Solved trojan / "Object is inaccessible."

davee · 2010/08/11

hi here is first one :

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 132):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0x8A355000 \WINDOWS\system32\KDCOM.DLL
0xBA4BC000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5A8000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xBA5AA000 viaide.sys
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 viamraid.sys
0xB9EF3000 \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
0xBA0E8000 disk.sys
0xBA0F8000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB9ED3000 fltmgr.sys
0xB9EC1000 sr.sys
0xBA108000 PxHelp20.sys
0xB9EAA000 KSecDD.sys
0xB9E93000 WudfPf.sys
0xB9E06000 Ntfs.sys
0xB9DD9000 NDIS.sys
0xBA338000 viaagp1.sys
0xB9DBF000 Mup.sys
0xBA2F8000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB9069000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB9055000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA308000 \SystemRoot\System32\Drivers\Imapi.SYS
0xB903C000 \SystemRoot\System32\Drivers\AnyDVD.sys
0xBA318000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xB94AF000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB9019000 \SystemRoot\System32\DRIVERS\ks.sys
0xBA3B0000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB8FF5000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xBA3B8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8DBE000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB8D9A000 \SystemRoot\system32\drivers\portcls.sys
0xB949F000 \SystemRoot\system32\drivers\drmk.sys
0xB8D87000 \SystemRoot\System32\DRIVERS\Rtlnicxp.sys
0xBA3C0000 \SystemRoot\System32\DRIVERS\fdc.sys
0xB948F000 \SystemRoot\System32\DRIVERS\serial.sys
0xBA59C000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB8D73000 \SystemRoot\System32\DRIVERS\parport.sys
0xB947F000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xBA3C8000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xBA6A8000 \SystemRoot\System32\DRIVERS\audstub.sys
0xBA168000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xB9D93000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB87C3000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xBA178000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xBA188000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xBA410000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB87B2000 \SystemRoot\System32\DRIVERS\psched.sys
0xBA198000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xB50A5000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xB509D000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB4D11000 \SystemRoot\System32\Drivers\pcouffin.sys
0xB1CAC000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xB4D01000 \SystemRoot\System32\DRIVERS\termdd.sys
0xB5095000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBA646000 \SystemRoot\System32\DRIVERS\swenum.sys
0xAED1E000 \SystemRoot\System32\DRIVERS\update.sys
0xB8A33000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xB78E3000 \SystemRoot\system32\DRIVERS\zumbus.sys
0xB5B58000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xADEFA000 \SystemRoot\System32\Drivers\wdf01000.sys
0xAE583000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAE553000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xBA5DC000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xB766F000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xBA5DE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xADDE6000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5E0000 \SystemRoot\System32\Drivers\Beep.SYS
0xB765F000 \SystemRoot\System32\drivers\vga.sys
0xBA5E2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5E4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB5420000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB5418000 \SystemRoot\System32\Drivers\Npfs.SYS
0xAE9B4000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9D522000 \SystemRoot\System32\DRIVERS\ipsec.sys
0x9D4C9000 \SystemRoot\System32\DRIVERS\tcpip.sys
0x9D48F000 \SystemRoot\System32\Drivers\avgtdix.sys
0x9D469000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xAE503000 \SystemRoot\System32\DRIVERS\wanarp.sys
0x9D441000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9D41F000 \SystemRoot\System32\drivers\afd.sys
0xADB8A000 \SystemRoot\System32\DRIVERS\netbios.sys
0x9D3FD000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xB50AD000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9D3D2000 \SystemRoot\System32\DRIVERS\rdbss.sys
0x9D362000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xADB6A000 \SystemRoot\System32\Drivers\Fips.SYS
0xADAC8000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x9D346000 \SystemRoot\System32\DRIVERS\avipbb.sys
0xAD9D6000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xADB5A000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xADAC0000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xAD9D2000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xADAB8000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x9D312000 \SystemRoot\System32\Drivers\avgldx86.sys
0xBA1B8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9D2FA000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA64C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA5A4000 \SystemRoot\System32\drivers\Dxapi.sys
0xB206B000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xAD87F000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF065000 \SystemRoot\System32\ati2cqag.dll
0xBF0FE000 \SystemRoot\System32\atikvmag.dll
0xBF182000 \SystemRoot\System32\atiok3x2.dll
0xBF1CD000 \SystemRoot\System32\ati3duag.dll
0xBF572000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0x9B0E2000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0x9AEC5000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xBA652000 \SystemRoot\System32\Drivers\ParVdm.SYS
0x9AD7E000 \SystemRoot\System32\DRIVERS\srv.sys
0x9ACF1000 \SystemRoot\system32\drivers\wdmaud.sys
0xB1E3E000 \SystemRoot\system32\drivers\sysaudio.sys
0x9ACCD000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x9A6EC000 \SystemRoot\System32\Drivers\HTTP.sys
0x9A419000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 38):
0 System Idle Process
4 System
480 C:\WINDOWS\system32\smss.exe
528 csrss.exe
560 C:\WINDOWS\system32\winlogon.exe
608 C:\WINDOWS\system32\services.exe
620 C:\WINDOWS\system32\lsass.exe
804 C:\WINDOWS\system32\ati2evxx.exe
828 C:\WINDOWS\system32\svchost.exe
888 svchost.exe
996 C:\WINDOWS\system32\svchost.exe
1040 C:\WINDOWS\system32\svchost.exe
1140 svchost.exe
1188 C:\WINDOWS\system32\ati2evxx.exe
1196 C:\Program Files\AVG\AVG9\avgchsvx.exe
1204 C:\Program Files\AVG\AVG9\avgrsx.exe
1320 svchost.exe
1364 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1684 C:\WINDOWS\system32\spoolsv.exe
1784 svchost.exe
1844 C:\Program Files\AVG\AVG9\avgwdsvc.exe
2024 C:\Program Files\Java\jre6\bin\jqs.exe
256 C:\WINDOWS\system32\svchost.exe
324 C:\WINDOWS\system32\ZuneBusEnum.exe
1152 C:\WINDOWS\system32\dmadmin.exe
1996 C:\WINDOWS\explorer.exe
2336 C:\Program Files\AVG\AVG9\avgemc.exe
2392 C:\Program Files\AVG\AVG9\avgnsx.exe
2536 C:\Program Files\AVG\AVG9\avgcsrvx.exe
3016 alg.exe
3160 C:\PROGRA~1\AVG\AVG9\avgtray.exe
3300 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
3384 C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
3948 C:\WINDOWS\system32\svchost.exe
3088 C:\Program Files\Opera\opera.exe
3688 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
3364 wmiprvse.exe
2404 C:\Documents and Settings\Dave\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`c4014000 (NTFS)

