Solved Very sluggish comp and antivirus disabled

DugE · 2010/12/05

[Resolved] Very sluggish comp and antivirus disabled

My computer has gotten very sluggish with cpu at 100% often. Not idle for long before running at max again. Clicking on links take forever because of this. Also something seems to be disabling my antivirus program on restart. Not every time but on several occasions when I restarted the av program icon would not be in the bar with the clock. When try to run from program files I get the message that configuration was wrong and that I would have to reinstall the program. I used Avast av and switched to avira av and this happen only once so far. Here are the requested logs:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5245

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/5/2010 10:42:33 AM
mbam-log-2010-12-05 (10-42-32).txt

Scan type: Quick scan
Objects scanned: 122517
Time elapsed: 3 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

===========================

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-05 11:20:32
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SV0802N rev.TP100-23
Running: h0g1991v.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uxddipog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xEF12F534]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xEF129782]
SSDT F8A68026 ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xEF12FCC0]
SSDT F8A6801C ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xEF12FDF6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xEF12A398]
SSDT F8A6802B ZwDeleteKey
SSDT F8A68035 ZwDeleteValueKey
SSDT F8A68053 ZwLoadDriver
SSDT F8A6803A ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xEF14AB44]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xEF129FAA]
SSDT F8A68008 ZwOpenProcess
SSDT F8A6800D ZwOpenThread
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xEF14B8D2]
SSDT F8A68044 ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xEF12F0F4]
SSDT F8A6803F ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xEF12A75C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xEF14BE12]
SSDT F8A68058 ZwSetSystemInformation
SSDT F8A68030 ZwSetValueKey
SSDT F8A68017 ZwTerminateProcess
SSDT F8A68012 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 1D0 804E283C 12 Bytes [53, 80, A6, F8, 3A, 80, A6, ...] {PUSH EBX; AND BYTE [ESI-0x597fc508], 0xf8; INC ESP; STOSD ; ADC AL, 0xef}

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [EF134672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [EF1344C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [EF134CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [EF132C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [EF132C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [EF134672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [EF1344C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [EF134CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [EF134672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [EF132C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [EF134CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [EF1344C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [EF134CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [EF1344C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [EF134672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [EF1123C4] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [EF132C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [EF134672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [EF1344C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [EF134CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [EF134672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [EF132C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [EF134CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [EF1344C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [EF12B2AA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [EF12B60C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [EF12AD40] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [EF12B41C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

