Laptop Constantly Freezes...?

Dell Inspiron 1545 laptop (black)
February 28, 2010 at 10:16:34
Specs: Windows XP, Dell Inspiron 1545 3gb
Hello Everyone,

For some reason my Dell Inspiron 1545 Laptop has been constanly freezing on me minutes after i turn it on. I ran the following scans on safe mode; Super AntiSpyware & Spybot which removed a bunch of tracking cookies. Malwarebytes removed six Bopper Trojans. However, the problem still persist. I then attempted to run a virusscan using AVG on normal mode as well as Malwarebytes scan again but the laptop freezes up after about 10 minutes into it. I also tried doing a restore point, although it restored to a previous date successfully it still has the same problem. Im at the end of my wits, can anyone offer any assistance?


See More: Laptop Constantly Freezes...?

Report •


#1
February 28, 2010 at 16:56:42
anyone? I noticed the laptop does not freeze on safe mode only on normal mode. Any help would be greatly appreciated.

Report •

#2
February 28, 2010 at 17:02:33
Probably infected, You may need to boot into safe mode with networking to download this..

Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Save both reports to your desktop then post them please.


Report •

#3
March 1, 2010 at 02:32:12
jabuck,

Thank you for your response. The following are the two logs;

DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by Administrator at 5:18:16.09 on Mon 03/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3034.2648 [GMT -5:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [NeroHomeFirstStart] c:\program files\common files\ahead\lib\NMFirstStart.exe
uRunOnce: [SpybotDeletingB7660] command.com /c del "c:\windows\avujehul.dll_old"
uRunOnce: [SpybotDeletingD5133] cmd.exe /c del "c:\windows\avujehul.dll_old"
uRunOnce: [SpybotDeletingB5992] command.com /c del "c:\windows\system32\winlogon32.exe"
uRunOnce: [SpybotDeletingD3627] cmd.exe /c del "c:\windows\system32\winlogon32.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\affini~1.lnk - c:\program files\affinity\affinity vpn client\vpngui.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252927240345
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-14 108552]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-9-14 160256]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-14 335240]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-14 27784]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/16 12:23:06];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-14 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-14 297752]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-9-14 108160]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-9-14 189792]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

=============== Created Last 30 ================

2010-03-01 10:08:17 0 d-sh--w- c:\documents and settings\administrator\PrivacIE
2010-02-28 17:24:25 0 d-----w- c:\windows\system32\wbem\Repository
2010-02-27 04:14:52 0 d-----w- c:\program files\Wide Angle Software(2)
2010-02-24 00:51:48 0 d-----w- c:\program files\MSN Messenger
2010-02-15 03:37:06 0 d-----w- c:\docume~1\alluse~1\applic~1\InterVideo
2010-02-15 03:35:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Corel
2010-02-15 03:32:42 0 d-----w- c:\program files\common files\Protexis
2010-02-15 03:28:37 0 d-----w- c:\program files\common files\Corel
2010-02-15 03:27:05 0 d-----w- c:\program files\common files\Ulead Systems
2010-02-15 03:26:46 0 d-----w- c:\program files\Corel
2010-02-15 03:04:59 0 d-----w- c:\program files\Siber Systems
2010-02-13 05:23:29 88 --sh--r- c:\docume~1\alluse~1\applic~1\BBC42ED066.sys
2010-02-13 05:23:28 6266 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-02-13 05:16:16 0 d-----w- c:\windows\system32\windows media
2010-02-13 05:16:06 0 d--h--w- c:\windows\msdownld.tmp
2010-02-13 05:16:06 0 d-----w- c:\windows\RegisteredPackages
2010-02-13 05:06:38 0 d-----w- c:\program files\Windows Media Components
2010-02-02 11:23:36 43984 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-31 05:09:28 0 d-----w- c:\program files\XP Codec Pack
2010-01-30 22:05:54 178176 ----a-w- c:\windows\system32\unrar.dll
2010-01-30 22:05:53 38 ----a-w- c:\windows\avisplitter.ini
2010-01-30 22:05:51 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-01-30 22:05:51 151552 ----a-w- c:\windows\system32\ac3acm.acm
2010-01-30 22:05:44 0 d-----w- c:\program files\K-Lite Codec Pack

==================== Find3M ====================

2010-01-16 17:21:16 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-01-16 17:21:15 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-16 17:21:15 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-12 20:18:20 1409890 ----a-w- c:\windows\system32\ffmpegmt.dll
2010-01-12 20:18:10 336384 ----a-w- c:\windows\system32\ff_libfaad2.dll
2010-01-12 20:18:10 216576 ----a-w- c:\windows\system32\ff_libdts.dll
2010-01-12 20:18:10 151552 ----a-w- c:\windows\system32\ff_libmad.dll
2010-01-12 20:18:10 145408 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2010-01-12 20:18:10 121856 ----a-w- c:\windows\system32\ff_liba52.dll
2010-01-12 20:18:08 97792 ----a-w- c:\windows\system32\ff_unrar.dll
2010-01-12 20:18:08 169984 ----a-w- c:\windows\system32\ff_samplerate.dll
2010-01-12 20:18:08 116736 ----a-w- c:\windows\system32\ff_tremor.dll
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 00:00:00 324096 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2010-01-01 00:00:00 248320 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2009-12-31 16:14:12 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 12:58:04 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\csrsrv.dll

============= FINISH: 5:18:20.26 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume3
Install Date: 9/14/2009 9:54:09 AM
System Uptime: 3/1/2010 5:05:55 AM (0 hours ago)

Motherboard: Dell Inc. | | 0G848F
Processor: Intel Pentium III Xeon processor | Microprocessor | 1995/200mhz
Processor: Intel Pentium III Xeon processor | Microprocessor | 1994/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 283 GiB total, 94.648 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 14.583 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4354&SUBSYS_02AA1028&REV_13\4&243EA0D2&0&00E2
Manufacturer: Marvell
Name: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4354&SUBSYS_02AA1028&REV_13\4&243EA0D2&0&00E2
Service: yukonwxp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

RP92: 11/21/2009 11:00:47 AM - System Checkpoint
RP93: 11/22/2009 4:41:22 PM - System Checkpoint
RP94: 11/23/2009 6:31:21 PM - System Checkpoint
RP95: 11/25/2009 5:16:21 AM - Software Distribution Service 3.0
RP96: 11/26/2009 8:10:46 AM - Avg8 Update
RP97: 12/2/2009 7:26:30 AM - System Checkpoint
RP98: 12/4/2009 5:54:19 AM - System Checkpoint
RP99: 12/5/2009 7:13:18 PM - System Checkpoint
RP100: 12/7/2009 6:07:06 AM - System Checkpoint
RP101: 12/9/2009 7:16:45 AM - Software Distribution Service 3.0
RP102: 12/10/2009 8:58:42 PM - Avg8 Update
RP103: 12/10/2009 8:59:09 PM - Avg8 Update
RP104: 12/11/2009 6:33:54 AM - Installed Microsoft Office Visio Professional 2007
RP105: 12/14/2009 7:20:09 PM - System Checkpoint
RP106: 12/16/2009 5:48:08 AM - System Checkpoint
RP107: 12/17/2009 5:13:08 AM - Software Distribution Service 3.0
RP108: 12/17/2009 6:43:51 PM - Installed SyncPix Desktop.
RP109: 12/19/2009 5:24:30 PM - System Checkpoint
RP110: 12/21/2009 5:48:01 AM - System Checkpoint
RP111: 12/22/2009 5:02:53 AM - Avg8 Update
RP112: 12/23/2009 5:47:22 AM - System Checkpoint
RP113: 12/26/2009 3:33:02 PM - System Checkpoint
RP114: 12/28/2009 5:46:06 AM - System Checkpoint
RP115: 12/28/2009 8:44:25 PM - Avg8 Update
RP116: 12/30/2009 5:48:18 AM - System Checkpoint
RP117: 12/30/2009 7:37:37 PM - Avg8 Update
RP118: 12/31/2009 5:23:58 PM - Avg8 Update
RP119: 1/1/2010 6:15:39 PM - System Checkpoint
RP120: 1/2/2010 7:22:49 PM - System Checkpoint
RP121: 1/3/2010 7:35:56 PM - System Checkpoint
RP122: 1/5/2010 5:47:35 AM - System Checkpoint
RP123: 1/6/2010 5:48:37 AM - System Checkpoint
RP124: 1/7/2010 5:50:11 AM - System Checkpoint
RP125: 1/8/2010 6:02:00 AM - System Checkpoint
RP126: 1/9/2010 11:07:43 AM - System Checkpoint
RP127: 1/10/2010 12:39:01 PM - System Checkpoint
RP128: 1/11/2010 9:00:05 PM - System Checkpoint
RP129: 1/14/2010 5:19:23 AM - Software Distribution Service 3.0
RP130: 1/15/2010 6:28:54 PM - System Checkpoint
RP131: 1/16/2010 12:21:25 PM - Installed PowerDVD
RP132: 1/17/2010 12:39:09 PM - System Checkpoint
RP133: 1/20/2010 4:59:20 AM - Avg8 Update
RP134: 1/22/2010 5:47:11 AM - System Checkpoint
RP135: 1/22/2010 6:18:21 PM - Software Distribution Service 3.0
RP136: 1/23/2010 6:30:19 PM - System Checkpoint
RP137: 1/24/2010 6:42:16 PM - System Checkpoint
RP138: 1/25/2010 7:33:43 PM - System Checkpoint
RP139: 1/27/2010 5:49:25 AM - System Checkpoint
RP140: 1/28/2010 7:38:50 PM - System Checkpoint
RP141: 2/1/2010 6:25:58 PM - Avg8 Update
RP142: 2/11/2010 7:12:25 AM - Software Distribution Service 3.0
RP143: 2/13/2010 12:05:12 AM - Installed DirectX
RP144: 2/14/2010 10:25:38 PM - Installed DirectX
RP145: 2/14/2010 11:02:21 PM - Software Distribution Service 3.0
RP146: 2/18/2010 8:02:12 AM - System Checkpoint
RP147: 2/23/2010 8:33:52 PM - Software Distribution Service 3.0
RP148: 2/26/2010 10:56:08 PM - Installed TouchCopy
RP149: 2/26/2010 11:14:21 PM - Removed TouchCopy
RP150: 2/26/2010 11:14:51 PM - Installed TouchCopy 09
RP151: 2/28/2010 12:21:39 PM - Restore Operation
RP152: 2/28/2010 5:35:32 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 8.5
AviSynth 2.5
Bejeweled 2 Deluxe 1.0
Bonjour
Contents
ConvertXtoDVD 3.5.3.139
Corel PaintShop Photo Pro X3
CyberLink PowerDVD 9
Dell Resource CD
Dell Support Center (Support Software)
Dell Touchpad
DeviceIO
Dream Aquarium
Garmin Communicator Plugin
Garmin USB Drivers
Haali Media Splitter
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB914642)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB937930)
Hotfix for Windows XP (KB945436)
Hotfix for Windows XP (KB946629)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
ICA
IDT Audio
ImgBurn
Intel(R) Graphics Media Accelerator Driver
IPM_PSP_Pro
iTunes
Java(TM) 6 Update 15
K-Lite Codec Pack 5.6.8 (Full) BETA
LimeWire PRO 5.1.2
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Media Player Codec Pack 3.9.2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MLE
MobileMe Control Panel
MSXML 6 Service Pack 2 (KB973686)
Nero 7 Demo
PSPH10Pro
PSPPContent
PSPPRO_DCRAW
PureHD
QuickSet
QuickTime
Ringtone Expressions 1.0.0
Safari
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SereneScreen Marine Aquarium 2.6
Setup
Share
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
SyncPix Desktop
Thoosje Vista Sidebar
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB894391)
Update for Windows XP (KB896256)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 Card Reader Software
Videora iPod Converter 4.06
VIO
VistaMizer 3.3.0.0
VPN Client
Vuze
WebFldrs XP
Winamp
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Service Pack 2
WinRAR archiver
XP Codec Pack

==== Event Viewer Messages From Past Week ========

3/1/2010 5:10:24 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/1/2010 5:07:57 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV AvgLdx86 AvgMfx86 Fips intelppm SASDIFSV SASKUTIL
2/27/2010 3:09:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
2/27/2010 3:09:44 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
2/27/2010 3:09:44 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/27/2010 3:09:44 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/27/2010 3:09:44 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/27/2010 3:09:44 PM, error: Service Control Manager [7001] - The Cisco Systems, Inc. VPN Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/27/2010 3:09:44 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/27/2010 3:09:44 PM, error: Service Control Manager [7001] - The ATM ARP Client Protocol service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/27/2010 3:09:44 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/27/2010 3:09:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/27/2010 2:52:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/25/2010 7:36:06 PM, error: PSched [14103] - QoS [Adapter {E55476AF-7807-462E-AA31-7B51D1F5543C}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
2/25/2010 7:34:15 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0022FB9CCBA2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================


Report •

Related Solutions

#4
March 2, 2010 at 02:01:55
Can anyone offer me assistance?

Report •

#5
March 2, 2010 at 16:13:11
You should uninstall LimeWire as it is known to harbor spyware and may be the source of your problem.

You need to update Java. Go to start> control panel> click the Java icon> update > update now and allow it to update. If there are any offers such as a toolbar uncheck the box when the prompt appears.

Please download Combofix from internet explorer rather than another browser if possible.

Remember..your AVG antivirus and Spybot's TeaTimer must be turned off or disabled before running ComboFix. no neet to turn off Malwarebytes. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#6
March 3, 2010 at 16:00:10
Jabuck,

As instructed i uninstalled Limewire & updated Java. I had problems updating java with the laptop freezing, fortunately after a few tries i was able to do it. However it was updated after running ComboFix.

I downloaded ComboFix using internet explorer and disabled AVG prior to running it. Because the laptop was constantly freezing in normail mode, I was only able to run ComboFix on safe mode. Please find the attached Combo Fix Log;

ComboFix 10-03-03.03 - Noel 03/03/2010 17:59:03.2.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3034.2641 [GMT -5:00]
Running from: c:\documents and settings\Noel\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Administrator\Local Settings\Application Data\{86A5D6D4-3EB0-4ED4-BB00-59BA93BC12B7}\chrome.manifest
c:\documents and settings\Administrator\Local Settings\Application Data\{86A5D6D4-3EB0-4ED4-BB00-59BA93BC12B7}\chrome\content\_cfg.js
c:\documents and settings\Administrator\Local Settings\Application Data\{86A5D6D4-3EB0-4ED4-BB00-59BA93BC12B7}\chrome\content\overlay.xul
c:\documents and settings\Administrator\Local Settings\Application Data\{86A5D6D4-3EB0-4ED4-BB00-59BA93BC12B7}\install.rdf
c:\documents and settings\Noel\Application Data\inst.exe
c:\documents and settings\Noel\Local Settings\Application Data\{B2E27A14-F34A-4160-92C3-F10DA224FBCA}\chrome.manifest
c:\documents and settings\Noel\Local Settings\Application Data\{B2E27A14-F34A-4160-92C3-F10DA224FBCA}\chrome\content\_cfg.js
c:\documents and settings\Noel\Local Settings\Application Data\{B2E27A14-F34A-4160-92C3-F10DA224FBCA}\chrome\content\overlay.xul
c:\documents and settings\Noel\Local Settings\Application Data\{B2E27A14-F34A-4160-92C3-F10DA224FBCA}\install.rdf
c:\windows\system32\11478.exe
c:\windows\system32\11942.exe
c:\windows\system32\12382.exe
c:\windows\system32\14604.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\17421.exe
c:\windows\system32\18467.exe
c:\windows\system32\18716.exe
c:\windows\system32\19169.exe
c:\windows\system32\19718.exe
c:\windows\system32\19895.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\32391.exe
c:\windows\system32\3902.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\9961.exe

-- Previous Run --

Infected copy of c:\windows\system32\midimap.dll was found and disinfected
Restored copy from - c:\windows\VistaMizer\old\midimap.dll

--------

.
original MBR restored successfully !
.
((((((((((((((((((((((((( Files Created from 2010-02-03 to 2010-03-03 )))))))))))))))))))))))))))))))
.

2010-03-03 22:56 . 2010-03-03 22:57 -------- d-----w- C:\Combo-Fix
2010-03-03 10:03 . 2010-03-03 11:34 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-03 10:03 . 2010-03-03 11:34 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-03 09:59 . 2010-03-03 09:59 152576 ----a-w- c:\documents and settings\Noel\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-03 09:58 . 2010-03-03 09:58 79488 ----a-w- c:\documents and settings\Noel\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-03 09:58 . 2010-03-03 11:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-01 10:08 . 2010-03-01 10:08 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-02-28 17:24 . 2010-02-28 17:24 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-27 04:17 . 2010-02-28 17:22 -------- d-----w- c:\documents and settings\Noel\Local Settings\Application Data\tctemp(2)
2010-02-27 04:15 . 2010-02-27 04:15 -------- d-----w- c:\documents and settings\Noel\Local Settings\Application Data\Wide Angle Software
2010-02-27 04:14 . 2010-02-27 04:14 -------- d-----w- c:\program files\Wide Angle Software(2)
2010-02-27 03:58 . 2010-02-27 03:58 -------- d-----w- c:\documents and settings\Noel\Local Settings\Application Data\tcbackup
2010-02-24 11:46 . 2010-02-24 11:46 -------- d-----w- c:\documents and settings\Noel\Application Data\MSNInstaller(2)
2010-02-24 00:51 . 2010-02-28 17:23 -------- d-----w- c:\program files\MSN Messenger
2010-02-24 00:33 . 2010-02-28 17:23 -------- d-----w- c:\documents and settings\Noel\Application Data\MSN6
2010-02-15 03:42 . 2010-02-25 10:29 -------- d-----w- c:\documents and settings\Noel\Local Settings\Application Data\Corel
2010-02-15 03:37 . 2010-02-15 03:37 -------- d-----w- c:\documents and settings\Noel\Application Data\Ulead Systems
2010-02-13 05:09 . 2010-02-15 03:31 -------- d-----w- c:\documents and settings\Noel\Application Data\Corel
2010-02-13 05:06 . 2010-02-13 05:06 -------- d-----w- c:\program files\Windows Media Components
2010-02-02 11:23 . 2010-02-02 11:23 43984 ---ha-w- c:\windows\system32\mlfcache.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 03:46 . 2009-09-30 04:55 -------- d-----w- c:\documents and settings\Noel\Application Data\LimeWire
2010-02-22 03:00 . 2009-09-15 03:32 -------- d-----w- c:\documents and settings\Noel\Application Data\Vso
2010-02-22 01:56 . 2010-02-15 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2010-02-15 03:57 . 2010-02-13 05:23 6266 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-02-15 03:57 . 2010-02-13 05:23 6266 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-02-15 03:42 . 2009-09-15 03:27 -------- d-----w- c:\documents and settings\Noel\Application Data\Azureus
2010-02-15 03:41 . 2010-02-13 05:23 88 --sh--r- c:\documents and settings\All Users\Application Data\BBC42ED066.sys
2010-02-15 03:41 . 2010-02-13 05:23 88 --sh--r- c:\documents and settings\All Users\Application Data\BBC42ED066.sys
2010-02-15 03:37 . 2009-09-14 12:33 62296 ----a-w- c:\documents and settings\Noel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-15 03:37 . 2010-02-15 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2010-02-15 03:36 . 2009-09-14 13:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-15 03:36 . 2010-02-15 03:26 -------- d-----w- c:\program files\Corel
2010-02-15 03:35 . 2010-02-15 03:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-02-15 03:32 . 2010-02-15 03:32 -------- d-----w- c:\program files\Common Files\Protexis
2010-02-15 03:32 . 2010-02-15 03:28 -------- d-----w- c:\program files\Common Files\Corel
2010-02-15 03:27 . 2010-02-15 03:27 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-02-15 03:04 . 2010-02-15 03:04 -------- d-----w- c:\program files\Siber Systems
2010-02-06 21:31 . 2009-09-15 14:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-31 05:09 . 2010-01-31 05:09 -------- d-----w- c:\program files\XP Codec Pack
2010-01-30 22:08 . 2010-01-30 22:05 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-01-28 00:21 . 2009-09-26 16:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-28 00:15 . 2009-09-26 16:41 117760 ----a-w- c:\documents and settings\Noel\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-27 00:08 . 2010-01-27 00:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-27 00:06 . 2010-01-27 00:06 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-27 00:05 . 2010-01-27 00:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-01-26 12:01 . 2010-01-24 19:31 120 ----a-w- c:\windows\Kvareqijiwawan.dat
2010-01-26 09:56 . 2010-01-24 19:31 0 ----a-w- c:\windows\Qqewupotov.bin
2010-01-18 14:49 . 2010-01-18 14:49 -------- d-----w- c:\documents and settings\Noel\Application Data\DivX
2010-01-16 17:25 . 2010-01-16 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-01-16 17:24 . 2010-01-16 17:24 -------- d-----w- c:\documents and settings\Noel\Application Data\CyberLink
2010-01-16 17:23 . 2010-01-16 17:22 -------- d-----w- c:\program files\CyberLink
2010-01-16 17:22 . 2010-01-16 17:22 -------- d-----w- c:\program files\Common Files\CyberLink
2010-01-16 17:21 . 2010-01-16 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2010-01-16 17:21 . 2010-01-16 17:21 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-01-16 17:21 . 2010-01-16 17:21 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2010-01-16 17:21 . 2009-07-30 03:18 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-16 17:21 . 2009-07-30 03:18 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-12 20:18 . 2010-01-12 20:18 1409890 ----a-w- c:\windows\system32\ffmpegmt.dll
2010-01-12 20:18 . 2010-01-12 20:18 336384 ----a-w- c:\windows\system32\ff_libfaad2.dll
2010-01-12 20:18 . 2010-01-12 20:18 216576 ----a-w- c:\windows\system32\ff_libdts.dll
2010-01-12 20:18 . 2010-01-12 20:18 151552 ----a-w- c:\windows\system32\ff_libmad.dll
2010-01-12 20:18 . 2010-01-12 20:18 145408 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2010-01-12 20:18 . 2010-01-12 20:18 121856 ----a-w- c:\windows\system32\ff_liba52.dll
2010-01-12 20:18 . 2010-01-12 20:18 97792 ----a-w- c:\windows\system32\ff_unrar.dll
2010-01-12 20:18 . 2010-01-12 20:18 169984 ----a-w- c:\windows\system32\ff_samplerate.dll
2010-01-12 20:18 . 2010-01-12 20:18 116736 ----a-w- c:\windows\system32\ff_tremor.dll
2010-01-12 15:24 . 2009-12-22 10:08 52224 ----a-w- c:\documents and settings\Noel\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-11 04:38 . 2010-01-11 04:38 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-11 02:03 . 2009-09-26 16:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-11 02:03 . 2009-12-22 10:04 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 21:07 . 2009-09-26 16:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-09-26 16:44 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 02:50 . 2009-09-15 03:25 -------- d-----w- c:\program files\Azureus
2010-01-01 00:00 . 2010-01-01 00:00 324096 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2010-01-01 00:00 . 2010-01-01 00:00 248320 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2009-12-31 16:14 . 2003-07-16 20:46 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2003-07-16 20:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 12:58 . 2009-09-14 13:48 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2003-07-16 20:26 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-12 14:15 . 2010-01-30 22:05 178176 ----a-w- c:\windows\system32\unrar.dll
2009-12-04 14:41 . 2003-07-16 20:34 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

------- Sigcheck -------

[-] 2004-08-04 . 55ACA85EB80E2155E20211AAADDD711A . 541696 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2004-08-04 . 55ACA85EB80E2155E20211AAADDD711A . 541696 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\VistaMizer\old\winlogon.exe
[-] 2003-07-16 . 2246D8D8F4714A2CEDB21AB9B1849ABB . 516608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2006-08-25 . 76F31C563F9ADA37E5031E00C36ACD0B . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . 76F31C563F9ADA37E5031E00C36ACD0B . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . 76F31C563F9ADA37E5031E00C36ACD0B . 724992 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
[7] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2003-07-16 . 0B5D337119929505EE72D4E4A41ED1FD . 557056 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 3A5C81EEBE5D65D271227BE113BFE181 . 1551360 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 3A5C81EEBE5D65D271227BE113BFE181 . 1551360 . . [6.00.2900.3156] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 3A5C81EEBE5D65D271227BE113BFE181 . 1551360 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
[7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\VistaMizer\old\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2003-07-16 . A82B28BFC2E4455FE43022A498C0EF0A . 1004032 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2004-08-04 . 5F1724D0E11EB88C95A3B73A6DD72779 . 25088 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-08-04 . 5F1724D0E11EB88C95A3B73A6DD72779 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\VistaMizer\old\ctfmon.exe
[-] 2003-07-16 . 414DE7CF9D3F19C3EA902F1BB38EC116 . 13312 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2008-09-16 178712]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-02 200704]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2009-01-09 1712128]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

c:\documents and settings\Noel\Start Menu\Programs\Startup\
Thoosje Sidebar.lnk - c:\program files\Thoosje Vista Sidebar\Thoosje Sidebar.exe [2009-8-16 605696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Affinity Health Plan VPN Client.lnk - c:\program files\Affinity\Affinity VPN Client\vpngui.exe [2009-9-14 1421328]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-15 04:05 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 16:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]
2008-05-20 23:21 466944 ----a-w- c:\windows\system32\AESTFltr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 19:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-02-28 18:40 75048 ----a-w- c:\program files\CyberLink\Shared Files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 07:56 25088 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 18:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-09-16 21:02 150040 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 20:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-01-07 21:07 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1831424 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 17:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2008-10-14 01:41 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-09-16 21:02 150040 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 08:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-02-16 14:55 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby]
2010-01-07 18:09 105632 ----a-w- c:\program files\Common Files\Corel\Standby\Standby.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 12:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-12-22 11:34 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2008-05-23 00:31 442467 ----a-w- c:\program files\IDT\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Affinity\\Affinity VPN Client\\ipsecdialer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3246:TCP"= 3246:TCP:Services

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/14/2009 9:55 PM 108552]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [9/14/2009 8:57 AM 160256]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/14/2009 9:54 PM 335240]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 1:42 PM 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 1:42 PM 74480]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/16 12:23];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 7:40 PM 87536]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [9/14/2009 9:07 AM 108160]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 1:42 PM 7408]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/14/2009 11:05 PM 908056]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/14/2009 11:05 PM 297752]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xbox360.ign.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Corel File Shell Monitor - c:\program files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
MSConfigStartUp-Gamevance - c:\program files\Gamevance\gamevance32.exe
AddRemove-HaaliMkx - c:\program files\Matroska Pack\haali\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 18:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x89E9CA88]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bfc3
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> 0x89e9ca88
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8059e1a2
ParseProcedure -> ntoskrnl.exe @ 0x8057c745
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8059e1a2
ParseProcedure -> ntoskrnl.exe @ 0x8057c745
NDIS: Intel(R) WiFi Link 5100 AGN -> SendCompleteHandler -> 0x8789e330
PacketIndicateHandler -> NDIS.sys @ 0xf746cb21
SendHandler -> NDIS.sys @ 0xf744a87b
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x02542E2B0
malicious code @ sector 0x02542E2B3 !
PE file found in sector at 0x02542E2C9 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1408)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(1480)
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(496)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
.
Completion time: 2010-03-03 18:08:30
ComboFix-quarantined-files.txt 2010-03-03 23:08

Pre-Run: 102,126,391,296 bytes free
Post-Run: 102,074,900,480 bytes free

- - End Of File - - FF07A7FF91F6AEA652142E292886290C


Report •

#7
March 3, 2010 at 21:39:10
Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
c:\windows\Kvareqijiwawan.dat
c:\windows\Qqewupotov.bin

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.

Please go to Virus Total and upload the following file for analysis:

c:\documents and settings\All Users\Application Data\BBC42ED066.sys

Use the browse button at the site to find the file, once you find the file double click it and it should appear in the empty space to the left of the browse button> click "send file". If the file has already been analyzed click the reanalyze button to have it checked again.

Post the results in your reply.


Report •

#8
March 4, 2010 at 03:56:32
Jabuck,

I attempted to use the "Virus Total" However there wasnt a "BBC42ED066.sys" file in the Application Data folder.

Please find the attached ComboFix Log;

ComboFix 10-03-03.07 - Noel 03/04/2010 6:25.4.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3034.2736 [GMT -5:00]
Running from: c:\documents and settings\Noel\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Noel\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\Kvareqijiwawan.dat"
"c:\windows\Qqewupotov.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\Kvareqijiwawan.dat
c:\windows\Qqewupotov.bin

.
original MBR restored successfully !
.
((((((((((((((((((((((((( Files Created from 2010-02-04 to 2010-03-04 )))))))))))))))))))))))))))))))
.

2010-03-03 23:56 . 2010-03-03 23:56 -------- d-----w- c:\program files\Common Files\Java
2010-03-03 22:57 . 2010-03-03 23:08 -------- d-----w- C:\Combo-Fix8741C
2010-03-03 22:56 . 2010-03-03 22:57 -------- d-----w- C:\Combo-Fix
2010-03-03 09:58 . 2010-03-03 23:09 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-01 10:08 . 2010-03-01 10:08 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-02-28 17:24 . 2010-02-28 17:24 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-27 04:17 . 2010-02-28 17:22 -------- d-----w- c:\documents and settings\Noel\Local Settings\Application Data\tctemp(2)
2010-02-27 04:15 . 2010-02-27 04:15 -------- d-----w- c:\documents and settings\Noel\Local Settings\Application Data\Wide Angle Software
2010-02-27 04:14 . 2010-02-27 04:14 -------- d-----w- c:\program files\Wide Angle Software(2)
2010-02-27 03:58 . 2010-02-27 03:58 -------- d-----w- c:\documents and settings\Noel\Local Settings\Application Data\tcbackup
2010-02-24 11:46 . 2010-02-24 11:46 -------- d-----w- c:\documents and settings\Noel\Application Data\MSNInstaller(2)
2010-02-24 00:51 . 2010-02-28 17:23 -------- d-----w- c:\program files\MSN Messenger
2010-02-24 00:33 . 2010-02-28 17:23 -------- d-----w- c:\documents and settings\Noel\Application Data\MSN6
2010-02-15 03:42 . 2010-02-25 10:29 -------- d-----w- c:\documents and settings\Noel\Local Settings\Application Data\Corel
2010-02-15 03:37 . 2010-02-15 03:37 -------- d-----w- c:\documents and settings\Noel\Application Data\Ulead Systems
2010-02-15 03:37 . 2010-02-15 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2010-02-15 03:35 . 2010-02-15 03:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-02-15 03:32 . 2010-02-15 03:32 -------- d-----w- c:\program files\Common Files\Protexis
2010-02-15 03:28 . 2010-02-15 03:32 -------- d-----w- c:\program files\Common Files\Corel
2010-02-15 03:27 . 2010-02-22 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2010-02-15 03:27 . 2010-02-15 03:27 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-02-15 03:26 . 2010-02-15 03:36 -------- d-----w- c:\program files\Corel
2010-02-15 03:04 . 2010-02-15 03:04 -------- d-----w- c:\program files\Siber Systems
2010-02-13 05:16 . 2010-02-13 05:16 -------- d-----w- c:\windows\system32\windows media
2010-02-13 05:16 . 2010-02-15 03:37 -------- d--h--w- c:\windows\msdownld.tmp
2010-02-13 05:09 . 2010-02-15 03:31 -------- d-----w- c:\documents and settings\Noel\Application Data\Corel
2010-02-13 05:06 . 2010-02-13 05:06 -------- d-----w- c:\program files\Windows Media Components

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 23:55 . 2009-09-15 02:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-03 23:18 . 2009-09-15 02:10 -------- d-----w- c:\program files\Java
2010-02-27 03:46 . 2009-09-30 04:55 -------- d-----w- c:\documents and settings\Noel\Application Data\LimeWire
2010-02-22 03:00 . 2009-09-15 03:32 -------- d-----w- c:\documents and settings\Noel\Application Data\Vso
2010-02-15 03:57 . 2010-02-13 05:23 6266 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-02-15 03:42 . 2009-09-15 03:27 -------- d-----w- c:\documents and settings\Noel\Application Data\Azureus
2010-02-15 03:41 . 2010-02-13 05:23 88 --sh--r- c:\documents and settings\All Users\Application Data\BBC42ED066.sys
2010-02-15 03:37 . 2009-09-14 12:33 62296 ----a-w- c:\documents and settings\Noel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-15 03:36 . 2009-09-14 13:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-06 21:31 . 2009-09-15 14:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-02 11:23 . 2010-02-02 11:23 43984 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-31 05:09 . 2010-01-31 05:09 -------- d-----w- c:\program files\XP Codec Pack
2010-01-30 22:08 . 2010-01-30 22:05 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-01-28 00:21 . 2009-09-26 16:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-27 00:08 . 2010-01-27 00:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-27 00:05 . 2010-01-27 00:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-01-18 14:49 . 2010-01-18 14:49 -------- d-----w- c:\documents and settings\Noel\Application Data\DivX
2010-01-16 17:25 . 2010-01-16 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-01-16 17:24 . 2010-01-16 17:24 -------- d-----w- c:\documents and settings\Noel\Application Data\CyberLink
2010-01-16 17:23 . 2010-01-16 17:22 -------- d-----w- c:\program files\CyberLink
2010-01-16 17:22 . 2010-01-16 17:22 -------- d-----w- c:\program files\Common Files\CyberLink
2010-01-16 17:21 . 2010-01-16 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2010-01-16 17:21 . 2010-01-16 17:21 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-01-16 17:21 . 2009-07-30 03:18 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-16 17:21 . 2009-07-30 03:18 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-12 20:18 . 2010-01-12 20:18 1409890 ----a-w- c:\windows\system32\ffmpegmt.dll
2010-01-12 20:18 . 2010-01-12 20:18 336384 ----a-w- c:\windows\system32\ff_libfaad2.dll
2010-01-12 20:18 . 2010-01-12 20:18 216576 ----a-w- c:\windows\system32\ff_libdts.dll
2010-01-12 20:18 . 2010-01-12 20:18 151552 ----a-w- c:\windows\system32\ff_libmad.dll
2010-01-12 20:18 . 2010-01-12 20:18 145408 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2010-01-12 20:18 . 2010-01-12 20:18 121856 ----a-w- c:\windows\system32\ff_liba52.dll
2010-01-12 20:18 . 2010-01-12 20:18 97792 ----a-w- c:\windows\system32\ff_unrar.dll
2010-01-12 20:18 . 2010-01-12 20:18 169984 ----a-w- c:\windows\system32\ff_samplerate.dll
2010-01-12 20:18 . 2010-01-12 20:18 116736 ----a-w- c:\windows\system32\ff_tremor.dll
2010-01-11 04:38 . 2010-01-11 04:38 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-11 02:03 . 2009-09-26 16:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 21:07 . 2009-09-26 16:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-09-26 16:44 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 02:50 . 2009-09-15 03:25 -------- d-----w- c:\program files\Azureus
2010-01-01 00:00 . 2010-01-01 00:00 324096 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2010-01-01 00:00 . 2010-01-01 00:00 248320 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2009-12-31 16:14 . 2003-07-16 20:46 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2003-07-16 20:51 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 12:58 . 2009-09-14 13:48 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2003-07-16 20:26 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-12 14:15 . 2010-01-30 22:05 178176 ----a-w- c:\windows\system32\unrar.dll
2009-12-04 14:41 . 2003-07-16 20:34 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

------- Sigcheck -------

[-] 2004-08-04 . 55ACA85EB80E2155E20211AAADDD711A . 541696 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2004-08-04 . 55ACA85EB80E2155E20211AAADDD711A . 541696 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\VistaMizer\old\winlogon.exe
[-] 2003-07-16 . 2246D8D8F4714A2CEDB21AB9B1849ABB . 516608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2006-08-25 . 76F31C563F9ADA37E5031E00C36ACD0B . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . 76F31C563F9ADA37E5031E00C36ACD0B . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . 76F31C563F9ADA37E5031E00C36ACD0B . 724992 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
[7] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2003-07-16 . 0B5D337119929505EE72D4E4A41ED1FD . 557056 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 3A5C81EEBE5D65D271227BE113BFE181 . 1551360 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 3A5C81EEBE5D65D271227BE113BFE181 . 1551360 . . [6.00.2900.3156] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 3A5C81EEBE5D65D271227BE113BFE181 . 1551360 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
[7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\VistaMizer\old\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2003-07-16 . A82B28BFC2E4455FE43022A498C0EF0A . 1004032 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2004-08-04 . 5F1724D0E11EB88C95A3B73A6DD72779 . 25088 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-08-04 . 5F1724D0E11EB88C95A3B73A6DD72779 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\VistaMizer\old\ctfmon.exe
[-] 2003-07-16 . 414DE7CF9D3F19C3EA902F1BB38EC116 . 13312 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-03-03_23.06.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-03 23:55 . 2010-03-03 23:55 153376 c:\windows\system32\javaws.exe
+ 2010-03-03 23:55 . 2010-03-03 23:55 145184 c:\windows\system32\javaw.exe
- 2009-09-15 02:29 . 2009-07-25 12:23 145184 c:\windows\system32\javaw.exe
+ 2010-03-03 23:55 . 2010-03-03 23:55 145184 c:\windows\system32\java.exe
- 2009-09-15 02:29 . 2009-07-25 12:23 145184 c:\windows\system32\java.exe
+ 2010-03-03 23:56 . 2010-03-03 23:56 180224 c:\windows\Installer\2e543.msi
+ 2010-03-03 23:55 . 2010-03-03 23:55 576000 c:\windows\Installer\2e53d.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2008-09-16 178712]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-02 200704]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2009-01-09 1712128]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Noel\Start Menu\Programs\Startup\
Thoosje Sidebar.lnk - c:\program files\Thoosje Vista Sidebar\Thoosje Sidebar.exe [2009-8-16 605696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Affinity Health Plan VPN Client.lnk - c:\program files\Affinity\Affinity VPN Client\vpngui.exe [2009-9-14 1421328]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-15 04:05 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 16:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]
2008-05-20 23:21 466944 ----a-w- c:\windows\system32\AESTFltr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 19:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-02-28 18:40 75048 ----a-w- c:\program files\CyberLink\Shared Files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 07:56 25088 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 18:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-09-16 21:02 150040 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 20:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-01-07 21:07 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1831424 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 17:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2008-10-14 01:41 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-09-16 21:02 150040 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 08:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-02-16 14:55 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby]
2010-01-07 18:09 105632 ----a-w- c:\program files\Common Files\Corel\Standby\Standby.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-12-22 11:34 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2008-05-23 00:31 442467 ----a-w- c:\program files\IDT\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Affinity\\Affinity VPN Client\\ipsecdialer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3246:TCP"= 3246:TCP:Services
"6832:TCP"= 6832:TCP:Services

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/14/2009 9:55 PM 108552]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [9/14/2009 8:57 AM 160256]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/14/2009 9:54 PM 335240]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 1:42 PM 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 1:42 PM 74480]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/16 12:23];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 7:40 PM 87536]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [9/14/2009 9:07 AM 108160]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 1:42 PM 7408]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/14/2009 11:05 PM 908056]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/14/2009 11:05 PM 297752]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xbox360.ign.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 06:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89ECAB90]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bfc3
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> 0x89ecab90
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8059e1a2
ParseProcedure -> ntoskrnl.exe @ 0x8057c745
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8059e1a2
ParseProcedure -> ntoskrnl.exe @ 0x8057c745
NDIS: Intel(R) WiFi Link 5100 AGN -> SendCompleteHandler -> 0x8789c330
PacketIndicateHandler -> NDIS.sys @ 0xf746cb21
SendHandler -> NDIS.sys @ 0xf744a87b
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x02542E2B0
malicious code @ sector 0x02542E2B3 !
PE file found in sector at 0x02542E2C9 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1416)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(1488)
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(328)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-03-04 06:44:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-04 11:44
ComboFix2.txt 2010-03-03 23:08

Pre-Run: 101,912,752,128 bytes free
Post-Run: 101,861,683,200 bytes free

- - End Of File - - 1B3A36557AA4C0134024C4C576446123


Report •

#9
March 4, 2010 at 14:29:52
Looking better.

Please download MBR.exe and save it to C:\

Then Navigate to C:\ and double click the MBR.exe executable file> click run.

It will produce a brief log, mbr.txt in the same directory as the program. Please copy/paste that
log here.


Report •

#10
March 4, 2010 at 15:45:10
Jabuck,

Please find the attached mbr.txt log;

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x89e92c48
NDIS: Intel(R) WiFi Link 5100 AGN -> SendCompleteHandler -> 0x878a4330
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x02542E2B0
malicious code @ sector 0x02542E2B3 !
PE file found in sector at 0x02542E2C9 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.


Report •

#11
March 4, 2010 at 16:15:56

I don't think that is a MBR infection but lets not take a chance.

Click on Start> run>Type Cmd and press ok.
Copy and paste the following lines one by one in the open command window and press Enter after each line:

cd\
c:\mbr.exe -f
c:\mbr.log

A log file (c:\mbr.log) will open. Post the contents of it to your reply and let me know if there have been any improvement in the compter. Then continue with Bitdefender.

Please run the BitDefender online scan this link:
Bitdefender Online Scanner

Click I Agree to agree to the EULA.
Allow the ActiveX control to install when prompted.
Click Click here to scan to begin the scan.
Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
When the scan is finished, click on Click here to export the scan results.
Save the report to your desktop so you can post it in your next reply.


Report •

#12
March 5, 2010 at 04:02:20
Jabuck,

Please find the attached Logs:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x89eddae8
NDIS: Intel(R) WiFi Link 5100 AGN -> SendCompleteHandler -> 0x8789f330
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x02542E2B0
malicious code @ sector 0x02542E2B3 !
PE file found in sector at 0x02542E2C9 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
original MBR restored successfully !

BitDefender Online Scanner
Scan report generated at: Fri, Mar 05, 2010 - 06:50:21
Scan path: C:\;D:\;E:\;

Statistics

Time
01:23:40

Files
480285

Folders
15933

Boot Sectors
0

Archives
7065

Packed Files
25637


Results

Identified Viruses
8

Infected Files
23

Suspect Files
1

Warnings
0

Disinfected
0

Deleted Files
24

Engines Info

Virus Definitions
5368498

Engine build
AVCORE v2.1 Windows/i386 11.0.0.33 (Jan 06 2010)

Scan plugins
17

Archive plugins
44

Unpack plugins
8

E-mail plugins
6

System plugins
4

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes


Scanned File
Status

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\37\1da7e365-675567f7=>p1/p2/MyClassLoader.class
Infected with: Java.Trojan.Exploit.Bytverify.I

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\37\1da7e365-675567f7=>p1/p2/MyClassLoader.class
Disinfection failed

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\37\1da7e365-675567f7=>p1/p2/MyClassLoader.class
Deleted

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\37\1da7e365-675567f7
Updated

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\46\364f71ee-23d9e89b=>myf/y/AppletX.class
Infected with: Trojan.Generic.IS.614610

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\46\364f71ee-23d9e89b=>myf/y/AppletX.class
Deleted

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\46\364f71ee-23d9e89b
Updated

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\46\364f71ee-23d9e89b=>myf/y/LoaderX.class
Infected with: Trojan.Generic.IS.617631

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\46\364f71ee-23d9e89b=>myf/y/LoaderX.class
Deleted

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\46\364f71ee-23d9e89b
Updated

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\46\364f71ee-23d9e89b=>myf/y/PayloadX.class
Infected with: Trojan.Generic.IS.616012

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\46\364f71ee-23d9e89b=>myf/y/PayloadX.class
Deleted

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\46\364f71ee-23d9e89b
Updated

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\5\316b4185-29f99fed=>myf/y/LoaderX.class
Infected with: Java.Trojan.Exploit.Bytverify.I

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\5\316b4185-29f99fed=>myf/y/LoaderX.class
Disinfection failed

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\5\316b4185-29f99fed=>myf/y/LoaderX.class
Deleted

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\5\316b4185-29f99fed
Updated

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\5\316b4185-29f99fed=>myf/y/NbablaF.class
Infected with: Java.Trojan.Exploit.Bytverify.I

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\5\316b4185-29f99fed=>myf/y/NbablaF.class
Disinfection failed

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\5\316b4185-29f99fed=>myf/y/NbablaF.class
Deleted

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\5\316b4185-29f99fed
Updated

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\51\5a01ec73-6bab97e0=>p1/p2/MyClassLoader.class
Infected with: Java.Trojan.Exploit.Bytverify.I

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\51\5a01ec73-6bab97e0=>p1/p2/MyClassLoader.class
Disinfection failed

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\51\5a01ec73-6bab97e0=>p1/p2/MyClassLoader.class
Deleted

C:\Documents and Settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache\6.0\51\5a01ec73-6bab97e0
Updated

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\0VK8EE3O\oH7b647977V0100f080006R72a18016102T302ef076201l0409Ke4f4ebba317[1].pdf=>(JAVASCRIPT)
Infected with: Exploit.PDF-JS.Gen

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\0VK8EE3O\oH7b647977V0100f080006R72a18016102T302ef076201l0409Ke4f4ebba317[1].pdf=>(JAVASCRIPT)
Disinfection failed

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\0VK8EE3O\oH7b647977V0100f080006R72a18016102T302ef076201l0409Ke4f4ebba317[1].pdf=>(JAVASCRIPT)
Deleted

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\0VK8EE3O\oH7b647977V0100f080006R72a18016102T302ef076201l0409Ke4f4ebba317[1].pdf
Update failed

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\0VK8EE3O\oH7b647977V0100f080006R72a18016102T302ef076201l0409Ke4f4ebba317[1].pdf=>(FIELD)
Infected with: Exploit.PDF-Payload.Gen

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\0VK8EE3O\oH7b647977V0100f080006R72a18016102T302ef076201l0409Ke4f4ebba317[1].pdf=>(FIELD)
Disinfection failed

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\0VK8EE3O\oH7b647977V0100f080006R72a18016102T302ef076201l0409Ke4f4ebba317[1].pdf=>(FIELD)
Deleted

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\0VK8EE3O\oH7b647977V0100f080006R72a18016102T302ef076201l0409Ke4f4ebba317[1].pdf
Update failed

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\EAZI1NWR\oU230d9c2eH7b647977V0100f080006R84c64824102T30ecd594201l0409K11d7d5be317[1].pdf=>(JAVASCRIPT)
Infected with: Exploit.PDF-JS.Gen

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\EAZI1NWR\oU230d9c2eH7b647977V0100f080006R84c64824102T30ecd594201l0409K11d7d5be317[1].pdf=>(JAVASCRIPT)
Disinfection failed

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\EAZI1NWR\oU230d9c2eH7b647977V0100f080006R84c64824102T30ecd594201l0409K11d7d5be317[1].pdf=>(JAVASCRIPT)
Deleted

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\EAZI1NWR\oU230d9c2eH7b647977V0100f080006R84c64824102T30ecd594201l0409K11d7d5be317[1].pdf
Update failed

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\EAZI1NWR\oU230d9c2eH7b647977V0100f080006R84c64824102T30ecd594201l0409K11d7d5be317[1].pdf=>(FIELD)
Infected with: Exploit.PDF-Payload.Gen

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\EAZI1NWR\oU230d9c2eH7b647977V0100f080006R84c64824102T30ecd594201l0409K11d7d5be317[1].pdf=>(FIELD)
Disinfection failed

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\EAZI1NWR\oU230d9c2eH7b647977V0100f080006R84c64824102T30ecd594201l0409K11d7d5be317[1].pdf=>(FIELD)
Deleted

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\EAZI1NWR\oU230d9c2eH7b647977V0100f080006R84c64824102T30ecd594201l0409K11d7d5be317[1].pdf
Update failed

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\EAZI1NWR\oU230d9c2eH7b647977V0100f080006R84c64824102T30ecd594201l0409K11d7d5be317[1].pdf=>(NAME)
Infected with: Exploit.PDF-Name.Gen

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\EAZI1NWR\oU230d9c2eH7b647977V0100f080006R84c64824102T30ecd594201l0409K11d7d5be317[1].pdf=>(NAME)
Disinfection failed

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\EAZI1NWR\oU230d9c2eH7b647977V0100f080006R84c64824102T30ecd594201l0409K11d7d5be317[1].pdf=>(NAME)
Deleted

