12:57:50 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqsnap.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
11/9/2010 12:57:50 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqrtdep.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
11/9/2010 12:57:50 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqrt.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
11/9/2010 12:57:50 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqqm.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
11/9/2010 12:57:50 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqoa.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
11/9/2010 12:57:50 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqise.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
11/9/2010 12:57:50 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqdscli.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
11/9/2010 12:57:50 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqbkup.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
11/9/2010 12:57:50 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file mqad.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.0.1111, the version of the system file is 5.1.0.1110.
11/9/2010 12:43:15 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070663: Security Update for Microsoft Office Access 2003 (KB981716).
11/8/2010 7:05:19 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/8/2010 10:27:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service service to connect.
11/8/2010 10:27:13 PM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/11/2010 7:08:39 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
11/10/2010 11:37:40 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
11/10/2010 11:37:37 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
11/10/2010 11:37:37 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
11/10/2010 11:37:37 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
11/10/2010 11:37:37 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
11/10/2010 11:37:37 PM, error: Service Control Manager [7031] - The WSWNDA3100 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/10/2010 11:37:36 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
11/10/2010 11:37:36 PM, error: Service Control Manager [7034] - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated unexpectedly. It has done this 1 time(s).
11/10/2010 11:37:36 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================

TJGarner · 2010/11/12

and...

DDS - DDS log

DDS (Ver_10-11-10.01) - NTFSx86
Run by Tony at 19:15:11.35 on Fri 11/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.320 [GMT -5:00]

AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tony\Desktop\dds.scr

============== Pseudo HJT Report ===============

mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
TB: {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe "
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe "
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100v2\WNDA3100v2.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-23 24652]
R2 WSWNDA3100;WSWNDA3100;c:\program files\netgear\wnda3100v2\WifiSvc.exe [2010-2-24 278528]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2010-2-24 632576]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2010-2-24 34064]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
S3 XDva011;XDva011;\??\c:\windows\system32\xdva011.sys --> c:\windows\system32\XDva011.sys [?]

=============== Created Last 30 ================

2010-11-11 05:01:08 -------- d-----w- c:\docume~1\tony\applic~1\Malwarebytes
2010-11-11 05:01:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-11 05:00:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-11 05:00:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-11 05:00:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-10 22:54:59 -------- d--h--w- C:\$AVG
2010-11-10 22:18:34 -------- d-sh--w- c:\documents and settings\tony\IECompatCache
2010-11-10 22:18:02 -------- d-sh--w- c:\documents and settings\tony\PrivacIE
2010-11-10 22:16:29 -------- d-sh--w- c:\documents and settings\tony\IETldCache
2010-11-09 05:34:44 13312 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-11-09 05:32:34 -------- d-----w- c:\windows\ie8updates
2010-11-09 05:30:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-11-09 05:30:56 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-09 05:30:53 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-09 05:27:01 -------- dc-h--w- c:\windows\ie8
2010-11-09 05:09:52 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-09 05:09:52 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-09 05:06:45 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-09 05:03:54 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-11-09 04:04:28 -------- d-----w- c:\program files\common files\ODBC
2010-11-09 03:39:50 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-09 03:26:19 -------- d-----w- c:\docume~1\tony\locals~1\applic~1\Sunbelt Software
2010-11-09 03:23:33 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-09 03:11:56 -------- d-----w- C:\f5953dc378818f07c800a09ddcb0
2010-11-09 01:17:38 -------- d-----w- c:\windows\system32\scripting
2010-11-09 01:17:30 -------- d-----w- c:\windows\l2schemas
2010-11-09 01:17:27 -------- d-----w- c:\windows\system32\en
2010-11-09 01:17:25 -------- d-----w- c:\windows\system32\bits
2010-11-09 00:38:20 -------- d-----w- c:\docume~1\tony\applic~1\AVG10
2010-11-09 00:37:06 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-11-09 00:35:43 -------- d-----w- c:\windows\system32\drivers\AVG
2010-11-09 00:35:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-11-09 00:35:11 -------- d-----w- c:\program files\AVG
2010-11-09 00:31:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-11-09 00:12:12 -------- d-----w- c:\docume~1\tony\locals~1\applic~1\Google
2010-11-09 00:11:30 -------- d-----w- c:\docume~1\tony\locals~1\applic~1\Apple Computer
2010-11-08 23:52:47 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-11-08 23:52:45 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

==================== Find3M ====================

2010-11-09 01:01:22 1018 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 19:16:17.90 ===============

broni · 2010/11/12

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ( "drive-by-install ") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

==============================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

TJGarner · 2010/11/14

Ok, I removed the Viewpoint stuff. I also had a small problem running ComboFix. I removed AVG Free 2011 because ComboFix wouldn't run with it installed even if it was disabled, but that wasn't the problem. The first time I ran ComboFix it rebooted the PC and when I logged back in to my user, a small ComboFix screen popped up - then I immediately got a BSOD. I had to hard boot the PC and rerun ComboFix, the first attempt it locked up and I had to reboot using the normal process. After that I was able to run and get the log. I am not sure any of what happened might reflect in the logs but I wanted to let you know what happened.

Here is the ComboFix log:
ComboFix 10-11-14.01 - Tony 11/14/2010 18:12:02.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.683 [GMT -5:00]
Running from: c:\documents and settings\Tony\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Britainy\System\win_qs8.jqx
c:\windows\dat.txt
c:\windows\search_res.txt
c:\windows\settings.reg
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.