==============================================

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 123):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8957000 \WINDOWS\system32\KDCOM.DLL
0xF8867000 \WINDOWS\system32\BOOTVID.dll
0xF8408000 ACPI.sys
0xF8959000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF83F7000 pci.sys
0xF8457000 isapnp.sys
0xF895B000 intelide.sys
0xF86D7000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8467000 MountMgr.sys
0xF83D8000 ftdisk.sys
0xF86DF000 PartMgr.sys
0xF8477000 VolSnap.sys
0xF83C0000 atapi.sys
0xF8487000 disk.sys
0xF8497000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF83A0000 fltmgr.sys
0xF838E000 sr.sys
0xF8377000 KSecDD.sys
0xF82EA000 Ntfs.sys
0xF82BD000 NDIS.sys
0xF84A7000 SISAGPX.sys
0xF86E7000 viaagp1.sys
0xF86EF000 nv_agp.sys
0xF82A3000 Mup.sys
0xF84B7000 agp440.sys
0xF85B7000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF7B18000 \SystemRoot\System32\DRIVERS\ialmnt5.sys
0xF7B04000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF876F000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF7AE0000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF8777000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF7ACE000 \SystemRoot\System32\DRIVERS\EG1032xp.sys
0xF85C7000 \SystemRoot\System32\DRIVERS\serial.sys
0xF8907000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF7ABA000 \SystemRoot\System32\DRIVERS\parport.sys
0xF877F000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF85D7000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF85E7000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF85F7000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8607000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF7A97000 \SystemRoot\System32\DRIVERS\ks.sys
0xF74CA000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF74A6000 \SystemRoot\system32\drivers\portcls.sys
0xF8617000 \SystemRoot\system32\drivers\drmk.sys
0xF8BA7000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8627000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF890F000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF748F000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8637000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF8647000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF8787000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF747E000 \SystemRoot\System32\DRIVERS\psched.sys
0xF8657000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF8797000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF879F000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF8667000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF87A7000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF87AF000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF896F000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF7420000 \SystemRoot\System32\DRIVERS\update.sys
0xF891F000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF8677000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8697000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8973000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF87B7000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF8975000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8A8B000 \SystemRoot\System32\Drivers\Null.SYS
0xF8977000 \SystemRoot\System32\Drivers\Beep.SYS
0xF87C7000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF87CF000 \SystemRoot\System32\drivers\vga.sys
0xF8979000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF897B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF87D7000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF87DF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7410000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xEF210000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xEF1B7000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xEF18F000 \SystemRoot\System32\DRIVERS\netbt.sys
0xEF10E000 \SystemRoot\System32\vsdatant.sys
0xF7404000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xEF0C4000 \SystemRoot\System32\drivers\afd.sys
0xF86C7000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF87E7000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF7400000 \SystemRoot\System32\DRIVERS\srvkp.sys
0xEF0A2000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF87EF000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xEF077000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xEF007000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF84F7000 \SystemRoot\System32\Drivers\Fips.SYS
0xEEFE1000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF8507000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF73E0000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xF8557000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF73DC000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF73D4000 \SystemRoot\System32\DRIVERS\kbdhid.sys
0xEDE9B000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF8989000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xEDE77000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEDE5F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8993000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEF10A000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8807000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8B34000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF03E000 \SystemRoot\System32\ialmdev5.DLL
0xBF064000 \SystemRoot\System32\ialmdd5.DLL
0xEDDAA000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xEDDEB000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xED96D000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xED930000 \SystemRoot\system32\drivers\wdmaud.sys
0xEDD42000 \SystemRoot\system32\drivers\sysaudio.sys
0xEDA82000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF8A1D000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xED4C8000 \SystemRoot\System32\DRIVERS\srv.sys
0xED11E000 \SystemRoot\System32\Drivers\HTTP.sys
0xECFEB000 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\uxddipog.sys
0xECFC0000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 29):
0 System Idle Process
4 System
560 C:\WINDOWS\system32\smss.exe
624 csrss.exe
648 C:\WINDOWS\system32\winlogon.exe
692 C:\WINDOWS\system32\services.exe
704 C:\WINDOWS\system32\lsass.exe
864 C:\WINDOWS\system32\svchost.exe
932 svchost.exe
972 C:\WINDOWS\system32\svchost.exe
1044 svchost.exe
1140 svchost.exe
1584 C:\WINDOWS\system32\spoolsv.exe
1604 C:\WINDOWS\explorer.exe
1680 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1764 svchost.exe
1784 C:\WINDOWS\system\hpsysdrv.exe
1792 C:\WINDOWS\system32\hkcmd.exe
1964 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1976 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2000 C:\WINDOWS\system32\ctfmon.exe
2008 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
268 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
308 C:\Program Files\Java\jre6\bin\jqs.exe
1012 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2080 C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
2116 C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
2868 alg.exe
4028 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`b05b2000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: SAMSUNGSV0802N, Rev: TP100-23

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 52F361BC44BB87BE63C2F19360F552125A89E7DC

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

===========================================

DDS (Ver_10-12-05.01) - NTFSx86
Run by Owner at 11:23:31.98 on Sun 12/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.248 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\Program Files\Avira\AntiVir Desktop\checkt.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://srch-us9.hpwis.com/
uDefault_Page_URL = hxxp://us9.hpwis.com/
uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
uSearch Bar = hxxp://srch-us9.hpwis.com/
mSearch Bar = hxxp://srch-us9.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} -
EB: {8F4902B6-6C04-4ade-8052-AA58578A21BD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AutoTKit] c:\hp\bin\AUTOTKIT.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\navjavfn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\navjavfn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-4 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-9-24 532224]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2010-12-4 339624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-4 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-4 267944]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2010-12-4 403624]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-4 61960]
S2 0023231290871039mcinstcleanup;McAfee Application Installer Cleanup (0023231290871039); [x]
S2 0262051291490448mcinstcleanup;McAfee Application Installer Cleanup (0262051291490448);c:\docume~1\owner\locals~1\temp\026205~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\owner\locals~1\temp\026205~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2010-9-23 14336]

=============== Created Last 30 ================

2010-12-05 00:15:20 -------- d-----w- c:\windows\.jagex_cache_32
2010-12-04 20:21:43 -------- d-----w- c:\docume~1\owner\applic~1\Avira
2010-12-04 20:13:10 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-04 20:13:09 -------- d-----w- c:\program files\Avira
2010-12-04 20:13:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-12-03 20:20:20 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Temp
2010-12-03 20:20:11 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Google
2010-11-30 15:50:44 -------- d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2010-11-30 15:50:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-11-30 15:50:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-30 15:35:41 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-11-30 15:35:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-30 15:35:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-30 15:35:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-30 15:34:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-16 19:12:09 -------- d-----w- c:\windows\SxsCaPendDel

==================== Find3M ====================

2010-10-13 16:30:46 256 ----a-w- c:\windows\system32\pool.bin
2010-10-13 15:26:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-13 15:26:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-23 20:35:41 0 ----a-w- c:\windows\system32\iAlmcoin.dll
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