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\EAZI1NWR\oU230d9c2eH7b647977V0100f080006R84c64824102T30ecd594201l0409K11d7d5be317[1].pdf
Update failed

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\F612EZZI\oH7b647977V0100f080006R01f070c8102T30ecd594201l0409K02e4e1b5317[1].pdf=>(JAVASCRIPT)
Infected with: Exploit.PDF-JS.Gen

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\F612EZZI\oH7b647977V0100f080006R01f070c8102T30ecd594201l0409K02e4e1b5317[1].pdf=>(JAVASCRIPT)
Disinfection failed

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\F612EZZI\oH7b647977V0100f080006R01f070c8102T30ecd594201l0409K02e4e1b5317[1].pdf=>(JAVASCRIPT)
Deleted

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\F612EZZI\oH7b647977V0100f080006R01f070c8102T30ecd594201l0409K02e4e1b5317[1].pdf
Update failed

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\F612EZZI\oH7b647977V0100f080006R01f070c8102T30ecd594201l0409K02e4e1b5317[1].pdf=>(FIELD)
Infected with: Exploit.PDF-Payload.Gen

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\F612EZZI\oH7b647977V0100f080006R01f070c8102T30ecd594201l0409K02e4e1b5317[1].pdf=>(FIELD)
Disinfection failed

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\F612EZZI\oH7b647977V0100f080006R01f070c8102T30ecd594201l0409K02e4e1b5317[1].pdf=>(FIELD)
Deleted

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\F612EZZI\oH7b647977V0100f080006R01f070c8102T30ecd594201l0409K02e4e1b5317[1].pdf
Update failed

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\F612EZZI\oH7b647977V0100f080006R01f070c8102T30ecd594201l0409K02e4e1b5317[1].pdf=>(NAME)
Infected with: Exploit.PDF-Name.Gen

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\F612EZZI\oH7b647977V0100f080006R01f070c8102T30ecd594201l0409K02e4e1b5317[1].pdf=>(NAME)
Disinfection failed

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\F612EZZI\oH7b647977V0100f080006R01f070c8102T30ecd594201l0409K02e4e1b5317[1].pdf=>(NAME)
Deleted

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\F612EZZI\oH7b647977V0100f080006R01f070c8102T30ecd594201l0409K02e4e1b5317[1].pdf
Update failed

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\FEN1F1W4\AVORP1TREST11[1].htm
Infected with: Packed.JS.1.Gen

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\FEN1F1W4\AVORP1TREST11[1].htm
Disinfection failed

C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\FEN1F1W4\AVORP1TREST11[1].htm
Deleted

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\37\1da7e365-675567f7=>p1/p2/MyClassLoader.class
Infected with: Java.Trojan.Exploit.Bytverify.I

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\37\1da7e365-675567f7=>p1/p2/MyClassLoader.class
Disinfection failed

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\37\1da7e365-675567f7=>p1/p2/MyClassLoader.class
Deleted

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\37\1da7e365-675567f7
Updated

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\46\364f71ee-23d9e89b=>myf/y/AppletX.class
Infected with: Trojan.Generic.IS.614610

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\46\364f71ee-23d9e89b=>myf/y/AppletX.class
Deleted

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\46\364f71ee-23d9e89b
Updated

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\46\364f71ee-23d9e89b=>myf/y/LoaderX.class
Infected with: Trojan.Generic.IS.617631

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\46\364f71ee-23d9e89b=>myf/y/LoaderX.class
Deleted

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\46\364f71ee-23d9e89b
Updated

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\46\364f71ee-23d9e89b=>myf/y/PayloadX.class
Infected with: Trojan.Generic.IS.616012

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\46\364f71ee-23d9e89b=>myf/y/PayloadX.class
Deleted

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\46\364f71ee-23d9e89b
Updated

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\5\316b4185-29f99fed=>myf/y/LoaderX.class
Infected with: Java.Trojan.Exploit.Bytverify.I

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\5\316b4185-29f99fed=>myf/y/LoaderX.class
Disinfection failed

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\5\316b4185-29f99fed=>myf/y/LoaderX.class
Deleted

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\5\316b4185-29f99fed
Updated

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\5\316b4185-29f99fed=>myf/y/NbablaF.class
Infected with: Java.Trojan.Exploit.Bytverify.I

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\5\316b4185-29f99fed=>myf/y/NbablaF.class
Disinfection failed

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\5\316b4185-29f99fed=>myf/y/NbablaF.class
Deleted

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\5\316b4185-29f99fed
Updated

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\51\5a01ec73-6bab97e0=>p1/p2/MyClassLoader.class
Infected with: Java.Trojan.Exploit.Bytverify.I

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\51\5a01ec73-6bab97e0=>p1/p2/MyClassLoader.class
Disinfection failed

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\51\5a01ec73-6bab97e0=>p1/p2/MyClassLoader.class
Deleted

C:\Documents and Settings\Noel\Application Data\Sun\Java\Deployment\cache\6.0\51\5a01ec73-6bab97e0
Updated

C:\WINDOWS\VistaMizer\icons\Icon_012.ico
Suspected of: Trojan.PWS.Banker.FLW

C:\WINDOWS\VistaMizer\icons\Icon_012.ico
Disinfection failed

C:\WINDOWS\VistaMizer\icons\Icon_012.ico
Deleted






Report •

#13
March 5, 2010 at 14:11:45
Go to start> control panel> java> settings> delete files> ok> ok> ok.

Please download TFC by Old Timer from the following link and save it to your desktop.

TFC by Old Timer



1. Save any unsaved work. TFC will close ALL open programs including your browser

2. Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.

3. Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

4. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

A little clean-up to do.

Delete DDS and MBR.exe from your desktop

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Let me know how the computer is operating.


Report •

#14
March 6, 2010 at 04:36:16
Jabuck,

The laptop is responding a little better, however its still sluggish where it wasnt before my pc was infected. Additionally, although i can operate it in normal mode much longer it still freezes. Where as before it would freeze up 1-2 minutes after turning it on.

I noticed i have a ATF Cleaner on my desktop, can i just delete it or is there a specific way to uninstall it? I dont see it listed in my add and remove programs to uninstall it.


Report •

#15
March 6, 2010 at 19:09:49
Just delete the ATF icon to uninstall it.

I do not see any other infections on the computer. Usually an application or system file causes a computer to hand in normal mode but operate normally in safe mode.

Click on the Start button.
Click on the Control Panel menu option.
When the control panel opens you can either be in Classic View or Control Panel Home view:
If you are in the Classic View do the following:
Double-click on the Folder Options icon
Click on the View tab..
Or if you are in the Control Panel Home view do the following:
Click on the Appearance and Personalization link.

Now click on Show Hidden Files or Folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
You should now be able to view hidden files.

Then try to run the file in response #7 through Virus Total and post the results.

Download TDSSKiller to your Desktop from the following link.

TDSSKiller


1. Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop. It will extract to an unzipped folder, drag TDSSKiller.exe out of that folder onto the desktop.
2. Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v


3. If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
4. When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.


Report •

#16
March 7, 2010 at 10:30:37
Hi,

I had a similar problem, also with a Dell and after I took off Limewire and ran Kapersky to clear anything up it went back to normal...

D


Report •

#17
March 8, 2010 at 02:45:46
Jabuck,

My laptop only froze twice. I noticed it is only when i swtich the start menu to "Classic Start Menu" and vice versa, Other than that the laptop is running perfectly. Im not sure if this is related to the problem.

In your professional opinion which is the better AV of the two, AVG or Avast or is there a better one you can recommend?

Also should I have MalwareBytes running at all times?

As previously requested please find the attached Logs;

File BBC42ED066.sys received on 2010.03.08 10:33:17 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/42 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.03.07 -
AhnLab-V3 5.0.0.2 2010.03.07 -
AntiVir 8.2.1.180 2010.03.05 -
Antiy-AVL 2.0.3.7 2010.03.05 -
Authentium 5.2.0.5 2010.03.06 -
Avast 4.8.1351.0 2010.03.07 -
Avast5 5.0.332.0 2010.03.07 -
AVG 9.0.0.787 2010.03.07 -
BitDefender 7.2 2010.03.07 -
CAT-QuickHeal 10.00 2010.03.06 -
ClamAV 0.96.0.0-git 2010.03.06 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.07 -
eSafe 7.0.17.0 2010.03.04 -
eTrust-Vet 35.2.7342 2010.03.05 -
F-Prot 4.5.1.85 2010.03.06 -
F-Secure 9.0.15370.0 2010.03.07 -
Fortinet 4.0.14.0 2010.03.07 -
GData 19 2010.03.07 -
Ikarus T3.1.1.80.0 2010.03.07 -
Jiangmin 13.0.900 2010.03.07 -
K7AntiVirus 7.10.990 2010.03.04 -
Kaspersky 7.0.0.125 2010.03.07 -
McAfee 5912 2010.03.06 -
McAfee+Artemis 5912 2010.03.06 -
McAfee-GW-Edition 6.8.5 2010.03.07 -
Microsoft 1.5502 2010.03.07 -
NOD32 4922 2010.03.07 -
Norman 6.04.08 2010.03.07 -
nProtect 2009.1.8.0 2010.03.07 -
Panda 10.0.2.2 2010.03.07 -
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.08 -
Rising 22.37.06.04 2010.03.07 -
Sophos 4.51.0 2010.03.07 -
Sunbelt 5780 2010.03.07 -
Symantec 20091.2.0.41 2010.03.07 -
TheHacker 6.5.1.9.223 2010.03.07 -
TrendMicro 9.120.0.1004 2010.03.07 -
VBA32 3.12.12.2 2010.03.05 -
ViRobot 2010.3.5.2214 2010.03.05 -
VirusBuster 5.0.27.0 2010.03.06 -
Additional information
File size: 88 bytes
MD5...: 1f00b6914091cde3c2099228cba83a80
SHA1..: b66dbdb00af69dfb17c8e02b94d29081355060ec
SHA256: f27c7f572494a8fa50956dda55ae196356256c94bdd5a7a19ec618143e6cb9af
ssdeep: 3:hl/+3vDllk9XWvn:i3vDllk9Gv

PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: MS Flight Simulator Aircraft Performance Info (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned


05:39:16:656 1004 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
05:39:16:656 1004 ================================================================================
05:39:16:656 1004 SystemInfo:

05:39:16:656 1004 OS Version: 5.1.2600 ServicePack: 2.0
05:39:16:656 1004 Product type: Workstation
05:39:16:656 1004 ComputerName: NOEL-W48SPGTDSQ
05:39:16:656 1004 UserName: Noel
05:39:16:656 1004 Windows directory: C:\WINDOWS
05:39:16:656 1004 Processor architecture: Intel x86
05:39:16:656 1004 Number of processors: 2
05:39:16:656 1004 Page size: 0x1000
05:39:16:656 1004 Boot type: Normal boot
05:39:16:656 1004 ================================================================================
05:39:16:656 1004 UnloadDriverW: NtUnloadDriver error 2
05:39:16:656 1004 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
05:39:16:671 1004 Initialize success
05:39:16:671 1004
05:39:16:671 1004 Scanning Services ...
05:39:16:671 1004 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
05:39:16:671 1004 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
05:39:16:671 1004 wfopen_ex: Trying to KLMD file open
05:39:16:671 1004 wfopen_ex: File opened ok (Flags 2)
05:39:16:671 1004 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
05:39:16:671 1004 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
05:39:16:671 1004 wfopen_ex: Trying to KLMD file open
05:39:16:671 1004 wfopen_ex: File opened ok (Flags 2)
05:39:17:000 1004 GetAdvancedServicesInfo: Raw services enum returned 334 services
05:39:17:000 1004 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
05:39:17:000 1004 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
05:39:17:000 1004
05:39:17:000 1004 Scanning Kernel memory ...
05:39:17:000 1004 Devices to scan: 4
05:39:17:000 1004
05:39:17:000 1004 Driver Name: Disk
05:39:17:000 1004 IRP_MJ_CREATE : BA0EEC30
05:39:17:000 1004 IRP_MJ_CREATE_NAMED_PIPE : 804F4476
05:39:17:000 1004 IRP_MJ_CLOSE : BA0EEC30
05:39:17:000 1004 IRP_MJ_READ : BA0E8D9B
05:39:17:000 1004 IRP_MJ_WRITE : BA0E8D9B
05:39:17:000 1004 IRP_MJ_QUERY_INFORMATION : 804F4476
05:39:17:000 1004 IRP_MJ_SET_INFORMATION : 804F4476
05:39:17:000 1004 IRP_MJ_QUERY_EA : 804F4476
05:39:17:000 1004 IRP_MJ_SET_EA : 804F4476
05:39:17:000 1004 IRP_MJ_FLUSH_BUFFERS : BA0E9366
05:39:17:000 1004 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4476
05:39:17:000 1004 IRP_MJ_SET_VOLUME_INFORMATION : 804F4476
05:39:17:000 1004 IRP_MJ_DIRECTORY_CONTROL : 804F4476
05:39:17:000 1004 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4476
05:39:17:000 1004 IRP_MJ_DEVICE_CONTROL : BA0E944D
05:39:17:000 1004 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECFC3
05:39:17:000 1004 IRP_MJ_SHUTDOWN : BA0E9366
05:39:17:000 1004 IRP_MJ_LOCK_CONTROL : 804F4476
05:39:17:000 1004 IRP_MJ_CLEANUP : 804F4476
05:39:17:000 1004 IRP_MJ_CREATE_MAILSLOT : 804F4476
05:39:17:000 1004 IRP_MJ_QUERY_SECURITY : 804F4476
05:39:17:000 1004 IRP_MJ_SET_SECURITY : 804F4476
05:39:17:000 1004 IRP_MJ_POWER : BA0EAEF3
05:39:17:000 1004 IRP_MJ_SYSTEM_CONTROL : BA0EFA24
05:39:17:000 1004 IRP_MJ_DEVICE_CHANGE : 804F4476
05:39:17:000 1004 IRP_MJ_QUERY_QUOTA : 804F4476
05:39:17:000 1004 IRP_MJ_SET_QUOTA : 804F4476
05:39:17:000 1004 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
05:39:17:000 1004 sion
05:39:17:000 1004 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
05:39:17:000 1004
05:39:17:000 1004 Driver Name: Disk
05:39:17:000 1004 IRP_MJ_CREATE : BA0EEC30
05:39:17:000 1004 IRP_MJ_CREATE_NAMED_PIPE : 804F4476
05:39:17:000 1004 IRP_MJ_CLOSE : BA0EEC30
05:39:17:000 1004 IRP_MJ_READ : BA0E8D9B
05:39:17:000 1004 IRP_MJ_WRITE : BA0E8D9B
05:39:17:000 1004 IRP_MJ_QUERY_INFORMATION : 804F4476
05:39:17:000 1004 IRP_MJ_SET_INFORMATION : 804F4476
05:39:17:000 1004 IRP_MJ_QUERY_EA : 804F4476
05:39:17:000 1004 IRP_MJ_SET_EA : 804F4476
05:39:17:000 1004 IRP_MJ_FLUSH_BUFFERS : BA0E9366
05:39:17:000 1004 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4476
05:39:17:000 1004 IRP_MJ_SET_VOLUME_INFORMATION : 804F4476
05:39:17:000 1004 IRP_MJ_DIRECTORY_CONTROL : 804F4476
05:39:17:000 1004 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4476
05:39:17:000 1004 IRP_MJ_DEVICE_CONTROL : BA0E944D
05:39:17:000 1004 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECFC3
05:39:17:000 1004 IRP_MJ_SHUTDOWN : BA0E9366
05:39:17:000 1004 IRP_MJ_LOCK_CONTROL : 804F4476
05:39:17:000 1004 IRP_MJ_CLEANUP : 804F4476
05:39:17:000 1004 IRP_MJ_CREATE_MAILSLOT : 804F4476
05:39:17:000 1004 IRP_MJ_QUERY_SECURITY : 804F4476
05:39:17:000 1004 IRP_MJ_SET_SECURITY : 804F4476
05:39:17:000 1004 IRP_MJ_POWER : BA0EAEF3
05:39:17:000 1004 IRP_MJ_SYSTEM_CONTROL : BA0EFA24
05:39:17:000 1004 IRP_MJ_DEVICE_CHANGE : 804F4476
05:39:17:000 1004 IRP_MJ_QUERY_QUOTA : 804F4476
05:39:17:000 1004 IRP_MJ_SET_QUOTA : 804F4476
05:39:17:000 1004 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
05:39:17:000 1004 sion
05:39:17:000 1004 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
05:39:17:000 1004
05:39:17:000 1004 Driver Name: Disk
05:39:17:000 1004 IRP_MJ_CREATE : BA0EEC30
05:39:17:000 1004 IRP_MJ_CREATE_NAMED_PIPE : 804F4476
05:39:17:000 1004 IRP_MJ_CLOSE : BA0EEC30
05:39:17:000 1004 IRP_MJ_READ : BA0E8D9B
05:39:17:000 1004 IRP_MJ_WRITE : BA0E8D9B
05:39:17:000 1004 IRP_MJ_QUERY_INFORMATION : 804F4476
05:39:17:000 1004 IRP_MJ_SET_INFORMATION : 804F4476
05:39:17:000 1004 IRP_MJ_QUERY_EA : 804F4476
05:39:17:000 1004 IRP_MJ_SET_EA : 804F4476
05:39:17:000 1004 IRP_MJ_FLUSH_BUFFERS : BA0E9366
05:39:17:000 1004 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4476
05:39:17:000 1004 IRP_MJ_SET_VOLUME_INFORMATION : 804F4476
05:39:17:000 1004 IRP_MJ_DIRECTORY_CONTROL : 804F4476
05:39:17:000 1004 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4476
05:39:17:000 1004 IRP_MJ_DEVICE_CONTROL : BA0E944D
05:39:17:000 1004 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECFC3
05:39:17:000 1004 IRP_MJ_SHUTDOWN : BA0E9366
05:39:17:000 1004 IRP_MJ_LOCK_CONTROL : 804F4476
05:39:17:000 1004 IRP_MJ_CLEANUP : 804F4476
05:39:17:000 1004 IRP_MJ_CREATE_MAILSLOT : 804F4476
05:39:17:000 1004 IRP_MJ_QUERY_SECURITY : 804F4476
05:39:17:000 1004 IRP_MJ_SET_SECURITY : 804F4476
05:39:17:000 1004 IRP_MJ_POWER : BA0EAEF3
05:39:17:000 1004 IRP_MJ_SYSTEM_CONTROL : BA0EFA24
05:39:17:000 1004 IRP_MJ_DEVICE_CHANGE : 804F4476
05:39:17:000 1004 IRP_MJ_QUERY_QUOTA : 804F4476
05:39:17:000 1004 IRP_MJ_SET_QUOTA : 804F4476
05:39:17:000 1004 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
05:39:17:000 1004 sion
05:39:17:000 1004 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
05:39:17:000 1004
05:39:17:000 1004 Driver Name: atapi
05:39:17:000 1004 IRP_MJ_CREATE : B9F3B572
05:39:17:000 1004 IRP_MJ_CREATE_NAMED_PIPE : 804F4476
05:39:17:000 1004 IRP_MJ_CLOSE : B9F3B572
05:39:17:000 1004 IRP_MJ_READ : 804F4476
05:39:17:000 1004 IRP_MJ_WRITE : 804F4476
05:39:17:000 1004 IRP_MJ_QUERY_INFORMATION : 804F4476
05:39:17:000 1004 IRP_MJ_SET_INFORMATION : 804F4476
05:39:17:000 1004 IRP_MJ_QUERY_EA : 804F4476
05:39:17:000 1004 IRP_MJ_SET_EA : 804F4476
05:39:17:000 1004 IRP_MJ_FLUSH_BUFFERS : 804F4476
05:39:17:000 1004 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4476
05:39:17:000 1004 IRP_MJ_SET_VOLUME_INFORMATION : 804F4476
05:39:17:000 1004 IRP_MJ_DIRECTORY_CONTROL : 804F4476
05:39:17:000 1004 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4476
05:39:17:000 1004 IRP_MJ_DEVICE_CONTROL : B9F3B592
05:39:17:000 1004 IRP_MJ_INTERNAL_DEVICE_CONTROL : B9F377B4
05:39:17:000 1004 IRP_MJ_SHUTDOWN : 804F4476
05:39:17:000 1004 IRP_MJ_LOCK_CONTROL : 804F4476
05:39:17:000 1004 IRP_MJ_CLEANUP : 804F4476
05:39:17:000 1004 IRP_MJ_CREATE_MAILSLOT : 804F4476
05:39:17:000 1004 IRP_MJ_QUERY_SECURITY : 804F4476
05:39:17:000 1004 IRP_MJ_SET_SECURITY : 804F4476
05:39:17:000 1004 IRP_MJ_POWER : B9F3B5BC
05:39:17:000 1004 IRP_MJ_SYSTEM_CONTROL : B9F42164
05:39:17:000 1004 IRP_MJ_DEVICE_CHANGE : 804F4476
05:39:17:000 1004 IRP_MJ_QUERY_QUOTA : 804F4476
05:39:17:000 1004 IRP_MJ_SET_QUOTA : 804F4476
05:39:17:000 1004 siohd: 0
05:39:17:015 1004 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
05:39:17:015 1004
05:39:17:015 1004 Completed
05:39:17:015 1004
05:39:17:015 1004 Results:
05:39:17:015 1004 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
05:39:17:015 1004 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
05:39:17:015 1004 File objects infected / cured / cured on reboot: 0 / 0 / 0
05:39:17:015 1004
05:39:17:015 1004 KLMD(ARK) unloaded successfully