2010-11-11 22:01 . 2010-11-11 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-11-11 05:01 . 2010-11-11 05:01 -------- d-----w- c:\documents and settings\Tony\Application Data\Malwarebytes
2010-11-11 05:01 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-11 05:00 . 2010-11-11 05:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-11 05:00 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-11 05:00 . 2010-11-11 05:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-10 22:18 . 2010-11-10 22:18 -------- d-sh--w- c:\documents and settings\Tony\IECompatCache
2010-11-10 22:18 . 2010-11-10 22:18 -------- d-sh--w- c:\documents and settings\Tony\PrivacIE
2010-11-10 22:16 . 2010-11-10 22:16 -------- d-sh--w- c:\documents and settings\Tony\IETldCache
2010-11-09 08:58 . 2010-11-09 08:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-11-09 05:34 . 2010-08-26 11:08 13312 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-11-09 05:30 . 2010-09-10 05:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-11-09 05:30 . 2010-09-10 05:58 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-09 05:30 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-09 05:27 . 2010-11-09 05:30 -------- dc-h--w- c:\windows\ie8
2010-11-09 05:09 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-09 05:09 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-09 05:06 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-09 05:03 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-11-09 03:39 . 2010-11-09 03:39 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-09 03:26 . 2010-11-09 03:26 -------- d-----w- c:\documents and settings\Tony\Local Settings\Application Data\Sunbelt Software
2010-11-09 03:23 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-09 03:21 . 2010-11-10 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-11-09 03:11 . 2010-11-09 03:12 -------- d-----w- C:\f5953dc378818f07c800a09ddcb0
2010-11-09 01:17 . 2010-11-09 01:34 -------- d-----w- c:\windows\system32\scripting
2010-11-09 01:17 . 2010-11-09 01:17 -------- d-----w- c:\windows\l2schemas
2010-11-09 01:17 . 2010-11-09 01:33 -------- d-----w- c:\windows\system32\en
2010-11-09 01:17 . 2010-11-09 01:32 -------- d-----w- c:\windows\system32\bits
2010-11-09 00:38 . 2010-11-09 00:38 -------- d-----w- c:\documents and settings\Tony\Application Data\AVG10
2010-11-09 00:37 . 2010-11-09 00:37 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-11-09 00:35 . 2010-11-14 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-11-09 00:35 . 2010-11-09 00:35 -------- d-----w- c:\program files\AVG
2010-11-09 00:31 . 2010-11-09 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-11-09 00:12 . 2010-11-09 01:06 -------- d-----w- c:\documents and settings\Tony\Local Settings\Application Data\Google
2010-11-09 00:11 . 2010-11-09 00:11 -------- d-----w- c:\documents and settings\Tony\Local Settings\Application Data\Apple Computer
2010-11-08 23:52 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-11-08 23:52 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-09 01:01 . 2008-06-30 17:23 1018 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-09-18 17:23 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-04 10:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 10:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 10:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 10:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2004-08-04 10:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-09 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"CTSysVol "= "c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"P17Helper "= "P17.dll" [2004-06-10 60928]
"UpdReg "= "c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RealTray "= "c:\program files\Real\RealPlayer\RealPlay.exe" [2007-01-13 26112]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]

c:\documents and settings\Britainy\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-9-4 344064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2010-2-24 3272704]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2010-11-09 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-11-09 00:44 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP "= 6112:TCP:Blizzard Downloader
"3724:TCP "= 3724:TCP:Blizzard Downloader: 3724

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 1:53 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 67656]
S2 WSWNDA3100;WSWNDA3100;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [2/24/2010 10:14 PM 278528]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2/24/2010 10:14 PM 632576]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 12872]
S3 XDva011;XDva011;\??\c:\windows\system32\XDva011.sys --> c:\windows\system32\XDva011.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-11-09 c:\windows\Tasks\defrag.job
- c:\windows\system32\defrag.exe [2004-08-04 00:12]

2010-11-09 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-04 00:12]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-Run-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
HKLM-Run-SNM - c:\program files\SpyNoMore\SNM.exe
HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Move Networks Player_is1 - c:\documents and settings\Mitzi\Application Data\Move Networks\ie_bin\unins000.exe
AddRemove-Steam App 3483 - c:\program files\steam\steam.exe
AddRemove-Steam App 400 - c:\program files\steam\steam.exe
AddRemove-StreetPlugin - c:\program files\Learn2.com\StRunner\stuninst.exe

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(672)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-11-14 18:19:29
ComboFix-quarantined-files.txt 2010-11-14 23:19

Pre-Run: 178,711,486,464 bytes free
Post-Run: 178,669,436,928 bytes free

- - End Of File - - 3662D59A6089666836FA749394586E39

broni · 2010/11/14

It looks clean now

Update MBAM, run it and post a log, if anything found.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Log in or Sign up

Inactive Possible undetected infection

TJGarner Well-Known Member Thread Starter

TJGarner Well-Known Member Thread Starter

broni Moderator Malware Analyst

TJGarner Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Possible undetected infection

TJGarner Well-Known Member Thread Starter

TJGarner Well-Known Member Thread Starter

broni Moderator Malware Analyst

TJGarner Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches