Need Help:(

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Baggio

Thread Starter
Joined
Mar 27, 2009
Messages
95
Hi there,

Coming over from the other board. Caught a pretty bad virus by clicking on a msn messenger link - with the help of a very nice fellow from here we managed to get rid of all the malaware remnants. We've run follow-up scans with OTL to ensure that all is well and that I haven't been re-infected. Unfortunately, my computer is still running badly and he suggested I post here for help.

There is significant slowness when on internet, my windows whether on the internet or not regularly freeze, my right click options often don't work (don't load), can't scroll on my own tool bar or the various sites that I visit, can't watch/stream videos online like i used to, can't close my windows and often have resort to cntrl/alt/delete to close everything, can't scroll period...

As you can see a long list. and not sure where to go from here! Any help would be greatly appreciated...
 
Joined
Jul 13, 2008
Messages
132
No exactly what I meant for you to do.. No worries though, we'll give it another go. :) If you already have these tools, delete them and download new.. Updates have come out since you last were assisted.

Step № One
Please download DeFogger to your desktop.
Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.​
Step № Two
Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90​
  • Then click the Quick Scan button at the top. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.



Step № Three
Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.



Logs&Info
Remember to post back the following logs:
  1. defogger_disable
  2. OTL.txt
  3. Results.log
 

Baggio

Thread Starter
Joined
Mar 27, 2009
Messages
95
Hello again!

As you can see, I posted on the other board and they moved it back here. Thanks for offering to help again though. So, for the last three nights I've tried running the GMER scan - such was successful but come time to save the log and my computer freezes! I've had to force down my computer and didn't want to do this anymore in fear of damaging the hard drive. Also, for the OTL scans, the second window with Extras never popped up so nothing to save. Here is what I was able to get for you though...

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:39 on 20/04/2010 (MarkR)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-
 

Baggio

Thread Starter
Joined
Mar 27, 2009
Messages
95
OTL logfile created on: 4/20/2010 10:46:52 PM - Run 5
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\MarkR\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 446.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 5.62 Gb Free Space | 6.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: MarkR
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/20 17:20:43 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/20 17:20:35 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/02 08:41:37 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/01 10:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/31 00:01:03 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MarkR\Desktop\OTL.exe
PRC - [2010/03/13 16:58:07 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/13 16:58:01 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/13 16:56:58 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/05/21 13:49:36 | 001,372,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/05/21 13:06:22 | 001,202,448 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2007/08/31 11:58:52 | 000,357,800 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/28 09:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006/12/05 21:49:20 | 000,114,688 | ---- | M] (High Criteria inc.) -- C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
PRC - [2006/03/16 02:34:00 | 000,593,920 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2006/03/10 13:01:56 | 000,110,592 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSODDCtl.exe
PRC - [2006/03/10 13:01:54 | 000,315,392 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2006/03/10 13:01:44 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2006/02/21 21:09:20 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2005/12/20 13:46:20 | 000,176,128 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2005/12/20 13:17:48 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2005/11/02 01:41:04 | 000,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2005/03/17 15:06:14 | 000,059,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
PRC - [2005/01/17 01:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/08/28 01:37:00 | 000,155,648 | ---- | M] (Matsu****a Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsu****a Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2003/09/17 11:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
PRC - [2002/03/08 04:02:56 | 000,900,096 | ---- | M] (Lexmark International Inc.) -- C:\WINDOWS\system32\LXSUPMON.EXE


========== Modules (SafeList) ==========

MOD - [2010/03/31 00:01:03 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MarkR\Desktop\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] -- -- (Roxio Upnp Server 9)
SRV - File not found [On_Demand | Stopped] -- -- (Roxio UPnP Renderer 9)
SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - File not found [Auto | Stopped] -- -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService)
SRV - [2010/03/13 16:58:01 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/05/21 13:23:04 | 000,909,312 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/05/28 09:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2005/12/20 13:46:20 | 000,176,128 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2005/12/20 13:17:48 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/01/17 01:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsu****a Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/defaulta.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 EC 0C 21 81 8D C9 01 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google Powered Search"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: [email protected]:4.002.023.004
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.5.6.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/20 22:43:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected] [2010/03/20 00:56:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/12/21 22:29:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/15 21:33:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/15 20:19:54 | 000,000,000 | ---D | M]

