Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Badly infected computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Badly infected computer

Unread postby rmstorey » March 4th, 2011, 10:40 am

I'm helping my fiancee, whose desire to visit illicit websites outweighed his knowledge that they might contain viruses. He clicked a link, and suddenly his computer started popping up virus messages left and right. I've done what I know to do so far, but it hasn't helped at all, so I need more expert guidance.

I am unable to run anything in regular mode. Any program I click on will not open, and a message pops up saying that it is infected with a trojan or worm. I don't remember most of them, but one of them was W32/Blaster worm. So I was unable to install and / or run Malwarebytes in normal mode. I copied MBAM to his computer while in Safe Mode, but it wouldn't install; then I tried installing it to my USB memory stick and running from there, but it didn't find anything on his computer when running in Safe Mode. When I tried it in regular mode, it wouldn't run, even from my memory stick, saying that it was infected.

If it matters, the virus messages are coming from Microsoft Safety Center, which is installed but not activated.

So that's where I am now. I can't seem to do anything in normal mode, and from Safe Mode the viruses seem to magically disappear.

DDS logs were taken while in Safe Mode. I can try to scan in normal mode if necessary, but I don't know if it will work.

============================================

DDS (Ver_10-12-12.02) - NTFSx86 MINIMAL
Run by Drake at 9:21:41.60 on Fri 03/04/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2757 [GMT -5:00]

AV: avast! antivirus 4.8.1296 [VPS 090228-0] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Drake\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Spyware Protection] c:\documents and settings\drake\application data\defender.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\microt~1.lnk - c:\program files\microtek\scanwizard 5\ScannerFinder.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 0543631750
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://usaccess1.spt.unisys.com/dana-c ... Client.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = :\windows\syste

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\drake\applic~1\mozilla\firefox\profiles\ly9389v6.default\
FF - prefs.js: browser.startup.homepage - hxxp://msn.com/
FF - prefs.js: keyword.URL - hxxp://kickass.wyzostart.com/s/?src=FF- ... 0-1HasU&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-9-6 111184]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-9-6 20560]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-9-6 155160]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-12 135664]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2007-5-23 547744]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-9-6 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-9-6 352920]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2008-9-7 11520]

=============== Created Last 30 ================

2011-03-02 23:45:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-02 23:45:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-02 23:45:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-02 23:45:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-02 23:40:13 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2011-03-02 23:38:56 2811584 ----a-w- C:\ccsetup300.exe
2011-03-02 23:38:52 7734240 ----a-w- C:\mbam-setup.exe
2011-03-02 23:38:46 133432520 ----a-w- C:\Ad-AwareInstall.exe
2011-03-02 21:21:40 996352 ----a-w- c:\docume~1\drake\applic~1\defender.exe
2011-03-01 06:50:31 5943120 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{fb04b653-1d63-4a3b-98f6-274ad5a6ad99}\mpengine.dll

==================== Find3M ====================

2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:08:45 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08:45 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08:45 17408 ------w- c:\windows\system32\corpol.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:25 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-10-05 02:22:29 8729286 -c--a-w- c:\program files\CanoScan_N650U_N656U_CSUv571a.exe

============= FINISH: 9:22:42.46 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/4/2008 11:12:39 AM
System Uptime: 3/4/2011 9:20:11 AM (0 hours ago)