============= FINISH: 11:24:35.39 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/23/2010 4:37:02 PM
System Uptime: 12/5/2010 10:35:30 AM (1 hours ago)

Motherboard: TriGem Computer Inc. | | Glendale motherboard
Processor: Intel(R) Pentium(R) 4 CPU 2.50GHz | WMT478/NWD | 2486/mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 68 GiB total, 52.758 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 2.418 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_3189109F&REV_10\4&2C53C0AE&0&10F0
Manufacturer: Realtek
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_3189109F&REV_10\4&2C53C0AE&0&10F0
Service: rtl8139

==== System Restore Points ===================

RP27: 10/27/2010 1:11:31 PM - Removed RuneScape Launcher 1.0.4
RP28: 10/28/2010 1:55:29 PM - System Checkpoint
RP29: 11/2/2010 7:27:43 AM - Installed RuneScape Launcher 1.0.4
RP30: 11/5/2010 12:23:04 PM - System Checkpoint
RP31: 11/10/2010 7:03:01 AM - Software Distribution Service 3.0
RP32: 11/12/2010 9:58:06 AM - System Checkpoint
RP33: 11/14/2010 2:57:13 PM - System Checkpoint
RP34: 11/16/2010 2:10:54 PM - Removed BlackBerry Desktop Software 6.0.
RP35: 11/16/2010 2:24:08 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
RP36: 11/16/2010 2:24:42 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP37: 11/16/2010 2:29:22 PM - Removed Microsoft .NET Framework 3.0 Service Pack 2
RP38: 11/16/2010 2:31:27 PM - Removed Microsoft .NET Framework 2.0 Service Pack 2
RP39: 11/16/2010 2:47:59 PM - avast! Free Antivirus Setup
RP40: 11/16/2010 2:57:02 PM - avast! Free Antivirus Setup
RP41: 11/16/2010 3:09:27 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP42: 11/16/2010 3:29:25 PM - avast! Free Antivirus Setup
RP43: 11/16/2010 4:02:36 PM - avast! Free Antivirus Setup
RP44: 11/22/2010 3:48:23 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP45: 11/23/2010 3:41:57 PM - avast! Free Antivirus Setup
RP46: 11/23/2010 3:47:15 PM - avast! Free Antivirus Setup
RP47: 11/26/2010 4:51:44 PM - System Checkpoint
RP48: 11/28/2010 3:20:03 PM - System Checkpoint
RP49: 11/30/2010 5:30:48 PM - System Checkpoint
RP50: 12/2/2010 9:45:57 AM - System Checkpoint
RP51: 12/4/2010 12:44:16 PM - System Checkpoint
RP52: 12/4/2010 12:41:04 PM - System Checkpoint
RP53: 12/4/2010 2:22:43 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP54: 12/4/2010 2:23:25 PM - Removed RuneScape Launcher 1.0.4
RP55: 12/4/2010 3:02:55 PM - avast! Free Antivirus Setup
RP56: 12/4/2010 4:12:37 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

==== Installed Programs ======================

Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Auslogics Disk Defrag
Avira AntiVir Premium
Bejeweled Deluxe 1.6z
CCleaner
FreeZip
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
HpSdpAppCoreApp
Intel(R) Extreme Graphics Driver
Java Auto Updater
Java(TM) 6 Update 22
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 7.0
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Gart Driver
NVIDIA Windows 2000/XP Display Drivers
PrintScreen
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SpywareBlaster 4.4
SUPERAntiSpyware
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
ZoneAlarm

==== Event Viewer Messages From Past Week ========

12/5/2010 10:47:09 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
12/4/2010 8:38:10 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
12/4/2010 4:30:08 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Avira\AntiVir Desktop\setup.exe. Reference error message: The operation completed successfully. .
12/4/2010 4:29:56 PM, error: SideBySide [59] - Generate Activation Context failed for C:\PROGRA~1\Avira\ANTIVI~1\avconfig.exe. Reference error message: The operation completed successfully. .
12/4/2010 4:29:06 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Avira\AntiVir Desktop\shlext.dll. Reference error message: The operation completed successfully. .
12/4/2010 4:27:43 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Avira\AntiVir Desktop\avgnt.exe. Reference error message: The operation completed successfully. .
12/4/2010 4:27:09 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Avira\AntiVir Desktop\msgclient.dll. Reference error message: The operation completed successfully. .
12/4/2010 4:19:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Avira\AntiVir Desktop\avwsc.exe. Reference error message: The operation completed successfully. .
12/4/2010 4:19:38 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Avira\AntiVir Desktop\avcenter.exe. Reference error message: The operation completed successfully. .
12/4/2010 4:19:24 PM, error: SideBySide [59] - Generate Activation Context failed for c:\program files\avira\antivir desktop\avcenter.exe. Reference error message: The operation completed successfully. .
12/4/2010 4:18:36 PM, error: SideBySide [59] - Generate Activation Context failed for c:\program files\avira\antivir desktop\avconfig.exe. Reference error message: The operation completed successfully. .
12/4/2010 3:01:41 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
12/4/2010 3:01:41 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
12/4/2010 3:01:41 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
12/4/2010 2:48:11 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error message: The referenced assembly is not installed on your system. .
12/4/2010 2:48:11 PM, error: SideBySide [59] - Generate Activation Context failed for C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe. Reference error message: The operation completed successfully. .
12/4/2010 2:48:11 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
12/4/2010 2:23:40 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The system cannot find the file specified.
12/1/2010 8:14:37 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
12/1/2010 8:14:37 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