[2009/02/17 18:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\Mozilla\Extensions
[2010/04/20 19:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\Mozilla\Firefox\Profiles\i76h7hqu.default\extensions
[2009/12/22 08:22:04 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\MarkR\Application Data\Mozilla\Firefox\Profiles\i76h7hqu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/07 12:06:52 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Documents and Settings\MarkR\Application Data\Mozilla\Firefox\Profiles\i76h7hqu.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/02/07 22:20:01 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\MarkR\Application Data\Mozilla\Firefox\Profiles\i76h7hqu.default\searchplugins\conduit.xml
[2010/04/20 19:27:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/08/09 12:02:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe File not found
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE (Lexmark International Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [SbUsb AudCtrl] C:\WINDOWS\System32\sbusbdll.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TOSDCR] C:\WINDOWS\System32\TOSDCR.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe (High Criteria inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsu****a Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\MarkR\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Webpage Capture - {1F958B09-6612-7a0e-9223-4C7324C57B23} - C:\Program Files\Webpage Capture\Webpage Capture.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\MarkR\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MarkR\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/16 19:58:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/03/16 19:57:27 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found
 

Baggio

Thread Starter
Joined
Mar 27, 2009
Messages
95
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16610416650092544)

========== Files/Folders - Created Within 14 Days ==========

[2010/04/20 21:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Gang Starr - No More Mr. Nice Guy
[2010/04/20 21:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Guru JazzMatazz Vol 2
[2010/04/20 21:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Guru - JazzMatazz Vol. I
[2010/04/18 00:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Marcos Valle Celso Fonseca
[2010/04/16 23:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Lou Johnson
[2010/04/16 23:21:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Bobby Watson Present Tense
[2010/04/16 16:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Prince Best Of
[2010/04/11 23:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Booker T MG's
[2010/04/11 00:16:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\New Folder
[2010/04/10 23:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Prince Montreux
[2010/04/10 23:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Kindred Spirits
[2010/04/10 16:41:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Jimi Hendrix Best
[2010/04/10 16:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Prince Beautiful Experience Live
[2010/04/10 15:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Eric Clapton Unplugged
[2010/04/09 01:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Buddy Guy Stone
[2010/04/09 00:17:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Buddy Guy Slippin In
[2010/04/08 01:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Buddy Guy JR Wells Play The Blues
[2010/04/07 23:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Buddy Guy Skin Deep
[2010/04/07 21:54:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Buddy Guy Eric Clapton
[2010/04/07 20:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Buddy Guy
[2010/04/02 19:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/10/24 22:18:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/10/24 22:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/10/24 22:18:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/08/12 23:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2009/08/12 23:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2009/08/12 23:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\temp
[2009/08/12 23:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\temp
[2008/04/25 10:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2007/12/28 00:41:46 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\MarkR\Application Data\pcouffin.sys
[2007/10/23 21:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/03/10 13:49:59 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 14 Days ==========

[2010/04/20 22:43:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/20 22:43:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/20 22:43:38 | 1064,554,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/20 22:42:19 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\MarkR\ntuser.dat
[2010/04/20 22:42:19 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\MarkR\ntuser.ini
[2010/04/20 22:37:49 | 000,000,190 | ---- | M] () -- C:\Documents and Settings\MarkR\defogger_reenable
[2010/04/20 22:32:21 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\MarkR\Desktop\Defogger.exe
[2010/04/20 22:02:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\MarkR\Local Settings\Application Data\prvlcl.dat
[2010/04/20 17:20:35 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/20 17:20:32 | 059,094,882 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/15 20:20:02 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/15 20:16:27 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/04/15 19:47:43 | 000,001,400 | -HS- | M] () -- C:\Documents and Settings\MarkR\Application Data\systemHc.$dk