Motherboard: Dell Inc. | | 0WG855
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 8.837 GiB free.
D: is CDROM ()
F: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP955: 12/3/2010 1:54:53 AM - Software Distribution Service 3.0
RP956: 12/3/2010 3:00:16 AM - Software Distribution Service 3.0
RP957: 12/4/2010 3:00:36 AM - Software Distribution Service 3.0
RP958: 12/5/2010 3:00:15 AM - Software Distribution Service 3.0
RP959: 12/6/2010 3:00:15 AM - Software Distribution Service 3.0
RP960: 12/7/2010 2:07:41 AM - Software Distribution Service 3.0
RP961: 12/7/2010 3:00:15 AM - Software Distribution Service 3.0
RP962: 12/8/2010 3:00:15 AM - Software Distribution Service 3.0
RP963: 12/9/2010 3:00:15 AM - Software Distribution Service 3.0
RP964: 12/10/2010 2:07:30 AM - Software Distribution Service 3.0
RP965: 12/10/2010 3:00:15 AM - Software Distribution Service 3.0
RP966: 12/11/2010 3:00:15 AM - Software Distribution Service 3.0
RP967: 12/12/2010 3:00:15 AM - Software Distribution Service 3.0
RP968: 12/13/2010 3:00:15 AM - Software Distribution Service 3.0
RP969: 12/14/2010 2:07:32 AM - Software Distribution Service 3.0
RP970: 12/14/2010 3:00:15 AM - Software Distribution Service 3.0
RP971: 12/15/2010 3:00:16 AM - Software Distribution Service 3.0
RP972: 12/16/2010 3:24:58 AM - System Checkpoint
RP973: 12/17/2010 1:35:28 AM - Software Distribution Service 3.0
RP974: 12/18/2010 1:38:56 AM - System Checkpoint
RP975: 12/19/2010 2:47:00 AM - System Checkpoint
RP976: 12/19/2010 3:00:15 AM - Software Distribution Service 3.0
RP977: 12/20/2010 3:00:16 AM - Software Distribution Service 3.0
RP978: 12/21/2010 1:35:37 AM - Software Distribution Service 3.0
RP979: 12/21/2010 3:00:15 AM - Software Distribution Service 3.0
RP980: 12/22/2010 3:00:16 AM - Software Distribution Service 3.0
RP981: 12/22/2010 9:34:37 AM - Software Distribution Service 3.0
RP982: 12/22/2010 11:16:43 AM - Software Distribution Service 3.0
RP983: 12/29/2010 9:12:35 AM - Software Distribution Service 3.0
RP984: 12/30/2010 1:42:38 AM - Software Distribution Service 3.0
RP985: 12/30/2010 3:00:15 AM - Software Distribution Service 3.0
RP986: 12/31/2010 1:04:15 AM - Software Distribution Service 3.0
RP987: 12/31/2010 3:00:15 AM - Software Distribution Service 3.0
RP988: 1/1/2011 3:00:15 AM - Software Distribution Service 3.0
RP989: 1/2/2011 3:00:15 AM - Software Distribution Service 3.0
RP990: 1/3/2011 3:00:16 AM - Software Distribution Service 3.0
RP991: 1/4/2011 2:10:33 AM - Software Distribution Service 3.0
RP992: 1/4/2011 3:00:15 AM - Software Distribution Service 3.0
RP993: 1/5/2011 3:00:16 AM - Software Distribution Service 3.0
RP994: 1/6/2011 3:00:15 AM - Software Distribution Service 3.0
RP995: 1/7/2011 2:10:30 AM - Software Distribution Service 3.0
RP996: 1/7/2011 3:00:15 AM - Software Distribution Service 3.0
RP997: 1/8/2011 3:00:15 AM - Software Distribution Service 3.0
RP998: 1/9/2011 3:00:16 AM - Software Distribution Service 3.0
RP999: 1/10/2011 3:00:16 AM - Software Distribution Service 3.0
RP1000: 1/11/2011 2:10:32 AM - Software Distribution Service 3.0
RP1001: 1/11/2011 3:00:15 AM - Software Distribution Service 3.0
RP1002: 1/12/2011 3:00:15 AM - Software Distribution Service 3.0
RP1003: 1/13/2011 3:00:16 AM - Software Distribution Service 3.0
RP1004: 1/14/2011 1:53:35 AM - Software Distribution Service 3.0
RP1005: 1/14/2011 3:00:15 AM - Software Distribution Service 3.0
RP1006: 1/15/2011 3:00:15 AM - Software Distribution Service 3.0
RP1007: 1/16/2011 3:00:16 AM - Software Distribution Service 3.0
RP1008: 1/17/2011 3:00:16 AM - Software Distribution Service 3.0
RP1009: 1/18/2011 1:53:46 AM - Software Distribution Service 3.0
RP1010: 1/18/2011 3:00:15 AM - Software Distribution Service 3.0
RP1011: 1/19/2011 3:00:15 AM - Software Distribution Service 3.0
RP1012: 1/20/2011 3:00:15 AM - Software Distribution Service 3.0
RP1013: 1/21/2011 1:53:35 AM - Software Distribution Service 3.0
RP1014: 1/21/2011 3:00:15 AM - Software Distribution Service 3.0
RP1015: 1/22/2011 3:00:15 AM - Software Distribution Service 3.0
RP1016: 1/23/2011 3:00:15 AM - Software Distribution Service 3.0
RP1017: 1/24/2011 3:00:16 AM - Software Distribution Service 3.0
RP1018: 1/25/2011 1:54:07 AM - Software Distribution Service 3.0
RP1019: 1/25/2011 3:00:15 AM - Software Distribution Service 3.0
RP1020: 1/26/2011 3:00:15 AM - Software Distribution Service 3.0
RP1021: 1/27/2011 3:00:16 AM - Software Distribution Service 3.0
RP1022: 1/28/2011 1:53:37 AM - Software Distribution Service 3.0
RP1023: 1/28/2011 3:00:16 AM - Software Distribution Service 3.0
RP1024: 1/29/2011 3:00:15 AM - Software Distribution Service 3.0
RP1025: 1/30/2011 3:00:15 AM - Software Distribution Service 3.0
RP1026: 1/31/2011 3:00:17 AM - Software Distribution Service 3.0
RP1027: 2/1/2011 2:15:37 AM - Software Distribution Service 3.0
RP1028: 2/1/2011 3:00:15 AM - Software Distribution Service 3.0
RP1029: 2/2/2011 3:00:15 AM - Software Distribution Service 3.0
RP1030: 2/3/2011 3:00:18 AM - Software Distribution Service 3.0
RP1031: 2/4/2011 2:15:35 AM - Software Distribution Service 3.0
RP1032: 2/4/2011 3:00:16 AM - Software Distribution Service 3.0
RP1033: 2/5/2011 3:00:15 AM - Software Distribution Service 3.0
RP1034: 2/6/2011 3:00:16 AM - Software Distribution Service 3.0
RP1035: 2/7/2011 3:00:16 AM - Software Distribution Service 3.0
RP1036: 2/8/2011 2:15:38 AM - Software Distribution Service 3.0
RP1037: 2/8/2011 3:00:15 AM - Software Distribution Service 3.0
RP1038: 2/9/2011 3:00:15 AM - Software Distribution Service 3.0
RP1039: 2/10/2011 3:00:16 AM - Software Distribution Service 3.0
RP1040: 2/11/2011 1:34:38 AM - Software Distribution Service 3.0
RP1041: 2/12/2011 3:00:16 AM - Software Distribution Service 3.0
RP1042: 2/13/2011 3:00:17 AM - Software Distribution Service 3.0
RP1043: 2/14/2011 3:00:16 AM - Software Distribution Service 3.0
RP1044: 2/15/2011 2:27:33 AM - Software Distribution Service 3.0
RP1045: 2/15/2011 3:00:15 AM - Software Distribution Service 3.0
RP1046: 2/16/2011 3:00:16 AM - Software Distribution Service 3.0
RP1047: 2/17/2011 3:00:16 AM - Software Distribution Service 3.0
RP1048: 2/18/2011 2:27:36 AM - Software Distribution Service 3.0
RP1049: 2/18/2011 3:00:16 AM - Software Distribution Service 3.0
RP1050: 2/19/2011 3:00:16 AM - Software Distribution Service 3.0
RP1051: 2/20/2011 3:00:16 AM - Software Distribution Service 3.0
RP1052: 2/20/2011 9:02:50 PM - Installed DirectX
RP1053: 2/21/2011 3:00:16 AM - Software Distribution Service 3.0
RP1054: 2/22/2011 2:21:30 AM - Software Distribution Service 3.0
RP1055: 2/22/2011 3:00:15 AM - Software Distribution Service 3.0
RP1056: 2/23/2011 3:00:15 AM - Software Distribution Service 3.0
RP1057: 2/24/2011 3:00:16 AM - Software Distribution Service 3.0
RP1058: 2/25/2011 1:50:40 AM - Software Distribution Service 3.0
RP1059: 2/25/2011 3:00:14 AM - Software Distribution Service 3.0
RP1060: 2/26/2011 3:00:14 AM - Software Distribution Service 3.0
RP1061: 2/27/2011 3:00:15 AM - Software Distribution Service 3.0
RP1062: 2/28/2011 3:00:16 AM - Software Distribution Service 3.0
RP1063: 3/1/2011 1:50:28 AM - Software Distribution Service 3.0
RP1064: 3/1/2011 3:00:15 AM - Software Distribution Service 3.0
RP1065: 3/2/2011 3:00:16 AM - Software Distribution Service 3.0
RP1066: 3/2/2011 9:46:12 AM - Software Distribution Service 3.0
RP1067: 3/2/2011 8:35:17 PM - Software Distribution Service 3.0

==== Installed Programs ======================

3D??????
Ad-Aware
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.1
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 2000
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
avast! Antivirus
Caere Scan Manager 5.1
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CorelDRAW Graphics Suite 12
Critical Update for Windows Media Player 11 (KB959772)
FileZilla Client 3.1.2
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Connections Drivers
iTunes
Juniper Networks Host Checker
Juniper Networks Setup Client
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
OmniPage Pro 9.0
PDF Settings
Plants vs. Zombies
QuickTime
ScanWizard 5
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skins
Sound Blaster ADVANCED MB Drivers
Steam
The Sims™ 3
Torchlight
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.2
WebFldrs XP
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
World of Warcraft FREE Trial
XML Paper Specification Shared Components Pack 1.0
XnView 1.94.2
Xvid 1.1.3 final uninstall

==== Event Viewer Messages From Past Week ========

3/3/2011 11:29:59 PM, error: Service Control Manager [7022] - The Google Update Service (gupdate) service hung on starting.
3/2/2011 9:42:25 AM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 2 time(s).
3/2/2011 9:41:57 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Defender service to connect.
3/2/2011 9:41:57 AM, error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/2/2011 9:41:50 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service service to connect.
3/2/2011 9:41:50 AM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/2/2011 9:41:38 AM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 9:41:37 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
3/2/2011 9:41:37 AM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/2/2011 9:41:37 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
3/2/2011 9:41:34 AM, error: Service Control Manager [7034] - The ATI Smart service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 9:41:34 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/2/2011 9:41:22 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
3/2/2011 9:41:22 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Bonjour Service service to connect.
3/2/2011 9:41:22 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
3/2/2011 9:41:22 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/2/2011 9:41:22 AM, error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/2/2011 9:41:22 AM, error: Service Control Manager [7000] - The ASPI32 service failed to start due to the following error: The system cannot find the file specified.
3/2/2011 9:41:22 AM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/2/2011 9:38:57 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 12 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 9:37:56 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 11 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 9:36:55 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 10 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 9:35:55 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 9:34:39 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 9:33:38 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 9:32:38 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 9:31:37 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 9:30:36 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 9:29:36 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 9:28:35 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 9:28:07 AM, error: Service Control Manager [7034] - The Windows Defender service terminated unexpectedly. It has done this 3 time(s).
3/2/2011 9:27:51 AM, error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
3/2/2011 9:27:35 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 9:27:35 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 9:27:35 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 9:27:35 AM, error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
3/2/2011 9:27:35 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:34:39 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 105 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:33:38 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 104 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:32:38 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 103 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:31:37 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 102 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:30:37 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 101 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:29:36 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 100 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:28:36 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 99 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:27:35 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 98 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:26:34 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 97 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:25:34 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 96 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:24:33 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 95 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:23:33 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 94 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:22:32 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 93 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:21:32 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 92 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:20:31 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 91 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:19:30 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 90 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:18:30 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 89 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:17:29 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 88 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:16:28 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 87 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:15:28 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 86 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:14:27 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 85 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:13:27 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 84 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:12:26 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 83 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:11:26 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 82 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:10:25 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 81 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:09:25 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 80 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:08:24 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 79 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:07:23 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 78 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:06:23 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 77 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:05:22 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 76 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:04:22 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 75 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:03:21 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 74 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:02:20 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 73 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:01:20 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 72 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 8:00:19 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 71 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:59:19 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 70 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:58:18 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 69 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:57:18 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 68 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:56:17 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 67 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:55:16 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 66 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:54:16 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 65 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:53:15 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 64 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:52:15 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 63 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:51:14 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 62 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:50:14 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 61 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:49:13 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 60 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:48:12 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 59 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:47:12 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 58 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:46:11 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 57 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:45:11 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 56 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:44:10 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 55 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:43:10 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 54 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:42:09 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 53 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:41:08 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 52 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:40:08 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 51 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:39:07 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 50 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:38:07 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 49 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:37:06 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 48 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:36:05 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 47 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:35:05 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 46 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:34:04 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 45 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:33:04 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 44 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:32:03 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 43 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:31:03 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 42 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:30:02 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 41 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:29:01 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 40 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:28:01 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 39 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:27:00 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 38 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:26:00 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 37 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:24:59 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 36 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:23:59 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 35 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:22:58 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 34 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:21:57 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 33 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:20:57 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 32 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:19:56 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 31 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:18:56 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 30 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:17:55 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 29 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:16:55 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 28 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:15:54 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 27 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:14:53 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 26 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:13:53 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 25 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:12:52 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 24 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:11:52 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 23 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:10:51 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 22 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:09:50 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 21 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:08:50 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 20 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:07:49 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 19 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:06:49 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 18 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:05:48 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 17 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:04:46 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 16 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:03:45 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 15 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:02:44 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 14 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 7:01:38 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 13 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2011 6:49:31 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 6:49:30 PM, error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 6:40:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/2/2011 6:40:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/2/2011 5:45:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/2/2011 5:43:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/2/2011 5:42:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/2/2011 5:42:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SbcpHid Tcpip
3/2/2011 5:42:24 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/2/2011 5:42:24 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/2/2011 5:42:24 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/2/2011 5:42:24 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/2/2011 5:42:24 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/2/2011 5:42:24 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/28/2011 3:02:53 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Office 2003 Service Pack 3 (SP3).

==== End Of File ===========================
rmstorey
Active Member
 
Posts: 6
Joined: March 4th, 2011, 10:29 am
Advertisement
Register to Remove

Re: Badly infected computer

Unread postby melboy » March 4th, 2011, 6:53 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


========================================


Safe mode

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should come up where you will be given the option to enter Safe Mode with Networking, do so.

If any problems refer to this tutorial.

In safe mode carry out the following:


Rkill

Please download Rkill from one of the five following links and save to your Desktop:

One, Two, WiNlOgOn.exe (Renamed rKill), eXplorer.exe (Renamed rKill), iExplore.exe (Renamed rKill), uSeRiNiT.exe (Renamed rKill).


Then boot to Normal Mode.


Rkill

  • Double click on Rkill.
  • A command window will open then disappear upon completion. This is normal, and your desktop may temporarily disappear. Do not be alarmed.
  • Notepad will open, please post the contents in your next reply. (The log can also be found at C:\Rkill.txt)
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If you recieve a message that rkill is an infection, do not be concerned. This message is just a fake warning given by rogue malware when it terminates programs that may potentially remove it.
If you encounter infections that give a fake warning and close Rkill, a trick is to leave the fake warning on the screen and then run Rkill again. By not closing the fake warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue processes.


If you still find that due to the malware you cannot run the copy of Rkill you have downloaded, please try a copy from any of the other links untill you find one that works.



Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.



OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.




In your next reply:
  1. OTL.txt
  2. Extras.txt
  3. MBAM log
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Badly infected computer

Unread postby rmstorey » March 4th, 2011, 10:02 pm

It took a couple tries, but I got one of the Rkills to work.

MBAM log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5957

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3/4/2011 8:47:29 PM
mbam-log-2011-03-04 (20-47-29).txt

Scan type: Quick scan
Objects scanned: 154292
Time elapsed: 9 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} (Adware.SmartShopper) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spyware Protection (Trojan.FakeAlert) -> Value: Spyware Protection -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Drake\application data\defender.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Drake\local settings\temporary internet files\Content.IE5\9SLN5QQC\b5vfkpyw[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\documents and settings\Drake\start menu\spyware protection .lnk (Malware.Trace) -> Quarantined and deleted successfully.

========================================================

OTL.txt

OTL logfile created on: 3/4/2011 8:50:14 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Drake\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.15 Gb Total Space | 8.70 Gb Free Space | 12.23% Space Free | Partition Type: NTFS

Computer Name: FENWICK | User Name: Drake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/04 20:38:10 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Drake\Desktop\OTL.exe
PRC - [2010/12/06 12:43:32 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2009/03/10 21:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2009/01/19 13:44:09 | 002,527,280 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
PRC - [2008/11/26 12:18:51 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2008/11/26 12:18:46 | 000,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/11/26 12:18:32 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2008/11/26 12:16:23 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/11/26 12:12:08 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/07/24 10:02:06 | 000,490,952 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/21 08:25:52 | 000,344,064 | ---- | M] () -- C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
PRC - [2006/11/03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2001/08/17 21:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2011/03/04 20:38:10 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Drake\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2008/11/26 12:18:46 | 000,155,160 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008/11/26 12:18:32 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008/11/26 12:16:23 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008/11/26 12:12:08 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/09/06 14:23:20 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2009/02/25 17:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/11/26 12:18:18 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2008/11/26 12:17:36 | 000,111,184 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2008/11/26 12:17:25 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/11/26 12:16:38 | 000,050,864 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008/11/26 12:16:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/11/26 12:15:35 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/09/06 14:10:54 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 13:45:34 | 000,011,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/05/23 03:15:00 | 000,547,744 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2006/08/07 10:30:52 | 000,162,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2006/04/10 13:02:00 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt25usbap.sys -- (RT25USBAP)
DRV - [2006/01/04 14:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/12/08 02:54:52 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/12/08 02:54:44 | 000,142,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2001/08/23 14:00:00 | 000,022,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 11:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 11:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 11:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 11:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://msn.com/"
FF - prefs.js..keyword.URL: "http://kickass.wyzostart.com/s/?src=FF-Address&site=Bing&cfg=2-109-0-1HasU&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/16 19:16:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/16 19:16:08 | 000,000,000 | ---D | M]