broni · 2010/12/05

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================================

We'll start with fixing your MBR...

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.

Double click on NTBR_CD.exe file and a folder of the same name will appear.

Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.

Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)

If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.

Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!

Read the warning and then continue as prompted.

You first need to select your keyboard layout - press Enter for English.

Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK

On the following screen enter 5 to select Install Standard MBR code.

Enter 1 to overwrite the infected MBR Code with the Standard MBR code.

When asked to confirm please do so.

Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.

Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

DugE · 2010/12/05

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 121):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8957000 \WINDOWS\system32\KDCOM.DLL
0xF8867000 \WINDOWS\system32\BOOTVID.dll
0xF8408000 ACPI.sys
0xF8959000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF83F7000 pci.sys
0xF8457000 isapnp.sys
0xF895B000 intelide.sys
0xF86D7000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8467000 MountMgr.sys
0xF83D8000 ftdisk.sys
0xF86DF000 PartMgr.sys
0xF8477000 VolSnap.sys
0xF83C0000 atapi.sys
0xF8487000 disk.sys
0xF8497000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF83A0000 fltmgr.sys
0xF838E000 sr.sys
0xF8377000 KSecDD.sys
0xF82EA000 Ntfs.sys
0xF82BD000 NDIS.sys
0xF84A7000 SISAGPX.sys
0xF86E7000 viaagp1.sys
0xF86EF000 nv_agp.sys
0xF82A3000 Mup.sys
0xF84B7000 agp440.sys
0xF84F7000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF7B36000 \SystemRoot\System32\DRIVERS\ialmnt5.sys
0xF7B22000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF872F000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF7AFE000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF8737000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF7AEC000 \SystemRoot\System32\DRIVERS\EG1032xp.sys
0xF8507000 \SystemRoot\System32\DRIVERS\serial.sys
0xF8943000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF7AD8000 \SystemRoot\System32\DRIVERS\parport.sys
0xF873F000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF8527000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF8537000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF8547000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8557000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF7715000 \SystemRoot\System32\DRIVERS\ks.sys
0xF74E8000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF74C4000 \SystemRoot\system32\drivers\portcls.sys
0xF8567000 \SystemRoot\system32\drivers\drmk.sys
0xF8B87000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8577000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF894B000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF74AD000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8587000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF85A7000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF8747000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7484000 \SystemRoot\System32\DRIVERS\psched.sys
0xF85B7000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF87EF000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF87F7000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF735F000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF87FF000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF881F000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF89AD000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF488E000 \SystemRoot\System32\DRIVERS\update.sys
0xF88E3000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF734F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF6452000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF89C7000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF8717000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF89C9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8B02000 \SystemRoot\System32\Drivers\Null.SYS
0xF89CB000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8817000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF871F000 \SystemRoot\System32\drivers\vga.sys
0xF89CD000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF89CF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8727000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8767000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF45FC000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xBA186000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xBA12D000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xBA105000 \SystemRoot\System32\DRIVERS\netbt.sys
0xBA084000 \SystemRoot\System32\vsdatant.sys
0xF45EC000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB9DEC000 \SystemRoot\System32\drivers\afd.sys
0xF52A0000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF4AE2000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF45E8000 \SystemRoot\System32\DRIVERS\srvkp.sys
0xB9DCA000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF4ADA000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB9D4F000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB9CB7000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF5270000 \SystemRoot\System32\Drivers\Fips.SYS
0xB9C37000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF5260000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xBA29B000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xB88CF000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xBA293000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xB9D33000 \SystemRoot\System32\DRIVERS\kbdhid.sys
0xB2D38000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF8A07000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xB08C5000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB08AD000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8A1D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB1083000 \SystemRoot\System32\drivers\Dxapi.sys
0xB0AFB000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8B66000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF03E000 \SystemRoot\System32\ialmdev5.DLL
0xBF064000 \SystemRoot\System32\ialmdd5.DLL
0xB0898000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF6398000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB0743000 \SystemRoot\system32\drivers\wdmaud.sys
0xF85F7000 \SystemRoot\system32\drivers\sysaudio.sys
0xB05AE000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xB0494000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB0DEB000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB003C000 \SystemRoot\System32\DRIVERS\srv.sys
0xAFD03000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 30):
0 System Idle Process
4 System
604 C:\WINDOWS\system32\smss.exe
652 csrss.exe
676 C:\WINDOWS\system32\winlogon.exe
720 C:\WINDOWS\system32\services.exe
732 C:\WINDOWS\system32\lsass.exe
900 C:\WINDOWS\system32\svchost.exe
964 svchost.exe
1060 C:\WINDOWS\system32\svchost.exe
1144 svchost.exe
1276 svchost.exe
1724 C:\WINDOWS\explorer.exe
1948 C:\WINDOWS\system32\spoolsv.exe
1996 C:\Program Files\Avira\AntiVir Desktop\sched.exe
432 svchost.exe
476 C:\WINDOWS\system\hpsysdrv.exe
492 C:\WINDOWS\system32\hkcmd.exe
632 C:\Program Files\Common Files\Java\Java Update\jusched.exe
996 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1108 C:\WINDOWS\system32\ctfmon.exe
1124 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
1172 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1308 C:\Program Files\Java\jre6\bin\jqs.exe
336 C:\WINDOWS\system32\wuauclt.exe
1184 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2248 C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
2276 C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
3252 alg.exe
3980 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`b05b2000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: SAMSUNGSV0802N, Rev: TP100-23