========== Files Created - No Company Name ==========

[2010/04/20 22:37:36 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\MarkR\defogger_reenable
[2010/04/20 22:32:21 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\MarkR\Desktop\Defogger.exe
[2010/04/15 20:20:02 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/15 19:47:43 | 000,001,400 | -HS- | C] () -- C:\Documents and Settings\MarkR\Application Data\systemHc.$dk
[2009/10/29 17:06:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MarkR\Local Settings\Application Data\prvlcl.dat
[2009/07/15 22:32:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2008/07/13 11:28:05 | 000,052,489 | ---- | C] () -- C:\WINDOWS\dcMillpresets.ini
[2008/05/10 00:55:25 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2008/04/22 19:47:48 | 000,000,348 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/07 23:03:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2007/12/28 00:41:58 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\MarkR\Application Data\pcouffin.log
[2007/12/28 00:41:47 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\MarkR\Application Data\pcouffin.cat
[2007/12/28 00:41:46 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\MarkR\Application Data\pcouffin.inf
[2007/12/09 20:24:14 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/12/02 21:36:11 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/07 21:06:27 | 000,001,426 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/21 20:53:06 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2007/10/19 18:46:09 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy Video to DVD.INI
[2007/08/05 05:32:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2007/03/10 13:53:10 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/03/10 13:50:36 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2007/03/10 13:49:53 | 000,009,953 | ---- | C] () -- C:\WINDOWS\System32\SBUSB.INI
[2007/03/08 21:22:06 | 000,000,273 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/01/11 22:41:37 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\MarkR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/11 01:57:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/08/16 05:47:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/03/24 15:38:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/24 12:52:15 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/03/24 12:48:53 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/03/24 12:48:52 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/03/24 12:48:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/03/24 12:48:52 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/03/16 21:27:01 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/03/16 20:42:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/03/16 20:41:31 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/03/16 20:41:31 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/03/16 20:41:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/03/16 20:41:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/03/16 20:41:31 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/03/16 20:41:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/03/16 20:11:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/16 20:03:24 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/16 18:42:24 | 000,002,392 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/09/02 15:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/07/15 11:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 11:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/15 11:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2004/07/20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/12/20 19:45:26 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/12/20 19:44:34 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

========== LOP Check ==========

[2009/10/24 22:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/04/02 19:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/12/23 11:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/04/05 23:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2009/07/04 14:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/06/14 12:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/07/04 13:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/24 21:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/07/04 14:09:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2009/10/27 23:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/28 08:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/04/15 19:47:47 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\MarkR\Application Data\.#
[2010/03/24 00:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\Azureus
[2007/10/21 20:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\BitZipper
[2010/04/05 23:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\Canneverbe Limited
[2009/08/29 17:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\com.adobe.ExMan
[2009/07/04 20:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\DeepBurner
[2008/05/21 01:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\GetRightToGo
[2007/12/16 15:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\ImgBurn
[2009/07/04 19:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\InfraRecorder
[2007/01/04 23:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\InterVideo
[2009/02/17 04:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\NCH Swift Sound
[2007/10/27 14:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\PPMate
[2007/05/14 00:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\PrettyMay
[2007/01/03 22:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\Protector Suite
[2009/07/04 14:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\RipIt4Me
[2007/03/10 15:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\Smart Recorder
[2009/04/12 11:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\Thinstall
[2006/03/16 21:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\toshiba
[2009/07/04 14:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\Uniblue
[2008/01/01 23:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\Vso
[2009/07/05 23:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\Yandex

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2006/05/05 18:50:50 | 000,023,552 | ---- | M] (UPEK Inc.) MD5=885972DF728A6C0600C0133DCF7CDD78 -- C:\Program Files\Protector Suite QL\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\cache\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/03/16 11:47:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/03/16 11:47:34 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/03/16 11:47:34 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/13 16:56:58 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/03/13 16:58:06 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/04/20 17:20:35 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
< End of report >
 
Joined
Jul 13, 2008
Messages
132
You're currently running AVG, but previously had installed Avira and Norton -- is this correct?

Your logs still look alright. But we might as well make sure that there is not a speck of dust.

Download avz4.zip from HERE

  1. Unzip it to your desktop to a folder named avz4
  2. Double click on AVZ.exe to run it.
  3. Run an update by clicking the Auto Update button on the Right of the Log window:
  4. Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again



  1. Start AVZ.
  2. Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.
  3. Click on the “Execute selected scripts”.
  4. Automatic scanning, healing and system check will be executed.
  5. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  6. It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  7. All applications will work properly after the system restart.


When restarted


  1. Start AVZ.
  2. Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
  3. Click on the "Execute selected scripts".
  4. A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.


Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

To attach a file:
  • Click Reply ("Go Advanced")
  • Under Additional Options, click Manage Attachments
  • Under Upload File from your Computer, click Browse...
  • On the left (or via drop-down menu) select Desktop
  • Then click the OTS text file to highlight, and click Open
  • Next to the Browse... button, click Upload
  • Allow time to upload, then close the window
 

Baggio

Thread Starter
Joined
Mar 27, 2009
Messages
95
Hi!

So I kind of got suspicious with my browser (firefox). Decided to uninstall this and set Safari as my browser going forward. It has been 1 day now and no problems. Do you think this may have been the cause of all my problems? The initial browser was damaged due to the virus?
 
Joined
Jul 13, 2008
Messages
132
I can't see it being the problem. Perhaps I misunderstood your problems. Were they only happening within the browser? The only thing I can see affecting anything outside the browser, would be a continuing process of Firefox eating up resources. Of course, a reboot would kill it.

Run the computer for 24-48 hours and let me know if anything changes. Scrap AVZ and do the following:

Please re-open Malwarebytes' Anti-Malware.
  • Click the Update tab, and then click Check for Updates.
  • After updating, click the Scanner tab.
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
 

Baggio

Thread Starter
Joined
Mar 27, 2009
Messages
95
So far so good. Looks like it may have just been the browser that was damaged all along. Here is my new log...


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

4/29/2010 6:27:09 PM
mbam-log-2010-04-29 (18-27-09).txt

Scan type: Quick scan
Objects scanned: 125855
Time elapsed: 8 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Joined
Jul 13, 2008
Messages
132
Well.. I guess all is well after all.

You're in the All Clear! Here are a few cleanup procedures that are a must after malware removal. Also, I have a few program recommendations I like to suggest.


System Restore
System Restore creates snapshots of your computer, called Restore Points, so that in the event something goes wrong, you can restore your computer to an earlier date. Viruses would have gotten got in the Restore Point snapshots also and can reinfect you if you restore to an infected date. Clearing the Restore Points and making a new one is essential after removal:
  • Open OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code:
    :commands
    [CLEARALLRESTOREPOINTS]
  • Then click the Run Fix button at the top.
  • You may or may not be asked to reboot. In any case, I don't need the log that follows.




Removal of Removal-Tools
This is to make sure that tools that any powerful tools we used aren't left behind and to make sure that if you ever get reinfected, you will download all the most recent tools.

  • Open OTL.
  • In the top right corner will be a button called "Clean Up!"; click it.
  • Follow any prompts, and reboot when prompted.
  • OTL will be gone on startup also. Delete any logs or leftover tools manually.



Windows Updates
You should visit Windows Update about once a month, to receive Security Fixes, Hot Fixes and Service Packs. These are all important to fix things like bugs to vulnerabilities which could lead to infection.

Go to Tools > Windows Update, within Internet Explorer
  • Click Express. It will check for updates for your computer.
  • Click Install Updates. A windows should pop up giving the status of each update.
  • Reboot when prompted.


If you're feeling lazy you can turn on Automatic Updates which will do the work for you.
  • Click Start, then Control Panel
  • Click Automatic Updates
  • Check Automatic (Recommended)
  • Ok your way out.


More information about Windows Updates and clear configuration instructions can be found here.




Prevention Programs and Practices
  • Two AntiSpyware \ AntiMalware programs that are effective, easy to use, and free. A weekly scanning with one or both of these tools can be very useful in preventing\removing a wide variety of infections. I strongly recommend these products:
  • The following are two alternative web-browsers. Both are great choices (And can be installed and used with Internet Explorer still present!) You may wish to experiment with the two, to decide which you prefer.

  • Cleans out temporary files safely and effective. It does not clean out URL history, prefetch, or cookies.

  • Keep your programs and applications up to date. This is important, not only for content, but for vulnerability-fixes. Here are a few you should definitely keep up-to-date if you have them:


Glad I could help, piano9playa5 :cheers:
 

Baggio

Thread Starter
Joined
Mar 27, 2009
Messages
95
Great, followed all your last instructions. Thanks so much for bearing with me and all your help!
 
Joined
Sep 8, 2005
Messages
9,113
Biggio,

piano9playa5 is away for a week. I will be assisting you. How is everything now?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top