[2009/11/01 16:55:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Drake\Application Data\Mozilla\Extensions
[2011/02/24 23:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Drake\Application Data\Mozilla\Firefox\Profiles\ly9389v6.default\extensions
[2010/08/10 19:52:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Drake\Application Data\Mozilla\Firefox\Profiles\ly9389v6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/31 15:12:39 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Drake\Application Data\Mozilla\Firefox\Profiles\ly9389v6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2010/08/17 19:29:48 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Drake\Application Data\Mozilla\Firefox\Profiles\ly9389v6.default\searchplugins\bing-zugo.xml
[2010/11/12 14:50:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [EA Core] File not found
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 0543631750 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://usaccess1.spt.unisys.com/dana-c ... Client.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Drake\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/04 10:10:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/04 20:38:47 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Drake\Desktop\OTL.exe
[2011/03/04 20:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Drake\Application Data\Malwarebytes
[2011/03/04 20:26:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Drake\Desktop\Rkills
[2011/03/04 20:23:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/03/02 18:45:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/02 18:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/02 18:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/02 18:45:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/02 18:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/02 18:40:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2011/03/02 18:38:56 | 002,811,584 | ---- | C] (Piriform Ltd) -- C:\ccsetup300.exe
[2011/03/02 18:38:52 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2011/03/02 18:38:46 | 133,432,520 | ---- | C] (Lavasoft ) -- C:\Ad-AwareInstall.exe
[2011/03/02 03:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Drake\Desktop\New Folder
[2011/02/24 09:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Drake\Desktop\comic1
[2011/02/11 11:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Drake\My Documents\Downloads
[2011/02/11 10:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Drake\My Documents\Deathray
[2010/10/04 21:22:16 | 008,729,286 | ---- | C] (Zero G) -- C:\Program Files\CanoScan_N650U_N656U_CSUv571a.exe
[2009/04/24 22:17:12 | 000,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/04 20:52:18 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/03/04 20:51:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/04 20:49:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/04 20:49:14 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2011/03/04 20:49:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/04 20:40:21 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/04 20:38:10 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Drake\Desktop\OTL.exe
[2011/03/04 20:38:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/03/04 09:19:36 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Drake\Desktop\dds.scr
[2011/03/02 18:48:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/03/02 18:48:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011/03/02 18:48:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011/03/02 18:48:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011/03/02 18:30:50 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2011/03/02 04:25:25 | 000,757,529 | ---- | M] () -- C:\Documents and Settings\Drake\Desktop\1299031763868.jpg
[2011/02/27 17:46:58 | 004,102,248 | ---- | M] () -- C:\Documents and Settings\Drake\Desktop\1298661216438.gif
[2011/02/27 16:59:08 | 000,002,517 | ---- | M] () -- C:\Documents and Settings\Drake\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel PHOTO-PAINT 12 (2).lnk
[2011/02/27 04:52:00 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2011/02/25 12:34:45 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Drake\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/02/23 18:43:32 | 024,008,523 | ---- | M] () -- C:\Documents and Settings\Drake\My Documents\learnin.tif
[2011/02/23 15:02:20 | 000,290,322 | ---- | M] () -- C:\Documents and Settings\Drake\My Documents\learnin.jpg
[2011/02/23 14:19:48 | 000,115,154 | ---- | M] () -- C:\Documents and Settings\Drake\My Documents\unready.jpg
[2011/02/10 09:45:56 | 000,141,299 | ---- | M] () -- C:\Documents and Settings\Drake\My Documents\can't.jpg
[2011/02/10 03:21:38 | 001,483,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/10 03:03:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/07 21:29:13 | 000,173,721 | ---- | M] () -- C:\Documents and Settings\Drake\My Documents\ancient_future.jpg
[2011/02/04 00:08:51 | 000,176,465 | ---- | M] () -- C:\Documents and Settings\Drake\My Documents\scented.jpg
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/04 09:21:39 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Drake\Desktop\dds.scr
[2011/03/02 04:25:25 | 000,757,529 | ---- | C] () -- C:\Documents and Settings\Drake\Desktop\1299031763868.jpg
[2011/02/27 17:46:57 | 004,102,248 | ---- | C] () -- C:\Documents and Settings\Drake\Desktop\1298661216438.gif
[2011/02/23 15:02:19 | 000,290,322 | ---- | C] () -- C:\Documents and Settings\Drake\My Documents\learnin.jpg
[2011/02/23 14:19:46 | 000,115,154 | ---- | C] () -- C:\Documents and Settings\Drake\My Documents\unready.jpg
[2011/02/23 14:13:27 | 024,008,523 | ---- | C] () -- C:\Documents and Settings\Drake\My Documents\learnin.tif
[2011/02/10 09:45:36 | 000,141,299 | ---- | C] () -- C:\Documents and Settings\Drake\My Documents\can't.jpg
[2011/02/07 21:26:40 | 000,173,721 | ---- | C] () -- C:\Documents and Settings\Drake\My Documents\ancient_future.jpg
[2011/02/03 23:15:11 | 000,176,465 | ---- | C] () -- C:\Documents and Settings\Drake\My Documents\scented.jpg
[2010/10/04 21:29:19 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2010/10/04 21:29:00 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/10/04 21:28:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2010/10/04 21:27:05 | 000,000,143 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2010/10/04 21:27:05 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2010/10/04 21:27:05 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2010/04/15 21:25:05 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/26 15:44:57 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/11/01 16:55:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/24 22:17:12 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL
[2008/09/22 02:17:13 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Drake\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/22 02:16:08 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/22 02:16:08 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/07 15:27:21 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2008/09/07 14:44:16 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2008/09/07 14:44:13 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2008/09/07 14:44:13 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2008/09/06 14:30:40 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/09/06 14:19:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/04 12:25:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/09/04 12:25:18 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/09/04 11:51:12 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2008/09/04 10:12:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/04 10:08:23 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/04 06:04:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/04 06:03:39 | 001,483,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/07/31 22:59:05 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/07/31 22:59:05 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/07/31 22:59:05 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/06/23 08:47:40 | 000,182,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/03/21 18:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 18:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,496,204 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,091,834 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 14:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys

========== LOP Check ==========

[2010/05/28 17:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/08/17 22:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/06/24 23:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/04/15 01:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2008/10/12 00:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011/03/02 18:40:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2011/03/02 18:40:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2011/02/27 16:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drake\Application Data\Canon
[2008/09/06 14:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drake\Application Data\DAEMON Tools
[2011/02/16 00:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drake\Application Data\FileZilla
[2009/08/17 22:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drake\Application Data\Juniper Networks
[2009/12/07 23:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drake\Application Data\runic games
[2008/09/06 15:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drake\Application Data\Windows Desktop Search
[2008/09/06 20:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drake\Application Data\Windows Search
[2010/11/21 01:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Drake\Application Data\XnView
[2011/03/04 20:38:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2011/03/02 18:48:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2011/03/02 18:48:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2011/03/02 18:48:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2011/03/02 18:48:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/02/27 04:52:00 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2011/03/04 20:52:18 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/03/04 20:49:14 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\PCConfidential.job

========== Purity Check ==========



< End of report >

=====================================================

Extras.txt

OTL Extras logfile created on: 3/4/2011 8:50:14 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Drake\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.15 Gb Total Space | 8.70 Gb Free Space | 12.23% Space Free | Partition Type: NTFS

Computer Name: FENWICK | User Name: Drake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Steam\steamapps\common\torchlight\Torchlight.exe" = C:\Program Files\Steam\steamapps\common\torchlight\Torchlight.exe:*:Enabled:Torchlight -- (Runic Games, Inc.)
"C:\World of Warcraft\Launcher.exe" = C:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\World of Warcraft\Launcher.patch.exe" = C:\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe" = C:\Program Files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe:*:Enabled:Plants vs. Zombies: Game of the Year -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{311EBF70-9282-41D1-BAB0-AD22220301B9}" = 3Dカスタム少女
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4324BC93-C82F-ED16-BA86-5E34B9E05303}" = ccc-core-static
"{4ED118EE-785C-CC18-5D2E-D5CA4BAA03F0}" = Catalyst Control Center Graphics Full New
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{539475B7-44B7-8B0A-134C-F01B9C8B7569}" = ccc-core-preinstall
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5AC7AE54-55DF-1126-076C-623F008D40B6}" = Catalyst Control Center Graphics Full Existing
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{6351D217-3EE3-1967-29BE-6A77635FE485}" = Skins
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AB9CD3A-F91F-233B-923B-6C59BA63524D}" = Catalyst Control Center HydraVision Full
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81D62C32-0984-11D3-86CD-00105AD33021}" = Caere Scan Manager 5.1
"{85A91C22-C369-FCFB-5F1F-D59EB21AD0E1}" = CCC Help English
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6D0140F-E62F-9D1E-2408-9CFF91FF6FC8}" = ccc-utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C44A7422-E380-44BE-79FE-1C032D8A03A7}" = Catalyst Control Center Core Implementation
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5D24929-91A4-B0A1-DE00-AFC453921EF7}" = Catalyst Control Center Graphics Light
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6C09BFB-BA75-15C7-5B18-A2CE31C4F42B}" = Catalyst Control Center Graphics Previews Common
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"All ATI Software" = ATI - Software Uninstall Utility
"ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"FileZilla Client" = FileZilla Client 3.1.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0
"PROSet" = Intel(R) PRO Network Connections Drivers
"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
"Steam App 3590" = Plants vs. Zombies
"Steam App 41500" = Torchlight
"VLC media player" = VLC media player 0.9.2
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.94.2
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/9/2009 12:20:52 PM | Computer Name = FENWICK | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\DRAKE\MY DOCUMENTS\PEOPLES\CC.JPG failed, 00000005.