PhysicalDrive0 Model Number: ST3160212A, Rev: 3.AAJ

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 3DD27C7EE9B2D8B2CB511843C79460E5DB3CA995

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.

Done!

davee · 2010/08/11

here is one after reboot

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 132):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0x8A4BD000 \WINDOWS\system32\KDCOM.DLL
0xBA4BC000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5A8000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xBA5AA000 viaide.sys
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 viamraid.sys
0xB9EF3000 \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
0xBA0E8000 disk.sys
0xBA0F8000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB9ED3000 fltmgr.sys
0xB9EC1000 sr.sys
0xBA108000 PxHelp20.sys
0xB9EAA000 KSecDD.sys
0xB9E93000 WudfPf.sys
0xB9E06000 Ntfs.sys
0xB9DD9000 NDIS.sys
0xBA338000 viaagp1.sys
0xB9DBF000 Mup.sys
0xBA2A8000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB8FBC000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB8FA8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA2B8000 \SystemRoot\System32\Drivers\Imapi.SYS
0xB8F8F000 \SystemRoot\System32\Drivers\AnyDVD.sys
0xBA2C8000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xBA2D8000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB8F6C000 \SystemRoot\System32\DRIVERS\ks.sys
0xBA3C8000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB8F48000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xBA3D0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8D11000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB8CED000 \SystemRoot\system32\drivers\portcls.sys
0xBA2E8000 \SystemRoot\system32\drivers\drmk.sys
0xB8CDA000 \SystemRoot\System32\DRIVERS\Rtlnicxp.sys
0xBA3D8000 \SystemRoot\System32\DRIVERS\fdc.sys
0xBA2F8000 \SystemRoot\System32\DRIVERS\serial.sys
0xBA580000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB8CC6000 \SystemRoot\System32\DRIVERS\parport.sys
0xBA308000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xBA3E0000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xBA721000 \SystemRoot\System32\DRIVERS\audstub.sys
0xBA318000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA584000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB8CAF000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xB9402000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xB93F2000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xBA3E8000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB8C76000 \SystemRoot\System32\DRIVERS\psched.sys
0xB93E2000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xBA3F0000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xBA3F8000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB93D2000 \SystemRoot\System32\Drivers\pcouffin.sys
0xB8C46000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xB93C2000 \SystemRoot\System32\DRIVERS\termdd.sys
0xBA400000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBA5C2000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB8BE8000 \SystemRoot\System32\DRIVERS\update.sys
0xBA5A0000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xB93B2000 \SystemRoot\system32\DRIVERS\zumbus.sys
0xB93A2000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB8B77000 \SystemRoot\System32\Drivers\wdf01000.sys
0xB67E3000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB67B3000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xBA624000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xB6B1E000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xBA626000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6F7000 \SystemRoot\System32\Drivers\Null.SYS
0xBA628000 \SystemRoot\System32\Drivers\Beep.SYS
0xB6B0E000 \SystemRoot\System32\drivers\vga.sys
0xBA62A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA62C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB6B06000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB6AFE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB6A98000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA4117000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xA40BE000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xA4084000 \SystemRoot\System32\Drivers\avgtdix.sys
0x9CFFE000 \SystemRoot\System32\DRIVERS\ipnat.sys
0x9E3D1000 \SystemRoot\System32\DRIVERS\wanarp.sys
0x9EADD000 \SystemRoot\System32\DRIVERS\hidusb.sys
0x9E3C1000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xB696B000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0x9CFD6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9CFB4000 \SystemRoot\System32\drivers\afd.sys
0x9DDBB000 \SystemRoot\System32\DRIVERS\netbios.sys
0x9CF92000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0x9EAD9000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xB51D7000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9CF67000 \SystemRoot\System32\DRIVERS\rdbss.sys
0x9CEF7000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0x9DD9B000 \SystemRoot\System32\Drivers\Fips.SYS
0xB51CF000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x9CEDB000 \SystemRoot\System32\DRIVERS\avipbb.sys
0xB51C7000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x9CEA7000 \SystemRoot\System32\Drivers\avgldx86.sys
0xBA168000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9CE8F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA612000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA570000 \SystemRoot\System32\drivers\Dxapi.sys
0x9D31C000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0x9D932000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF065000 \SystemRoot\System32\ati2cqag.dll
0xBF0FE000 \SystemRoot\System32\atikvmag.dll
0xBF182000 \SystemRoot\System32\atiok3x2.dll
0xBF1CD000 \SystemRoot\System32\ati3duag.dll
0xBF572000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB8CAB000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0x9AA82000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0x9AA6D000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA238000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA5C8000 \SystemRoot\System32\Drivers\ParVdm.SYS
0x9A7BE000 \SystemRoot\System32\DRIVERS\srv.sys
0x9A47A000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x9A2A9000 \SystemRoot\System32\Drivers\HTTP.sys
0x99F60000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 39):
0 System Idle Process
4 System
480 C:\WINDOWS\system32\smss.exe
528 csrss.exe
560 C:\WINDOWS\system32\winlogon.exe
608 C:\WINDOWS\system32\services.exe
620 C:\WINDOWS\system32\lsass.exe
804 C:\WINDOWS\system32\ati2evxx.exe
828 C:\WINDOWS\system32\svchost.exe
888 svchost.exe
960 C:\WINDOWS\system32\svchost.exe
1004 C:\WINDOWS\system32\svchost.exe
1116 svchost.exe
1200 svchost.exe
1260 C:\WINDOWS\system32\ati2evxx.exe
1268 C:\Program Files\AVG\AVG9\avgchsvx.exe
1276 C:\Program Files\AVG\AVG9\avgrsx.exe
1416 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1444 C:\WINDOWS\system32\spoolsv.exe
1920 svchost.exe
200 C:\Program Files\AVG\AVG9\avgwdsvc.exe
236 C:\WINDOWS\explorer.exe
840 C:\Program Files\Java\jre6\bin\jqs.exe
1516 C:\WINDOWS\system32\svchost.exe
1064 C:\WINDOWS\system32\ZuneBusEnum.exe
2040 C:\PROGRA~1\AVG\AVG9\avgtray.exe
1976 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
2112 C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
2204 C:\WINDOWS\system32\dmadmin.exe
2312 C:\WINDOWS\system32\wuauclt.exe
2544 C:\Program Files\AVG\AVG9\avgemc.exe
2596 C:\Program Files\AVG\AVG9\avgnsx.exe
2884 C:\Program Files\AVG\AVG9\avgcsrvx.exe
3352 alg.exe
3948 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
3976 C:\Program Files\Opera\opera.exe
4060 wmiprvse.exe
2084 C:\WINDOWS\system32\notepad.exe
3848 C:\Documents and Settings\Dave\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`c4014000 (NTFS)