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

==========================================

Computer taking about 3 times as long to load from restart. cpu still 100% most of time.

broni · 2010/12/05

We just started....

MBR looks good now

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

DugE · 2010/12/05

Small problem. Avira av interfered somehow. I disabled the 3 guards that was checked but still the program interfered. When Combofix restarted the computer I recieved an error message that Windows had recovered from a serious error. I clicked don't sent for the error report. Also Combofix didn't store a log file in C:\.

I assume Avira av interfering had something to do with all this. Is there a way to disable the program without having to uninstall completely? I just installed this program yesterday so ...

Thanks for the help. Still taking forever to load. I no, we just starting, but keeping you updated on how the computer is running.

broni · 2010/12/05

Run Combofix from safe mode and disregard any warnings regarding Avira.

DugE · 2010/12/05

ComboFix 10-12-04.02 - Owner 12/05/2010 16:37:04.1.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.295 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\iAlmcoin.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-11-05 to 2010-12-05 )))))))))))))))))))))))))))))))
.

2010-12-05 00:15 . 2010-12-05 00:15 -------- d-----w- c:\windows\.jagex_cache_32
2010-12-04 20:21 . 2010-12-04 20:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
2010-12-04 20:13 . 2010-12-05 13:39 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-04 20:13 . 2010-12-05 13:39 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-04 20:13 . 2009-05-11 17:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-12-04 20:13 . 2009-05-11 17:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-12-04 20:13 . 2010-12-04 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-12-04 20:13 . 2010-12-04 20:13 -------- d-----w- c:\program files\Avira
2010-12-03 20:20 . 2010-12-03 20:23 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2010-12-03 20:20 . 2010-12-04 19:19 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google
2010-11-30 15:50 . 2010-11-30 15:50 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-11-30 15:50 . 2010-11-30 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-11-30 15:50 . 2010-11-30 15:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-30 15:35 . 2010-11-30 15:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-11-30 15:35 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-30 15:35 . 2010-11-30 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-30 15:35 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-30 15:34 . 2010-11-30 15:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-27 15:16 . 2010-11-27 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-11-16 19:12 . 2010-12-04 21:26 -------- d-----w- c:\windows\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-13 15:26 . 2010-10-13 15:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-13 15:26 . 2010-09-24 11:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-18 16:23 . 2010-09-23 19:31 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2010-09-23 19:31 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2010-09-23 19:31 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2010-09-23 19:31 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2010-09-23 19:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2010-09-23 19:31 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2010-09-23 19:31 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW "= "nview.dll" [2003-05-03 835654]
"ISUSPM "= "c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"AutoTKit "= "c:\hp\bin\AUTOTKIT.EXE" [2003-06-19 53248]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon "= "c:\windows\System32\NvCpl.dll" [2003-05-03 4640768]
"nwiz "= "nwiz.exe" [2003-05-03 323584]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"AlcxMonitor "= "ALCXMNTR.EXE" [2004-09-07 57344]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-05 281768]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe "=