Error - 11/9/2009 12:20:52 PM | Computer Name = FENWICK | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\DRAKE\MY DOCUMENTS\PEOPLES\DSCF0008.JPG failed, 00000005.


[ Application Events ]
Error - 2/28/2011 4:01:26 AM | Computer Name = FENWICK | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Office
2003 Service Pack 3 (SP3): MAINSP3' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 3/1/2011 4:01:17 AM | Computer Name = FENWICK | Source = MsiInstaller | ID = 11311
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1311.
Source file not found(cabinet): C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\PA561401.CAB.
Verify that the file exists and that you can access it.

Error - 3/1/2011 4:01:19 AM | Computer Name = FENWICK | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Office
2003 Service Pack 3 (SP3): MAINSP3' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 3/2/2011 3:38:52 AM | Computer Name = FENWICK | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 3/2/2011 4:01:10 AM | Computer Name = FENWICK | Source = MsiInstaller | ID = 11311
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1311.
Source file not found(cabinet): C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\PA561401.CAB.
Verify that the file exists and that you can access it.

Error - 3/2/2011 4:01:12 AM | Computer Name = FENWICK | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Office
2003 Service Pack 3 (SP3): MAINSP3' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 3/2/2011 10:47:30 AM | Computer Name = FENWICK | Source = MsiInstaller | ID = 11311
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1311.
Source file not found(cabinet): C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\PA561401.CAB.
Verify that the file exists and that you can access it.

Error - 3/2/2011 10:47:31 AM | Computer Name = FENWICK | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Office
2003 Service Pack 3 (SP3): MAINSP3' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 3/2/2011 9:36:01 PM | Computer Name = FENWICK | Source = MsiInstaller | ID = 11311
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1311.
Source file not found(cabinet): C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\PA561401.CAB.
Verify that the file exists and that you can access it.

Error - 3/2/2011 9:36:03 PM | Computer Name = FENWICK | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Office
2003 Service Pack 3 (SP3): MAINSP3' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

[ System Events ]
Error - 3/4/2011 9:28:53 PM | Computer Name = FENWICK | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 3/4/2011 9:28:53 PM | Computer Name = FENWICK | Source = Service Control Manager | ID = 7031
Description = The Windows Defender service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 15000 milliseconds:
Restart the service.

Error - 3/4/2011 9:28:54 PM | Computer Name = FENWICK | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 3/4/2011 9:28:54 PM | Computer Name = FENWICK | Source = Service Control Manager | ID = 7034
Description = The IMAPI CD-Burning COM Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/4/2011 9:28:55 PM | Computer Name = FENWICK | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/4/2011 9:49:34 PM | Computer Name = FENWICK | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 3/4/2011 9:50:17 PM | Computer Name = FENWICK | Source = Service Control Manager | ID = 7000
Description = The ASPI32 service failed to start due to the following error: %%2

Error - 3/4/2011 9:50:41 PM | Computer Name = FENWICK | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 3/4/2011 9:50:51 PM | Computer Name = FENWICK | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the iPod Service service
to connect.

Error - 3/4/2011 9:50:52 PM | Computer Name = FENWICK | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
%%1053


< End of report >
rmstorey
Active Member
 
Posts: 6
Joined: March 4th, 2011, 10:29 am

Re: Badly infected computer

Unread postby melboy » March 5th, 2011, 7:21 am

Hi

Good. How are things running?



Update Adobe Reader

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader X to your PC's desktop.
  • Uninstall via Start > Control Panel > Add/Remove Programs:
    Adobe Reader 9.1
  • Install the new downloaded updated software.
  • Then using the internal updater ensure the software is updated to the current increment 10.0.1
    • Open Adobe Reader go to > Help > Check for updates and allow the updater to check.
    • Click to download and install any necessary updates.



Ad-Aware

Please be informed that the latest versions of Ad-Aware now have Anti-virus protection included. It is not recommended to have more than one anti-virus installed on a system, and that doing so not only does not provide better protection, it can actually cause additional problems. Anti-virus programs patch into the system kernel. Having more than one anti-virus patching into the system kernel will not only destabilize a system, it can corrupt system files and can cause crashes!

You can turn off the anti-virus engine as follows:
  • Open Ad-Aware
  • Click on switch to advanced mode
  • Click on Settings
  • Click on the Ad-watch live! tab and under Detection layers ensure Antivirus engine is UNchecked
  • Click OK and close Ad-Aware



OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    FF - prefs.js..keyword.URL: "http://kickass.wyzostart.com/s/?src=FF-Address&site=Bing&cfg=2-109-0-1HasU&q="
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 50370
    [2010/08/17 19:29:48 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Drake\Application Data\Mozilla\Firefox\Profiles\ly9389v6.default\searchplugins\bing-zugo.xml
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKCU..\Run: [EA Core] File not found
    
    :files
    C:\WINDOWS\tasks\PCConfidential.job
    C:\WINDOWS\Tasks\PCConfidential.job
    C:\Documents and Settings\All Users\Application Data\Winferno
    C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    
    :commands
    [EMPTYTEMP]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.



ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)
  • Re-enable your anti-virus software.


In your next reply:
  1. OTL log
  2. ESET log
  3. How are things running?
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Badly infected computer

Unread postby rmstorey » March 5th, 2011, 7:11 pm

Things seem okay. The computer takes a while to get running after startup... for example, if I click to open a window immediately upon startup, it takes about 3 to 5 minutes for it to open. But after that it has normal response times. And I'm not sure if that's something new, or if it has always done that.

I made the requested update to Ad-Aware.