PhysicalDrive0 Model Number: ST3160212A, Rev: 3.AAJ

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 3DD27C7EE9B2D8B2CB511843C79460E5DB3CA995

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

broni · 2010/08/11

Our fix didn't work.

Restart computer
When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.

You should get a black screen with a C:\> prompt. Type with an Enter after each line:

fixmbr

(If it asks you if you are sure then say "Y ".)

exit

Reboot computer.

Post fresh MBRCheck log.

davee · 2010/08/12

Hi Broni , my pc wont go into recovery mode it goes through the process were it begins to load and just stays there i waited over 15 mins and nothing , so i tried to load it in safe mode still the same , ???? just to clarify what i mean about were it stops is were the bar at bottom of screen moves along it gets to the end but thats were it stops ,

broni · 2010/08/12

Let's try to access recovery console in different way.

If you have Windows CD...(if you don't have Windows CD, scroll down)

1. Insert your Windows XP CD into your CD and assure that your CD-ROM drive is capable of booting the CD.
2. Once you have booted from CD, do NOT select the option that states: Press F2 to initiate the Automated System Recovery (ASR) tool.
You’re going to proceed until you see the following screen, at which point you will press the “R” key to enter the recovery console:

3. After you have selected the appropriate option from step two, you will be prompted to select a valid Windows installation (typically number 1).
Select the installation number, and hit Enter.
If there is an administrator password for the administrator account, enter it and hit Enter (if asked for the password, and you don't know it, you're out of luck).
You will be greeted with this screen, which indicates a recovery console at the ready:

If you don't have Windows CD...
Download Windows Recovery Console: http://www.thecomputerparamedic.com/files/rc.iso
Download, and install free Imgburn: http://www.imgburn.com/index.php?act=download
Using Imgburn, burn rc.iso to a CD.
Boot to the CD...let it finish loading.
When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

davee · 2010/08/12

Hi Broni i used cd to get into recovery console did fixmbr then ran mbr check here is log .