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
S2 0023231290871039mcinstcleanup;McAfee Application Installer Cleanup (0023231290871039); [x]
S2 0262051291490448mcinstcleanup;McAfee Application Installer Cleanup (0262051291490448);c:\docume~1\Owner\LOCALS~1\Temp\026205~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\Owner\LOCALS~1\Temp\026205~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [12/4/2010 3:13 PM 339624]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/4/2010 3:13 PM 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [12/4/2010 3:13 PM 403624]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [9/23/2010 2:32 PM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
mSearch Bar = hxxp://srch-us9.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\navjavfn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\navjavfn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
AddRemove-Move Networks Player - IE - c:\documents and settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 16:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\EN]
@DACL=(02 0000)
"OnLineServicesDirName "= "Online Services "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\FR]
@DACL=(02 0000)
"OnLineServicesDirName "= "Services en ligne "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\MX]
@DACL=(02 0000)
"OnLineServicesDirName "= "Servicios en lÃnea "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NL]
@DACL=(02 0000)
"OnLineServicesDirName "= "Online Services "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NW]
@DACL=(02 0000)
"OnLineServicesDirName "= "Online tjenster "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SP]
@DACL=(02 0000)
"OnLineServicesDirName "= "Servicios en lÃnea "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SW]
@DACL=(02 0000)
"OnLineServicesDirName "= "Online tjÃ¤nster "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\UK]
@DACL=(02 0000)
"OnLineServicesDirName "= "Online services "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\US]
@DACL=(02 0000)
"OnLineServicesDirName "= "Online Services "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(204)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-12-05 16:44:06
ComboFix-quarantined-files.txt 2010-12-05 21:43

Pre-Run: 56,947,576,832 bytes free
Post-Run: 56,938,049,536 bytes free

- - End Of File - - FC5D05B0ED6164085D95EE12DEFF7C6F

broni · 2010/12/05

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
Driver::
0262051291490448mcinstcleanup


Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
 "DisableMonitoring "=-
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

DugE · 2010/12/05

ComboFix 10-12-04.02 - Owner 12/05/2010 17:18:14.2.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.393 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_0262051291490448MCINSTCLEANUP
-------\Service_0262051291490448mcinstcleanup

((((((((((((((((((((((((( Files Created from 2010-11-05 to 2010-12-05 )))))))))))))))))))))))))))))))
.

2010-12-05 00:15 . 2010-12-05 00:15 -------- d-----w- c:\windows\.jagex_cache_32
2010-12-04 20:21 . 2010-12-04 20:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
2010-12-04 20:13 . 2010-12-05 13:39 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-04 20:13 . 2010-12-05 13:39 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-04 20:13 . 2009-05-11 17:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-12-04 20:13 . 2009-05-11 17:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-12-04 20:13 . 2010-12-04 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-12-04 20:13 . 2010-12-04 20:13 -------- d-----w- c:\program files\Avira
2010-12-03 20:20 . 2010-12-03 20:23 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2010-12-03 20:20 . 2010-12-04 19:19 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google
2010-11-30 15:50 . 2010-11-30 15:50 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-11-30 15:50 . 2010-11-30 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-11-30 15:50 . 2010-11-30 15:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-30 15:35 . 2010-11-30 15:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-11-30 15:35 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-30 15:35 . 2010-11-30 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-30 15:35 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-30 15:34 . 2010-11-30 15:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-27 15:16 . 2010-11-27 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-11-16 19:12 . 2010-12-04 21:26 -------- d-----w- c:\windows\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-13 15:26 . 2010-10-13 15:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-13 15:26 . 2010-09-24 11:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-18 16:23 . 2010-09-23 19:31 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2010-09-23 19:31 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2010-09-23 19:31 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2010-09-23 19:31 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2010-09-23 19:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2010-09-23 19:31 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2010-09-23 19:31 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW "= "nview.dll" [2003-05-03 835654]
"ISUSPM "= "c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"AutoTKit "= "c:\hp\bin\AUTOTKIT.EXE" [2003-06-19 53248]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon "= "c:\windows\System32\NvCpl.dll" [2003-05-03 4640768]
"nwiz "= "nwiz.exe" [2003-05-03 323584]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"AlcxMonitor "= "ALCXMNTR.EXE" [2004-09-07 57344]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-05 281768]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe "=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [12/4/2010 3:13 PM 339624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/4/2010 3:13 PM 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [12/4/2010 3:13 PM 403624]
S2 0023231290871039mcinstcleanup;McAfee Application Installer Cleanup (0023231290871039); [x]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [9/23/2010 2:32 PM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
mSearch Bar = hxxp://srch-us9.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\navjavfn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\navjavfn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 17:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\EN]
@DACL=(02 0000)
"OnLineServicesDirName "= "Online Services "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\FR]
@DACL=(02 0000)
"OnLineServicesDirName "= "Services en ligne "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\MX]
@DACL=(02 0000)
"OnLineServicesDirName "= "Servicios en lÃnea "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NL]
@DACL=(02 0000)
"OnLineServicesDirName "= "Online Services "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NW]
@DACL=(02 0000)
"OnLineServicesDirName "= "Online tjenster "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SP]
@DACL=(02 0000)
"OnLineServicesDirName "= "Servicios en lÃnea "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SW]
@DACL=(02 0000)
"OnLineServicesDirName "= "Online tjÃ¤nster "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\UK]
@DACL=(02 0000)
"OnLineServicesDirName "= "Online services "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\US]
@DACL=(02 0000)
"OnLineServicesDirName "= "Online Services "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(720)
c:\program files\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(3484)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Avira\AntiVir Desktop\checkt.exe
.
**************************************************************************
.
Completion time: 2010-12-05 17:36:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-05 22:36
ComboFix2.txt 2010-12-05 21:44