OTL Log:

All processes killed
========== OTL ==========
Prefs.js: "http://kickass.wyzostart.com/s/?src=FF-Address&site=Bing&cfg=2-109-0-1HasU&q=" removed from keyword.URL
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 50370 removed from network.proxy.http_port
C:\Documents and Settings\Drake\Application Data\Mozilla\Firefox\Profiles\ly9389v6.default\searchplugins\bing-zugo.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\PCConfidential.job moved successfully.
File\Folder C:\WINDOWS\Tasks\PCConfidential.job not found.
C:\Documents and Settings\All Users\Application Data\Winferno\RegPowerClean folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winferno folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective\Downloads folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters\Driver Detective folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 729521716 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Drake
->Temp folder emptied: 833031065 bytes
->Temporary Internet Files folder emptied: 223765292 bytes
->FireFox cache emptied: 153092254 bytes
->Flash cache emptied: 2402653 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 7573818 bytes

User: NetworkService
->Temp folder emptied: 1172654 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2214750 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39911045 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 116727920 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 99274 bytes

Total Files Cleaned = 2,012.00 mb


OTL by OldTimer - Version 3.2.22.2 log created on 03052011_160719

Files\Folders moved on Reboot...
C:\Documents and Settings\Drake\Local Settings\Temp\Perflib_Perfdata_f54.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_680.dat not found!

Registry entries deleted on Reboot...

============================================================================

ESET log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=0106f1c4a1e44f4b90a4b00f2e104fd5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-05 10:45:13
# local_time=2011-03-05 05:45:13 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 77689668 77689668 0 0
# compatibility_mode=5891 16776574 0 5 8853829 8853829 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=83428
# found=0
# cleaned=0
# scan_time=2871
rmstorey
Active Member
 
Posts: 6
Joined: March 4th, 2011, 10:29 am

Re: Badly infected computer

Unread postby melboy » March 6th, 2011, 5:11 am

Hi

Good - We're nearly there.


Gmer

Download GMER Rootkit Scanner from here.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
    See image below
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If GMER crashes or results in a BSoD, please inform me --

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.



Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.



Re-run DDS

Please disable any anti-malware program that will block scripts from running before running DDS.
  • Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, Please copy & paste the contents of :
    • DDS.txt
And post it in your next reply.




In your next reply:
  1. DDS.txt
  2. MBAM log
  3. GMER log
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Badly infected computer

Unread postby rmstorey » March 6th, 2011, 5:01 pm

DDS.txt:


DDS (Ver_10-12-12.02) - NTFSx86
Run by Drake at 15:58:30.26 on Sun 03/06/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1973 [GMT -5:00]

AV: AVG Anti-Virus 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
svchost.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\program files\steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Drake\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\microt~1.lnk - c:\program files\microtek\scanwizard 5\ScannerFinder.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 0543631750
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://usaccess1.spt.unisys.com/dana-c ... Client.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = :\windows\syste

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\drake\applic~1\mozilla\firefox\profiles\ly9389v6.default\
FF - prefs.js: browser.startup.homepage - hxxp://msn.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-5 64512]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-4 1405384]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2007-5-23 547744]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-12 135664]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2008-9-7 11520]

=============== Created Last 30 ================

2011-03-05 23:46:46 -------- d-----w- c:\docume~1\drake\applic~1\AVG10
2011-03-05 23:18:00 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-03-05 23:16:50 -------- d-----w- c:\windows\system32\drivers\AVG
2011-03-05 23:16:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-03-05 23:16:26 -------- d-----w- c:\program files\AVG
2011-03-05 23:13:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-03-05 21:51:19 -------- d-----w- c:\program files\ESET
2011-03-05 21:37:13 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-05 21:37:10 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-05 21:36:26 -------- d-----w- c:\docume~1\drake\locals~1\applic~1\Sunbelt Software
2011-03-05 21:19:53 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{A5847AFF-A1FE-4929-A3C0-16C23AB1D29D}
2011-03-05 21:19:35 -------- d-----w- c:\program files\Lavasoft
2011-03-05 21:07:19 -------- d-----w- C:\_OTL
2011-03-05 01:31:09 -------- d-----w- c:\docume~1\drake\applic~1\Malwarebytes
2011-03-02 23:45:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-02 23:45:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-02 23:45:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-02 23:45:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-02 23:40:13 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2011-03-02 23:38:56 2811584 ----a-w- C:\ccsetup300.exe
2011-03-02 23:38:52 7734240 ----a-w- C:\mbam-setup.exe
2011-03-02 23:38:46 133432520 ----a-w- C:\Ad-AwareInstall.exe

==================== Find3M ====================

2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:08:45 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08:45 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08:45 17408 ------w- c:\windows\system32\corpol.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:25 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-10-05 02:22:29 8729286 -c--a-w- c:\program files\CanoScan_N650U_N656U_CSUv571a.exe

============= FINISH: 15:59:11.56 ===============

MBAM log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5975

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3/6/2011 3:36:35 PM
mbam-log-2011-03-06 (15-36-35).txt

Scan type: Quick scan
Objects scanned: 154225
Time elapsed: 4 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

======================================================

GMER log:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-06 15:30:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD80 rev.10.0
Running: dezqcry0.exe; Driver: C:\DOCUME~1\Drake\LOCALS~1\Temp\pwldypob.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA10887E]
SSDT spzz.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spzz.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT spzz.sys ZwOpenKey [0xB9EA80C0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9B9FB6C0]
SSDT spzz.sys ZwQueryKey [0xB9EC7108]
SSDT spzz.sys ZwQueryValueKey [0xB9EC6F88]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA108BFE]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9B9FB770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9B9FB810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9B9FB8B0]

INT 0x73 ? 8AE09BF8
INT 0x74 ? 8AE08BF8
INT 0x83 ? 8AD9BF00
INT 0x83 ? 8AE08BF8
INT 0x83 ? 8AD9BF00
INT 0x84 ? 8AE08BF8
INT 0xA4 ? 8AE08BF8
INT 0xB4 ? 8AE08BF8
INT 0xB4 ? 8AE08BF8

---- Kernel code sections - GMER 1.0.15 ----

? spzz.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9126000, 0x1C5D58, 0xE8000020]
.text USBPORT.SYS!DllUnload B90C78AC 5 Bytes JMP 8AE081D8
.text an2pul2g.SYS B8F65386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text an2pul2g.SYS B8F653AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text an2pul2g.SYS B8F653C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text an2pul2g.SYS B8F653C9 1 Byte [2E]
.text an2pul2g.SYS B8F653C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[588] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5296] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10406373 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AE071F8