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 137):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 viaide.sys
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AE000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 viamraid.sys
0xB9EF3000 \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
0xBA0E8000 disk.sys
0xBA0F8000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB9ED3000 fltmgr.sys
0xB9EC1000 sr.sys
0xBA108000 PxHelp20.sys
0xB9EAA000 KSecDD.sys
0xB9E93000 WudfPf.sys
0xB9E06000 Ntfs.sys
0xB9DD9000 NDIS.sys
0xBA338000 viaagp1.sys
0xB9DBF000 Mup.sys
0xBA298000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB99C1000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB99AD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA2A8000 \SystemRoot\System32\Drivers\Imapi.SYS
0xB9994000 \SystemRoot\System32\Drivers\AnyDVD.sys
0xBA2B8000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xBA2C8000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB9971000 \SystemRoot\System32\DRIVERS\ks.sys
0xBA3D8000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB994D000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xBA3E0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9716000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB96F2000 \SystemRoot\system32\drivers\portcls.sys
0xBA2D8000 \SystemRoot\system32\drivers\drmk.sys
0xB96DF000 \SystemRoot\System32\DRIVERS\Rtlnicxp.sys
0xBA3E8000 \SystemRoot\System32\DRIVERS\fdc.sys
0xBA2E8000 \SystemRoot\System32\DRIVERS\serial.sys
0xBA578000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB96CB000 \SystemRoot\System32\DRIVERS\parport.sys
0xBA2F8000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xBA3F0000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xBA7FE000 \SystemRoot\System32\DRIVERS\audstub.sys
0xBA308000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA57C000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB96B4000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xBA318000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xBA138000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xBA3F8000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB96A3000 \SystemRoot\System32\DRIVERS\psched.sys
0xBA148000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xBA400000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xBA408000 \SystemRoot\System32\DRIVERS\raspti.sys
0xBA158000 \SystemRoot\System32\Drivers\pcouffin.sys
0xB95AB000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xBA168000 \SystemRoot\System32\DRIVERS\termdd.sys
0xBA410000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBA5C0000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB954D000 \SystemRoot\System32\DRIVERS\update.sys
0xBA598000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xBA178000 \SystemRoot\system32\DRIVERS\zumbus.sys
0xBA188000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB94DC000 \SystemRoot\System32\Drivers\wdf01000.sys
0xBA198000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA1C8000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xBA5C2000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xBA418000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xBA5C4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA754000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5C6000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA428000 \SystemRoot\System32\drivers\vga.sys
0xBA5C8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5CA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA430000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA438000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA548000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA872C000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xA86D3000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xA86AD000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xA8673000 \SystemRoot\System32\Drivers\avgtdix.sys
0xBA1E8000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xBA558000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xBA1F8000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xBA440000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xBA560000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xA85AB000 \SystemRoot\System32\DRIVERS\netbt.sys
0xA8589000 \SystemRoot\System32\drivers\afd.sys
0xBA208000 \SystemRoot\System32\DRIVERS\netbios.sys
0xA8567000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xBA448000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA853C000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xA84CC000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBA228000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA450000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xA84B0000 \SystemRoot\System32\DRIVERS\avipbb.sys
0xBA458000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xA847C000 \SystemRoot\System32\Drivers\avgldx86.sys
0xBA248000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA843C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5CE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB87ED000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA470000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA68D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF065000 \SystemRoot\System32\ati2cqag.dll
0xBF0FE000 \SystemRoot\System32\atikvmag.dll
0xBF182000 \SystemRoot\System32\atiok3x2.dll
0xBF1CD000 \SystemRoot\System32\ati3duag.dll
0xBF572000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA611C000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xA5D5F000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xBA60E000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA5B00000 \SystemRoot\System32\DRIVERS\srv.sys
0xA5A23000 \SystemRoot\system32\drivers\wdmaud.sys
0xA5BCF000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA5B4000 \SystemRoot\system32\drivers\splitter.sys
0xA5938000 \SystemRoot\system32\drivers\aec.sys
0xA5F4C000 \SystemRoot\system32\drivers\swmidi.sys
0xA5F1C000 \SystemRoot\system32\drivers\DMusic.sys
0xA586D000 \SystemRoot\system32\drivers\kmixer.sys
0xBA7AC000 \SystemRoot\system32\drivers\drmkaud.sys
0xA54FF000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA52DE000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 36):
0 System Idle Process
4 System
480 C:\WINDOWS\system32\smss.exe
528 csrss.exe
560 C:\WINDOWS\system32\winlogon.exe
604 C:\WINDOWS\system32\services.exe
616 C:\WINDOWS\system32\lsass.exe
792 C:\WINDOWS\system32\ati2evxx.exe
812 C:\WINDOWS\system32\svchost.exe
868 svchost.exe
936 C:\WINDOWS\system32\svchost.exe
976 C:\WINDOWS\system32\svchost.exe
1052 svchost.exe
1100 svchost.exe
1244 C:\WINDOWS\system32\spoolsv.exe
1328 C:\WINDOWS\system32\ati2evxx.exe
1336 C:\Program Files\AVG\AVG9\avgchsvx.exe
1344 C:\Program Files\AVG\AVG9\avgrsx.exe
1420 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1828 svchost.exe
1896 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1992 C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
2016 C:\Program Files\Java\jre6\bin\jqs.exe
212 C:\WINDOWS\system32\svchost.exe
372 C:\WINDOWS\system32\ZuneBusEnum.exe
1272 C:\WINDOWS\explorer.exe
1776 C:\WINDOWS\system32\dmadmin.exe
1860 C:\WINDOWS\system32\wuauclt.exe
2320 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2332 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
2404 C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
2572 C:\Program Files\AVG\AVG9\avgemc.exe
2640 C:\Program Files\AVG\AVG9\avgnsx.exe
2720 C:\Program Files\AVG\AVG9\avgcsrvx.exe
3316 alg.exe
3832 C:\Documents and Settings\Dave\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`c4014000 (NTFS)

PhysicalDrive0 Model Number: ST3160212A, Rev: 3.AAJ

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

broni · 2010/08/12

Wonderful
It looks good

What are the current issues?

davee · 2010/08/12

Hi broni well the current issues were the redirecting of google searches . after running the mbr fix just now i did a few google searches and they all worked fine so wll see what hapens from now and ill reply back with either good news or bad ok

broni · 2010/08/12

Sounds good, but at the same time, I want you to do couple of things.
Update MBAM, run it and post its log.
Download fresh copy of Combofix, run it at post its log.

Then....

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

davee · 2010/08/13

here is MBAM log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4423

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/13/2010 3:30:29 PM
mbam-log-2010-08-13 (15-30-29).txt

Scan type: Quick scan
Objects scanned: 130796
Time elapsed: 7 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

davee · 2010/08/13

here is combofix log

ComboFix 10-08-12.02 - Dave 08/13/2010 15:41:10.11.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1462 [GMT 10:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-07-13 to 2010-08-13 )))))))))))))))))))))))))))))))
.