Pre-Run: 56,973,774,848 bytes free
Post-Run: 56,270,098,432 bytes free

- - End Of File - - 78AB525795DD235945617177C195D4B7

broni · 2010/12/05

Good

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

DugE · 2010/12/05

Received this error message while running OTL: Access violation at address 0040295B in module 'OTL.exe'. Read of address 001B5000.

OTL quit running after this so I closed it out and posted the error. Computer getting faster but cpu still running a lot. FF is opening faster than before tho.

broni · 2010/12/05

Restart computer and try OTL again.
If still same issue, run it from Safe Mode.

DugE · 2010/12/05

OTL logfile created on: 12/5/2010 6:41:46 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 140.00 Mb Available Physical Memory | 28.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.79 Gb Total Space | 52.28 Gb Free Space | 77.12% Space Free | Partition Type: NTFS
Drive D: | 6.74 Gb Total Space | 2.42 Gb Free Space | 35.86% Space Free | Partition Type: FAT32

Computer Name: FAMILYROOM | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (RoxLiveShare9) -- File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (aspnet_state) -- File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (0023231290871039mcinstcleanup) McAfee Application Installer Cleanup (0023231290871039) -- File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

========== Driver Services (SafeList) ==========

DRV - (RimUsb) -- C:\WINDOWS\System32\Drivers\RimUsb.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\EG1032xp.sys (Linksys, A Division of Cisco Systems, Inc )
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (S3Psddr) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (nv_agp) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search "
FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/ "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p= "

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 09:01:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 09:01:23 | 000,000,000 | ---D | M]

[2010/09/24 07:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/12/05 12:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\navjavfn.default\extensions
[2010/11/03 16:00:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\navjavfn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/05 12:53:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/13 10:26:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/13 10:26:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/11/27 12:24:51 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/12/05 17:27:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O4 - HKLM..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutoTBar.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/08/23 07:53:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/05 17:58:42 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/12/05 17:23:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/12/05 17:16:25 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/12/05 16:34:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/05 15:45:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/12/05 15:40:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/05 15:40:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/05 15:40:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/05 15:40:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/05 15:40:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/05 15:34:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2010/12/05 14:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\NTBR_CD
[2010/12/05 09:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2010/12/04 19:15:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2010/12/04 15:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
[2010/12/04 15:13:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/12/04 15:13:10 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/12/04 15:13:10 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/12/04 15:13:10 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/12/04 15:13:10 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/12/04 15:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/12/04 15:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/12/04 14:44:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/12/03 15:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
[2010/12/03 15:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google
[2010/11/30 10:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/11/30 10:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/11/30 10:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/30 10:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/11/30 10:35:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/30 10:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/30 10:35:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/30 10:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/27 10:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/11/16 14:12:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel

========== Files - Modified Within 30 Days ==========

[2010/12/05 18:36:00 | 000,001,397 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/12/05 18:35:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/05 18:35:38 | 527,482,880 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/05 17:58:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/12/05 17:27:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/05 16:24:54 | 000,000,015 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/12/05 15:35:23 | 003,984,562 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/12/05 14:07:26 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTBR_CD.exe
[2010/12/05 10:30:00 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/12/05 09:54:54 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\Owner\jagex_runescape_preferences2.dat
[2010/12/05 09:49:49 | 000,000,034 | ---- | M] () -- C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
[2010/12/05 08:39:44 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/12/05 08:39:44 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/12/04 15:02:58 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/30 10:59:24 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk
[2010/11/30 10:39:46 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/28 16:26:38 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/19 20:31:05 | 000,000,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/11/16 14:34:15 | 000,126,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/16 14:32:44 | 000,343,352 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/16 14:32:44 | 000,053,072 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe

========== Files Created - No Company Name ==========

[2010/12/05 18:36:03 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutoTBar.exe
[2010/12/05 17:27:25 | 527,482,880 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/05 15:40:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/05 15:40:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/05 15:40:32 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/05 15:40:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/05 15:40:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/05 15:34:43 | 003,984,562 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/12/05 14:07:09 | 002,565,432 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTBR_CD.exe
[2010/12/05 10:29:59 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/12/04 19:17:12 | 000,000,117 | ---- | C] () -- C:\Documents and Settings\Owner\jagex_runescape_preferences2.dat
[2010/12/04 19:15:30 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
[2010/11/30 10:59:24 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk
[2010/11/30 10:39:46 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/10/15 16:02:11 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/08/28 22:35:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/28 22:19:10 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/08/23 22:36:36 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/08/23 22:33:23 | 000,026,395 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/08/23 22:32:54 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/08/23 22:32:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/08/23 09:25:25 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/08/23 09:25:15 | 000,000,608 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/08/23 09:12:08 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2003/08/23 08:54:38 | 000,001,497 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/08/23 08:19:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/23 08:11:57 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/08/23 08:11:57 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/08/23 08:11:35 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/08/23 07:57:05 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/23 07:42:24 | 000,000,667 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/08/23 00:46:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/07/24 00:56:49 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/07/24 00:56:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini

========== LOP Check ==========

[2010/09/24 07:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/12/04 14:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/24 15:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2010/09/24 07:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CheckPoint
[2003/08/23 22:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2003/08/23 07:53:27 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/09/23 15:32:38 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK
[2010/09/23 15:49:30 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2002/08/29 05:00:00 | 000,245,920 | RHS- | M] () -- C:\cmldr
[2010/12/05 17:36:47 | 000,012,613 | ---- | M] () -- C:\ComboFix.txt
[2003/08/23 07:53:27 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/12/05 18:35:38 | 527,482,880 | -HS- | M] () -- C:\hiberfil.sys
[2003/08/23 07:53:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2003/08/23 07:53:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/23 15:44:57 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/09/23 16:20:02 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/12/05 18:35:30 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2003/08/23 07:52:59 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2003/08/23 00:45:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/08/23 00:45:19 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/08/23 00:45:19 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/09/23 16:24:31 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2003/08/23 08:08:30 | 000,012,159 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\ml1.srt
[2003/08/23 08:08:30 | 000,011,847 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\ml2.srt

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/23 16:31:19 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/12/05 15:35:23 | 003,984,562 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/12/05 10:30:00 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/12/05 14:07:26 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTBR_CD.exe
[2010/12/05 17:58:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/09/23 16:31:19 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/12/05 18:46:15 | 000,049,152 | -HS- | M] () -- C:\Documents and Settings\Owner\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1998/05/07 18:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

=============================================

startup and shutdown taking forever. cpu running constantly still. Playing hearts and freecell while waiting for your reply I have to use za's 'stop all internet activity' to play the games.

DugE · 2010/12/05

cpu seems to be resting at the moment, oops spoke too soon. Well, its not running as much as it was anyway so thats a big improvement.

broni · 2010/12/05

Better news

I still need Extras.txt log.

DugE · 2010/12/05

It didn't give me one.

Edit: rechecked and didn't find it anywhere. Want me to run it again?

broni · 2010/12/05

No. That's fine.

503.00 Mb Total Physical Memory
Click to expand...

Your computer could use another 512MB of RAM for better performance.

===============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
SRV - (0023231290871039mcinstcleanup) McAfee Application Installer Cleanup (0023231290871039) -- File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
==============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

DugE · 2010/12/05

All processes killed
========== OTL ==========
Error: No service named 0023231290871039mcinstcleanup) McAfee Application Installer Cleanup (0023231290871039 was found to stop!
Service\Driver key 0023231290871039mcinstcleanup) McAfee Application Installer Cleanup (0023231290871039 not found.
File File not found not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 198095 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 56240983 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 256 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 186549 bytes

Total Files Cleaned = 54.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 12052010_195314

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temp\~DF5071.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT0779d.TMP not found!

Registry entries deleted on Reboot...

=======================================================

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Avira AntiVir Premium
ZoneAlarm
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Mozilla Firefox (3.6.12) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Zone Labs ZoneAlarm zlclient.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

===================================================

Comp is maxed at 512mb ram. Bummer.

How do I disable Avira to do the online scan? Tried before but didn't do.

broni · 2010/12/05

See HERE

DugE · 2010/12/05

ESET online scanner would not let me download updates. Something about the proxy configerations. I looked under the advanced settings and checked the standard proxy thingy but still couldn't download updates.

Computer doing much better now. Shutdown back to normal but startup still longer. Could be due to Avira.

Log in or Sign up

Solved Very sluggish comp and antivirus disabled

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved Very sluggish comp and antivirus disabled

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

broni Moderator Malware Analyst

DugE Well-Known Member Thread Starter

Share This Page

Useful Searches