Report •

#18
March 8, 2010 at 19:39:58
Those logs appear to be clean.

That is a good find on the freezing but I have no idea what would cause that. You might start a new thread on the xp forum and see if one of the guru's over there have run into that problem before.

Wish I could be more help to you.


Report •

#19
March 9, 2010 at 03:34:02
Jabuck,

Thank you for all your assistance. You have also helped me in the past and your directions have always been clear and spot on in resolving the issue. Your help is greatly appreciated.

I only have two more questions that i mentioned in my previous post;

In your professional opinion which is the better AV of the two, AVG or Avast or is there a better one you can recommend?

Also should I have MalwareBytes running at all times?


Report •

#20
March 9, 2010 at 03:41:37
I use AVG, but they are about equal to me.

Malwarebytes is not a realtime scanner unless you purchased it and then it should be runnning all the time, otherwise only when you click the scanner button.


Report •

#21
April 7, 2010 at 13:49:27
Hi,

I was wondering if you anyone can help. I'm experiencing the same problem as most of the
people on the thread.

My Dell Inspiron 1545 constantly freezes on the internet and I can shut it down properly. Its very
frustrating and has been happening for weeks. A java update constantly pops up on my screen
too, not sure if this is related.

Here is my D.D.S log - Can anyone help me please???


DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 04/02/2009 06:27:18
System Uptime: 04/07/2010 21:35:46 (-2112 hours ago)

Motherboard: Dell Inc. | | 0G848F
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | Microprocessor | 2167/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 218 GiB total, 117.99 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 15 GiB total, 8.949 GiB free.
F: is CDROM (UDF)

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0001
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0001
Service: tunnel

==== System Restore Points ===================


==== Installed Programs ======================

AAC Decoder
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Advanced Audio FX Engine
Apple Mobile Device Support
AutoUpdate
AVG 9.0
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Dell Best of Web
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Central
Dell Wireless WLAN Card Utility
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
EditPlus 3
EDocs
Football Manager 2009
Football Manager 2010
Foxit Reader
Foxit Toolbar
Google Chrome
Google Earth
Google Update Helper
Google Updater
GoToAssist 8.0.0.514
H.264 Decoder
Hercules Mobile DJ Mix 1.0.4
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Integrated Webcam Driver (1.00.02.0825)
Intel® Matrix Storage Manager
iTunes
Java(TM) 6 Update 15
Java(TM) 6 Update 7
Junk Mail filter update
Live! Cam Avatar Creator
Livestation
LogMeIn Hamachi
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MKV Splitter
MobileMe Control Panel
Mozilla Firefox (3.0.17)
MSVC80_x86
MSVCRT
Native Instruments Traktor DJ Studio 3
Nokia Connectivity Cable Driver
Nokia PC Suite
Norton Security Scan
OGA Notifier 2.0.0048.0
OpenAL
Paddy Power Casino
Paddy Power Poker
PC Connectivity Solution
PowerDVD
QuickSet
QuickTime
Rapport
RealPlayer
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Sky Player
Skype™ 4.0
Spotify
Steam
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb979895)
VC80CRTRedist - 8.0.50727.4053
VideoLAN VLC media player 0.8.6d
VirtualCloneDrive
Winamp
Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)
Windows Driver Package - Nokia Modem (02/24/2009 4.0)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
Zattoo 3.3.4 Beta

==== End Of File ===========================

DDS (Ver_10-03-17.01) - NTFSx86
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3032.1601 [GMT
1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Livestation\Livestation.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\System32\p2phost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Kontiki\KService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\AVG\AVG9\avgupd.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\AVG\AVG9\avgupd.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Craig Frew\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uWindow Title = Internet Explorer provided by Dell
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} -
c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program
files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program
files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program
files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search
enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program
files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program
files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program
files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program
files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program
files\windows live\toolbar\wltcore.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program
files\askbardis\bar\bin\askBar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows
live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program
files\avg\avg9\toolbar\IEToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\craig frew\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Livestation] c:\program files\livestation\Livestation.exe -startup
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [CollaborationHost] c:\windows\system32\p2phost.exe -s
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam
central\WebcamDell.exe" /mode2
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P
dellsupportcenter
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader
9.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device
support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder:
c:\users\craigf~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\bbcipl~1.lnk -
c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-
E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-
96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-
1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program
files\avg\avg9\avgpp.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\craigf~1\appdata\roaming\mozilla\firefox\profiles\sfkuodfi.default user\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?
id=ZUman000&fl=0&ptb=fTPYbZdFasFt2raWLC_5kw&url=http://search.mywebsearch.com/myw
ebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program
files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program
files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program
files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program
files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\craig frew\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-
08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation
foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla
firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSvx.sys [2009-11-28
25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-11-28 161800]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2009-11-28
24856]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-
3-7 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver
x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-7 28424]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-7
360584]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-3-15
58984]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-3-15
116328]
R2 AESTFilters;Andrea ST Filters
Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-2-4
81920]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-28 285392]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2009-11-28 2304192]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-
24 155648]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein
hamachi\hamachi-2.exe [2010-3-30 1107336]
R2 RapportMgmtService;Rapport Management Service;c:\program
files\trusteer\rapport\bin\RapportMgmtService.exe [2010-3-15 779496]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc -->
RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\avg\avg9\identity
protection\agent\driver\platform_vista\AVGIDSDriver.sys [2009-11-28 122376]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\avg\avg9\identity
protection\agent\driver\platform_vista\AVGIDSFilter.sys [2009-11-28 30216]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\avg\avg9\identity
protection\agent\driver\platform_vista\AVGIDSShim.sys [2009-11-28 27800]
R3 OA009Ufd;Creative Camera OA009 Upper Filter
Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-2-4 144672]
R3 OA009Vid;Creative Camera OA009 Function
Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-2-4 269216]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity
protection\agent\bin\AVGIDSAgent.exe [2009-11-28 5832712]
S2 gupdate1c9b9c6f5c88404;Google Update Service (gupdate1c9b9c6f5c88404);c:\program
files\google\update\GoogleUpdate.exe [2009-4-10 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k
LocalServiceAndNoImpersonation [2008-1-21 21504]

=============== Created Last 30 ================

2010-04-07 20:23:29 0 d-----w- c:\program files\Trend Micro
2010-04-05 08:59:46 0 d-----w- c:\users\craigf~1\appdata\roaming\PeerNetworking
2010-03-31 17:56:09 0 d-sh--w- C:\found.009
2010-03-30 18:00:34 0 d-----w- c:\program files\LogMeIn Hamachi
2010-03-30 07:09:40 0 d-sh--w- C:\found.008
2010-03-29 12:58:03 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-03-27 13:16:12 0 d-sh--w- C:\found.007
2010-03-22 14:48:03 0 d-sh--w- C:\found.006
2010-03-18 18:01:21 0 d-----w- C:\1fbc11ca146f29dcad24fbf1d438c0d5
2010-03-18 17:59:24 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-18 17:59:23 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-18 17:59:22 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-10 19:40:29 0 ---ha-w-
c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2010-03-10 19:40:19 0 ---ha-w-
c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-03-10 19:33:45 0 d-sh--w- C:\found.005

==================== Find3M ====================

2010-03-10 19:40:27 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-10 19:40:27 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-06 18:13:01 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-06 18:13:01 143360 ----a-w- c:\windows\inf\infstor.dat
2010-03-06 18:00:54 0 ---ha-w-
c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-03-06 18:00:45 0 ---ha-w-
c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-04 21:35:33 37665 ----a-w-
c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-02-24 09:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-12 10:48:12 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-02-04 12:47:54 76 --sh--r- c:\windows\CT4CET.bin
2009-02-04 14:02:05 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 21:42:40.57 ===============


Report •


Ask Question