2010-08-07 23:37 . 2010-08-11 07:29 27386648 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_au.exe
2010-08-03 10:32 . 2010-08-03 11:21 -------- d-----w- c:\program files\trend micro
2010-08-03 10:32 . 2010-08-03 10:32 -------- d-----w- C:\rsit
2010-07-31 12:21 . 2010-08-01 01:06 -------- d-----w- c:\documents and settings\Dave\DoctorWeb
2010-07-31 11:06 . 2010-07-31 11:06 -------- d-----w- c:\program files\ESET
2010-07-26 06:59 . 2010-07-26 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Socusoft
2010-07-25 00:36 . 2010-07-25 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2010-07-23 12:48 . 2010-07-23 12:48 -------- d-----w- c:\program files\Common Files\Java
2010-07-23 12:48 . 2010-07-23 12:48 503808 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b0cd43b-n\msvcp71.dll
2010-07-23 12:48 . 2010-07-23 12:48 499712 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b0cd43b-n\jmc.dll
2010-07-23 12:48 . 2010-07-23 12:48 348160 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b0cd43b-n\msvcr71.dll
2010-07-23 12:48 . 2010-07-23 12:48 61440 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7346e290-n\decora-sse.dll
2010-07-23 12:48 . 2010-07-23 12:48 12800 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7346e290-n\decora-d3d.dll
2010-07-23 12:48 . 2010-06-21 18:36 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-23 11:05 . 2010-07-23 11:05 -------- d-----w- C:\_OTL
2010-07-22 09:16 . 2010-07-22 09:16 -------- d-----w- c:\documents and settings\Dave\Application Data\Malwarebytes
2010-07-22 09:16 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-22 09:16 . 2010-07-22 09:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-22 09:16 . 2010-07-22 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-22 09:16 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-21 10:32 . 2010-07-21 10:32 -------- d-----w- c:\documents and settings\Dave\Application Data\8926D9C51CB41E81AD43AAED097E3035
2010-07-21 09:00 . 2010-07-21 09:00 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-21 09:00 . 2010-07-21 09:00 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-21 09:00 . 2010-07-21 09:00 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe
2010-07-21 09:00 . 2010-07-21 09:00 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-20 11:03 . 2010-07-20 11:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-16 23:29 . 2010-07-16 23:29 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-16 23:29 . 2010-07-16 23:29 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-16 23:29 . 2010-07-16 23:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 23:27 . 2010-07-16 23:27 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-16 23:27 . 2010-07-16 23:27 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-16 23:27 . 2010-07-16 23:27 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-16 23:27 . 2010-07-16 23:27 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-16 05:45 . 2010-07-16 05:57 1901 ----a-w- c:\windows\panose.bin
2010-07-16 05:37 . 2001-04-11 03:03 6144 ----a-w- c:\windows\system32\W95fiber.dll
2010-07-16 05:37 . 2001-04-11 03:03 401484 ----a-w- c:\windows\system32\Msvcrtd.dll
2010-07-16 05:37 . 2001-04-11 03:03 210944 ----a-w- c:\windows\system32\Msvcrt10.dll
2010-07-16 05:37 . 2001-04-11 03:03 94285 ----a-w- c:\windows\system32\Msvcirtd.dll
2010-07-16 05:37 . 2001-04-11 03:03 133392 ----a-w- c:\windows\system32\Mfco30.dll
2010-07-16 05:37 . 2001-04-11 03:02 322832 ----a-w- c:\windows\system32\Mfc30.dll
2010-07-16 05:37 . 2001-04-11 03:02 212480 ----a-w- c:\windows\Pcdlib32.dll
2010-07-16 05:33 . 1998-10-02 09:00 327168 ----a-w- c:\windows\IsUninst.exe
2010-07-16 05:29 . 2010-07-16 05:29 -------- d-----w- c:\windows\_ISTMP2.DIR
2010-07-16 05:29 . 2010-07-16 05:29 -------- d-----w- c:\windows\_ISTMP1.DIR
2010-07-14 07:00 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-13 04:42 . 2009-04-10 11:05 -------- d-----w- c:\program files\Opera
2010-08-12 10:36 . 2009-04-30 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-08-10 09:09 . 2009-04-15 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-08-08 10:00 . 2009-04-10 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-31 05:56 . 2009-04-10 02:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-31 05:53 . 2010-05-04 10:08 63488 ----a-w- c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-31 05:53 . 2009-04-10 02:24 117760 ----a-w- c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-26 10:53 . 2009-04-22 23:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-26 07:00 . 2010-04-25 02:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-25 03:03 . 2010-07-03 06:07 -------- d-----w- c:\program files\etax2010
2010-07-23 12:48 . 2009-04-21 05:23 -------- d-----w- c:\program files\Java
2010-07-21 08:11 . 2009-05-26 07:31 -------- d-----w- c:\documents and settings\Dave\Application Data\Vso
2010-07-16 23:29 . 2009-04-12 10:19 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 23:28 . 2009-04-12 10:19 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-04 06:18 . 2010-07-04 06:18 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ATI
2010-06-26 04:28 . 2010-06-26 04:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-06-26 04:01 . 2009-12-06 08:56 -------- d-----w- c:\program files\Common Files\Nokia
2010-06-26 03:59 . 2010-06-26 03:59 -------- d-----w- c:\program files\PC Connectivity Solution
2010-06-26 03:58 . 2010-06-26 03:58 77824 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-06-26 03:58 . 2010-06-26 03:58 50000 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-06-26 03:56 . 2010-06-26 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache
2010-06-22 19:52 . 2010-06-26 03:58 69214784 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-06-22 19:52 . 2010-06-22 19:52 69214784 ----a-w- c:\documents and settings\Dave\Application Data\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2010-06-14 14:31 . 2009-04-10 01:23 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-03 00:05 . 2009-04-12 10:19 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-08-08_11.39.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-13 04:41 . 2010-08-13 04:41 16384 c:\windows\temp\Perflib_Perfdata_7e0.dat
+ 2010-08-13 04:42 . 2010-08-13 04:42 2647552 c:\windows\Installer\175c7.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-22 2403568]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-30 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-1-26 1486848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 22:07 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 23:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@= "Service "
path=
backup=

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Family & Friends Reminders.LNK]
backup=c:\windows\pss\Corel Family & Friends Reminders.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-19 07:27 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 08:25 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 02:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-10 07:37 417792 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2005-04-26 03:22 589824 ----a-r- c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\raid_tool]
2005-04-26 03:22 589824 ----a-r- c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-11 17:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 13:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 01:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-30 01:24 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 03:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService "=2 (0x2)
"AntiVirSchedulerService "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Opera\\opera.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe "=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe "=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/12/2009 8:19 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/12/2009 8:19 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3/23/2009 2:07 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 67656]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/17/2010 9:28 AM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/17/2010 9:29 AM 308136]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; [x]
S2 gupdate1c9c932a0f8aaae;Google Update Service (gupdate1c9c932a0f8aaae);c:\program files\Google\Update\GoogleUpdate.exe [4/30/2009 11:26 AM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 12872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-30 01:24]

2010-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 01:25]

2010-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 01:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/webhp?hl=en
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=" "
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=" "
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=" "
"Installed "= "1 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\MrvGINA.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'Explorer.exe'(1792)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-13 15:46:03
ComboFix-quarantined-files.txt 2010-08-13 05:46
ComboFix2.txt 2010-08-08 11:43

Pre-Run: 18,423,771,136 bytes free
Post-Run: 18,426,265,600 bytes free

- - End Of File - - 51155C5AF624CC34FE7811FCBFC2016F

davee · 2010/08/13

here is OTL .txt i didnt get an extra one did i do something wrong ??

OTL logfile created on: 8/13/2010 3:50:22 PM - Run 8
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 17.18 Gb Free Space | 43.99% Space Free | Partition Type: NTFS
Drive D: | 109.99 Gb Total Space | 26.59 Gb Free Space | 24.17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-8WI9D3OO4Q
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/09 15:27:06 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2010/08/08 20:06:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
PRC - [2010/07/21 18:59:20 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/17 09:29:21 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/17 09:29:17 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/17 09:29:17 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/17 09:29:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/17 09:28:18 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/17 09:28:17 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/26 17:55:04 | 001,486,848 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe

========== Modules (SafeList) ==========

MOD - [2010/08/08 20:06:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
MOD - [2008/04/14 10:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService)
SRV - [2010/07/21 18:59:20 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/17 09:29:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/01/07 13:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 13:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/11/06 08:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Dave\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/17 09:29:19 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 09:28:18 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 10:05:22 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/26 17:02:31 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/24 02:31:01 | 000,106,432 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/19 13:04:28 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 13:04:27 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/11 17:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/01/07 13:22:02 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2010/01/02 03:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/02/13 14:22:54 | 000,095,576 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/14 04:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/10/06 15:17:34 | 000,280,576 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
DRV - [2005/05/18 19:50:30 | 002,319,680 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/03/04 13:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/04 15:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/10/15 17:52:50 | 000,174,530 | R--- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)
DRV - [2003/07/02 06:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/webhp?hl=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/06/26 14:00:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/06/26 14:00:13 | 000,000,000 | ---D | M]

[2009/11/22 09:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2009/11/22 09:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/08/09 20:33:57 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - C:\WINDOWS\System32\MrvGINA.dll (Marvell(R))
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/10 11:24:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/13 15:39:45 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/08/11 18:29:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dave\Recent
[2010/08/10 19:41:37 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Dave\Desktop\RootRepeal.exe
[2010/08/09 19:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\My Documents\house pics
[2010/08/08 21:13:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/08 21:13:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/08 21:13:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/08 21:13:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/08 21:12:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/08 20:06:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2010/08/07 09:39:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/03 20:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/08/03 20:32:30 | 000,000,000 | ---D | C] -- C:\rsit
[2010/08/03 20:18:49 | 001,170,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dave\Desktop\TDSSKiller.exe
[2010/08/03 16:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\GooredFix Backups
[2010/08/03 16:44:44 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Dave\Desktop\GooredFix.exe
[2010/07/31 22:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\DoctorWeb
[2010/07/31 21:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/27 20:51:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/26 16:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2010/07/25 10:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/07/23 22:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/23 22:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/23 22:48:04 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/23 22:48:04 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/23 22:48:04 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/23 22:48:04 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/23 21:05:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/22 19:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\Malwarebytes
[2010/07/22 19:16:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/22 19:16:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/22 19:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/22 19:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/21 21:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/21 21:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/21 20:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\8926D9C51CB41E81AD43AAED097E3035
[2010/07/21 19:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/17 17:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\videos
[2010/07/17 09:29:17 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/16 15:37:41 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\Pcdlib32.dll
[2010/07/16 15:29:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\_ISTMP2.DIR
[2010/07/16 15:29:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\_ISTMP1.DIR
[2010/07/11 16:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\hl
[2010/07/06 19:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\New Folder
[2010/07/03 16:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\etax2010
[2010/06/26 13:59:32 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/06/26 13:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/06/26 13:58:52 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2010/06/26 13:58:51 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2010/06/26 13:58:49 | 000,022,528 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2010/06/26 13:58:48 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2010/06/26 13:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/06/06 11:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/06/06 11:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/05/20 19:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/05/18 19:53:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/05/18 19:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\My Documents\E52
[2010/05/18 18:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\Nokia
[2010/05/18 18:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\NokiaAccount

========== Files - Modified Within 90 Days ==========

[2010/08/13 15:46:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/13 15:44:35 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/13 15:39:19 | 003,816,785 | R--- | M] () -- C:\Documents and Settings\Dave\Desktop\ComboFix.exe
[2010/08/13 15:34:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/13 14:42:50 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/08/13 14:42:49 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/08/13 14:41:18 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/13 14:41:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/13 14:40:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/13 14:28:43 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\Dave\NTUSER.DAT
[2010/08/13 14:28:43 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Dave\ntuser.ini
[2010/08/13 14:19:00 | 063,336,486 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/12 21:55:37 | 005,887,448 | -H-- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\IconCache.db
[2010/08/12 21:28:09 | 000,438,784 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Radiologists Pin-up.pps
[2010/08/12 19:03:19 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/08/10 19:41:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\settings.dat
[2010/08/10 19:40:53 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\RootRepeal.zip
[2010/08/10 19:36:27 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\MBRCheck.exe
[2010/08/09 21:11:47 | 000,490,232 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\HelpAsst_mebroot_fix.exe
[2010/08/09 20:33:57 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/08/09 18:43:28 | 006,208,623 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Nieuwespitskk.wmv
[2010/08/08 20:06:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2010/08/08 19:12:11 | 000,869,051 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\SecurityCheck.exe
[2010/08/08 09:41:57 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\gmer.zip
[2010/08/07 14:34:13 | 000,093,580 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\reciept.jpg
[2010/08/05 16:49:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/04 21:13:25 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/03 20:32:01 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\RSIT.exe
[2010/08/03 16:44:44 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Dave\Desktop\GooredFix.exe
[2010/08/01 16:22:40 | 000,000,161 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\fixme.reg
[2010/07/31 22:19:59 | 048,022,216 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\drweb-cureit.exe
[2010/07/26 18:15:26 | 000,051,334 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\29856_1412723292538_1666219019_995475_2027858_n.jpg
[2010/07/25 13:55:50 | 000,109,184 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\DAVE 2010.TAX
[2010/07/25 13:50:37 | 000,108,120 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\DAVE 2010.BAK
[2010/07/25 13:03:41 | 000,001,704 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\e-tax 2010.lnk
[2010/07/23 22:17:42 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\SystemLook.exe
[2010/07/23 16:46:42 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\dds.scr
[2010/07/22 21:24:58 | 000,001,165 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/22 21:24:58 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/07/22 16:11:12 | 001,170,256 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dave\Desktop\TDSSKiller.exe
[2010/07/19 21:48:49 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\vso_ts_preview.xml
[2010/07/19 14:58:04 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/07/19 12:39:25 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/17 13:11:18 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/17 09:29:19 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/17 09:29:17 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/17 09:28:18 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/16 16:07:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MSPublisher_Quark Converter.INI
[2010/07/16 15:57:08 | 000,001,901 | ---- | M] () -- C:\WINDOWS\panose.bin
[2010/07/15 16:18:27 | 001,778,547 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\DemolitionCall1.wmv
[2010/07/08 16:27:49 | 004,054,198 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Mitre 10 Advert.wmv
[2010/07/05 13:02:21 | 000,058,257 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_9055.jpg
[2010/07/05 12:59:28 | 000,097,912 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_9-1.jpg
[2010/07/05 12:41:36 | 000,064,813 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_905554_8123457_n.jpg
[2010/07/05 12:08:43 | 000,074,169 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31856_1416476466365_1666219019_1004698_8228200_n.jpg
[2010/07/05 11:48:23 | 000,181,419 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31856_1418535677844_1666219019_1010374_2621558_n.jpg
[2010/07/05 11:48:18 | 000,170,467 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31856_1418535597842_1666219019_1010373_3420771_n.jpg
[2010/07/04 16:18:41 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2010/07/04 13:43:13 | 004,744,640 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\TEXASFLASHLIGHT_.WMV
[2010/07/03 14:59:56 | 006,778,880 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\etax2010_1.msi
[2010/06/26 14:29:51 | 000,506,580 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/26 14:29:51 | 000,425,920 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/26 14:29:51 | 000,071,114 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/26 14:28:26 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010/06/22 04:36:38 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/06/22 04:36:37 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/06/22 04:36:36 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/06/22 04:36:29 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/22 02:24:28 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/12 13:39:49 | 000,173,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/06 11:50:20 | 000,000,040 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/06/03 11:27:34 | 000,032,397 | ---- | M] () -- C:\WINDOWS\SGTBox.INI
[2010/06/03 10:05:22 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/30 09:58:30 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET

========== Files Created - No Company Name ==========

[2010/08/13 15:38:57 | 003,816,785 | R--- | C] () -- C:\Documents and Settings\Dave\Desktop\ComboFix.exe
[2010/08/13 14:42:49 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/08/12 21:28:09 | 000,438,784 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Radiologists Pin-up.pps
[2010/08/10 19:41:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\settings.dat
[2010/08/10 19:40:53 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\RootRepeal.zip
[2010/08/10 19:36:27 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\MBRCheck.exe
[2010/08/09 21:11:47 | 000,490,232 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\HelpAsst_mebroot_fix.exe
[2010/08/09 18:43:28 | 006,208,623 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Nieuwespitskk.wmv
[2010/08/08 21:13:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/08 21:13:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/08 21:13:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/08 21:13:09 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/08 21:13:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/08 19:12:10 | 000,869,051 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\SecurityCheck.exe
[2010/08/08 09:42:12 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\gmer.exe
[2010/08/08 09:41:56 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\gmer.zip
[2010/08/07 14:34:13 | 000,093,580 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\reciept.jpg
[2010/08/03 20:32:01 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\RSIT.exe
[2010/08/01 18:31:15 | 000,000,161 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\fixme.reg
[2010/08/01 17:38:44 | 000,462,445 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Silent Runners.vbs
[2010/07/31 22:14:12 | 048,022,216 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\drweb-cureit.exe
[2010/07/31 10:16:45 | 000,003,254 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\RegSrch.vbs
[2010/07/26 18:15:33 | 000,051,334 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\29856_1412723292538_1666219019_995475_2027858_n.jpg
[2010/07/23 22:17:42 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\SystemLook.exe
[2010/07/23 16:46:42 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\dds.scr
[2010/07/20 21:50:54 | 000,002,235 | ---- | C] () -- C:\Documents and Settings\Dave\avgrep.txt
[2010/07/20 20:45:14 | 000,012,395 | ---- | C] () -- C:\Documents and Settings\Dave\hs_err_pid3200.log
[2010/07/19 20:10:44 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\vso_ts_preview.xml
[2010/07/17 13:11:18 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/16 16:07:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSPublisher_Quark Converter.INI
[2010/07/16 15:45:35 | 000,001,901 | ---- | C] () -- C:\WINDOWS\panose.bin
[2010/07/16 15:37:42 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2010/07/15 16:18:17 | 001,778,547 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\DemolitionCall1.wmv
[2010/07/08 16:27:26 | 004,054,198 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Mitre 10 Advert.wmv
[2010/07/05 13:02:21 | 000,058,257 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_9055.jpg
[2010/07/05 12:59:28 | 000,097,912 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_9-1.jpg
[2010/07/05 12:41:36 | 000,064,813 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_905554_8123457_n.jpg
[2010/07/05 12:08:43 | 000,074,169 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31856_1416476466365_1666219019_1004698_8228200_n.jpg
[2010/07/05 11:48:23 | 000,181,419 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31856_1418535677844_1666219019_1010374_2621558_n.jpg
[2010/07/05 11:48:18 | 000,170,467 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31856_1418535597842_1666219019_1010373_3420771_n.jpg
[2010/07/04 16:18:41 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\crash
[2010/07/04 13:42:35 | 004,744,640 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\TEXASFLASHLIGHT_.WMV
[2010/07/03 16:08:06 | 000,109,184 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\DAVE 2010.TAX
[2010/07/03 16:08:06 | 000,108,120 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\DAVE 2010.BAK
[2010/07/03 16:07:13 | 000,001,704 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\e-tax 2010.lnk
[2010/07/03 14:59:16 | 006,778,880 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\etax2010_1.msi
[2010/06/26 14:28:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010/06/06 11:50:20 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/02/15 16:54:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/30 14:44:55 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2009/12/01 17:42:12 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6e.DLL
[2009/10/19 20:06:48 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/07/04 14:14:28 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2009/07/04 14:09:29 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2009/05/04 17:00:39 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/04/28 07:39:51 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/04/18 13:59:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/10 15:05:45 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/04/10 13:16:51 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/04/10 13:16:39 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2009/04/10 12:15:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/07 11:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

========== LOP Check ==========

[2009/11/07 11:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/06 18:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/05/18 19:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/06/26 13:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2009/07/04 12:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/06/06 11:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/07/26 16:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2010/07/26 17:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/25 10:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/07/21 20:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\8926D9C51CB41E81AD43AAED097E3035
[2009/09/23 16:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/04/19 16:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\DVDFab
[2009/12/13 20:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\IrfanView
[2009/08/03 18:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\MoveFab
[2010/05/18 18:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Nokia
[2010/06/06 10:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Nokia Multimedia Player
[2010/04/01 18:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Opera
[2010/05/18 18:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\PC Suite
[2010/07/21 18:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Vso

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/04/10 11:24:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/22 21:24:58 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/08/12 19:03:19 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/13 15:46:04 | 000,018,553 | ---- | M] () -- C:\ComboFix.txt
[2009/04/10 11:24:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/09 21:26:02 | 000,001,499 | ---- | M] () -- C:\HelpAsst.log
[2009/04/10 11:24:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/04/10 11:24:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/04/12 13:27:46 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/04/13 12:03:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/13 14:40:52 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/05/30 09:58:30 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010/08/10 19:47:03 | 000,003,614 | ---- | M] () -- C:\RootRepeal report 08-10-10 (19-47-03).txt
[2010/08/03 20:19:51 | 000,039,178 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_03.08.2010_20.19.00_log.txt
[2010/08/04 17:06:59 | 000,039,178 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_04.08.2010_17.04.13_log.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2004/04/23 15:00:00 | 000,017,920 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD6e.DLL
[2004/04/23 15:00:00 | 000,054,272 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP6e.DLL
[2008/07/06 22:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/04/10 21:13:13 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/04/10 21:13:13 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/04/10 21:13:13 | 000,409,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 10:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 10:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 10:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21
< End of report >

broni · 2010/08/13

All looks good
Just some minor garbage left.

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

=================================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
SRV - File not found [Auto | Stopped] -- -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService)
DRV - [2009/02/13 14:22:54 | 000,095,576 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
===============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

Disable your active antivirus program.

Read through the requirements and privacy statement and click on Accept button.

It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.

When the downloads have finished, click on Settings.

Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs

Archives

Mail databases

Click on My Computer under Scan.

Once the scan is complete, it will display the results. Click on View Scan Report.

You will see a list of infected items there. Click on Save Report As....

Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

davee · 2010/08/13

here is latest OTL log

All processes killed
========== OTL ==========
Service AntiVirService stopped successfully!
Service AntiVirService deleted successfully!
Service AntiVirSchedulerService stopped successfully!
Service AntiVirSchedulerService deleted successfully!
Service avipbb stopped successfully!
Service avipbb deleted successfully!
C:\WINDOWS\system32\drivers\avipbb.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dave
->Temp folder emptied: 20090001 bytes
->Temporary Internet Files folder emptied: 641792 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 3106 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 105497552 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 120.00 mb

[EMPTYFLASH]

User: All Users

User: Dave
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.9.1 log created on 08142010_102124

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

davee · 2010/08/13

here is security check log

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Free 9.0
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner (remove only)
Java(TM) 6 Update 21
Adobe Flash Player 10.1.53.64
Adobe Reader 9.3.3
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

broni · 2010/08/13

All good

Off to Kaspersky....

davee · 2010/08/14

Hi broni here is kaspersky report
thanks for your help and crunchies much aprreciated
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, August 14, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, August 13, 2010 20:03:58
Records in database: 4132666
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 56887
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:22:02

No threats found. Scanned area is clean.

Selected area has been scanned.

crunchie · 2010/08/14

Cheers Broni .

broni · 2010/08/14

Thanks Chris

Wonderful

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

=================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

davee · 2010/08/14

Hi broni & crunchie firstly thanks a heap pc has been fine since we fixed mbr but ill post back in a couple of days just to dbl check so we can mark this as resolved thanks again cheers to you all

Log in or Sign up

Solved trojan / "Object is inaccessible."

davee Inactive Thread Starter

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

davee Inactive Thread Starter

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

crunchie Inactive

broni Moderator Malware Analyst

davee Inactive Thread Starter

Share This Page

Log in or Sign up

Solved trojan / "Object is inaccessible."

davee Inactive Thread Starter

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

davee Inactive Thread Starter

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

crunchie Inactive

broni Moderator Malware Analyst

davee Inactive Thread Starter

Share This Page

Useful Searches