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-0 8A2EF500
Device \Driver\usbuhci \Device\USBPDO-1 8A2EF500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AD991F8
Device \Driver\dmio \Device\DmControl\DmConfig 8AD991F8
Device \Driver\dmio \Device\DmControl\DmPnP 8AD991F8
Device \Driver\dmio \Device\DmControl\DmInfo 8AD991F8
Device \Driver\PCI_PNP7702 \Device\00000045 spzz.sys
Device \Driver\sptd \Device\2679601452 spzz.sys
Device \Driver\usbehci \Device\USBPDO-2 8A3141F8
Device \Driver\usbuhci \Device\USBPDO-3 8A2EF500
Device \Driver\usbehci \Device\USBPDO-4 8A3141F8

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-5 8A2EF500
Device \Driver\usbuhci \Device\USBPDO-6 8A2EF500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AE0A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AE0A1F8
Device \Driver\Cdrom \Device\CdRom0 8A2F9500
Device \Driver\iastor \Device\Ide\iaStor0 [B9D8AD30] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 [B9D8AD30] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iastor \Device\Ide\IAAStorageDevice-1 [B9D8AD30] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8A2F9500
Device \Driver\Ftdisk \Device\HarddiskVolume3 8AE0A1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 896F01F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B626AF6F-83BE-4E3F-AF58-3F7B6F532150} 896F01F8
Device \Driver\NetBT \Device\NetbiosSmb 896F01F8

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 8A2EF500
Device \Driver\usbuhci \Device\USBFDO-1 8A2EF500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 896E91F8
Device \Driver\usbehci \Device\USBFDO-2 8A3141F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 896E91F8
Device \Driver\usbuhci \Device\USBFDO-3 8A2EF500
Device \Driver\usbuhci \Device\USBFDO-4 8A2EF500
Device \Driver\Ftdisk \Device\FtControl 8AE0A1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6C66C36F-0DB3-47A9-B277-A459F1135FB5} 896F01F8
Device \Driver\usbuhci \Device\USBFDO-5 8A2EF500
Device \Driver\usbehci \Device\USBFDO-6 8A3141F8
Device \Driver\an2pul2g \Device\Scsi\an2pul2g1 8A3131F8
Device \Driver\an2pul2g \Device\Scsi\an2pul2g1Port2Path0Target0Lun0 8A3131F8
Device \Driver\aic78xx \Device\Scsi\aic78xx1 8AD981F8
Device \FileSystem\Fastfat \Fat 891A01F8
Device \FileSystem\Fastfat \Fat 9B3E1297

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\Cdfs \Cdfs 8A10B500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD3 0x24 0x21 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x2A 0x2F 0x41 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCB 0xCD 0x41 0xEE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD3 0x24 0x21 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x2A 0x2F 0x41 0x55 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCB 0xCD 0x41 0xEE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD3 0x24 0x21 0xCB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x2A 0x2F 0x41 0x55 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCB 0xCD 0x41 0xEE ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD3 0x24 0x21 0xCB ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x2A 0x2F 0x41 0x55 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCB 0xCD 0x41 0xEE ...

---- EOF - GMER 1.0.15 ----
rmstorey
Active Member
 
Posts: 6
Joined: March 4th, 2011, 10:29 am

Re: Badly infected computer

Unread postby melboy » March 6th, 2011, 5:30 pm

Hi

That looks good - How are things running?


Backup the Registry:

Modifying the Registry can create unforseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.(System registry & Current user registry)
  • Click on OK
  • When the Question pop-up appears click on Yes to create the folder.
  • After a short duration the Registry backup is complete! popup will appear
  • Now click on OK. A backup has been created.



OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    
    :files
    C:\WINDOWS\Tasks\Driver Robot.job
    ipconfig /flushdns /c
    
    :commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Badly infected computer

Unread postby rmstorey » March 6th, 2011, 5:57 pm

Still a little slow at startup, but otherwise I haven't seen any problems. I uninstalled a couple old virus scanners that hadn't been kept up-to-date (avast! and Windows Defender... actually, Defender had never been activated) and installed AVG.

OTL Log:

All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Drake\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Drake\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Drake
->Temp folder emptied: 697475305 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 76914675 bytes
->Flash cache emptied: 2687 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 945 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 739.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.2 log created on 03062011_164550

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
rmstorey
Active Member
 
Posts: 6
Joined: March 4th, 2011, 10:29 am

Re: Badly infected computer

Unread postby melboy » March 6th, 2011, 6:38 pm

Hi

The slowness is unlikely to be malware related as the logs look clean. After completing my instructions, try the tutorial below.

http://www.malwareremoval.com/tutorials ... slowly.php


Your log now appears to be clean. Congratulations!
This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


OTL by OldTimer

  • Double-click OTL.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself


==========================


General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

Clear Infected System Restore Points

  • Turn System Restore off
  • On the Desktop, right click on the My Computer icon.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
    Restart your computer
    -
  • Turn System Restore on
  • On the Desktop, right click on the My Computer icon.
  • Click Properties.
  • Click the System Restore tab.
  • Uncheck Turn off System Restore on all drives.
  • Click Apply
  • Click each drive in turn where system restore is not required and click Settings
    Note: System restore is only needed on drives with an operating system installed
  • For each drive without an operating system, check Turn off system restore on this drive, click Yes then click OK.
Note: only do this once, and not on a regular basis


  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Uninstall Tools for Major Antivirus Products

  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.

  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.

  • Make Internet Explorer More Secure
    Even if you do not use Internet Explorer as you Primary/Default browser it is important to keep it updated. Internet Explorer can be utilised by other programs and therefore must be kept updated to avoid exploitable vulnerabilities.
    Internet Explorer 8 <<< Recommended Version
    For older versions please read and follow the recommendations at this site
    Internet Explorer7


Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • Malwarebytes' Anti-Malware
    As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. (TIP: Cleaning out temp files can reduce scanning times.)
    Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Badly infected computer

Unread postby rmstorey » March 6th, 2011, 6:56 pm

Thank you SO MUCH Melboy. You saved my fiancee's computer, and I can't even begin to say how much I appreciate you giving of your own time and knowledge to help others. This forum is a godsend.

-Rachael
rmstorey
Active Member
 
Posts: 6
Joined: March 4th, 2011, 10:29 am

Re: Badly infected computer

Unread postby melboy » March 6th, 2011, 7:05 pm

You're most welcome, Rachael :)
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Badly infected computer

Unread postby Wingman » March 6th, 2011, 7:23 pm

As your problems appear to have been resolved, this topic is now closed.
We are pleased we could help you resolve your computer's malware issues.

If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Donations For Malware Removal
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 328 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware