1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Need Help:(

Discussion in 'Virus & Other Malware Removal' started by Baggio, Apr 10, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Baggio

    Baggio Thread Starter

    Joined:
    Mar 27, 2009
    Messages:
    95
    Hi there,

    Coming over from the other board. Caught a pretty bad virus by clicking on a msn messenger link - with the help of a very nice fellow from here we managed to get rid of all the malaware remnants. We've run follow-up scans with OTL to ensure that all is well and that I haven't been re-infected. Unfortunately, my computer is still running badly and he suggested I post here for help.

    There is significant slowness when on internet, my windows whether on the internet or not regularly freeze, my right click options often don't work (don't load), can't scroll on my own tool bar or the various sites that I visit, can't watch/stream videos online like i used to, can't close my windows and often have resort to cntrl/alt/delete to close everything, can't scroll period...

    As you can see a long list. and not sure where to go from here! Any help would be greatly appreciated...
     
  2. Baggio

    Baggio Thread Starter

    Joined:
    Mar 27, 2009
    Messages:
    95
    Hiya,

    Posted this last week..Can anybody help?

    Thnx,
    b
     
  3. piano9playa5

    piano9playa5

    Joined:
    Jul 13, 2008
    Messages:
    132
    No exactly what I meant for you to do.. No worries though, we'll give it another go. :) If you already have these tools, delete them and download new.. Updates have come out since you last were assisted.

    Step № One
    Please download DeFogger to your desktop.
    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

    Do not re-enable these drivers until otherwise instructed.​
    Step № Two
    Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      adp3132.sys
      mv61xx.sys
      nvraid.sys
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\drivers\*.sys /90​
    • Then click the Quick Scan button at the top. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.



    Step № Three
    Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
    • Click on this link to see a list of programs that should be disabled.
    • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
    • Allow the driver to load if asked.
    • You may be prompted to scan immediately if it detects rootkit activity.
    • If you are prompted to scan your system click "No", save the log and post back the results.
    • If not prompted, click the "Rootkit/Malware" tab.
    • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
    • Select all drives that are connected to your system to be scanned.
    • Click the Scan button to begin. (Please be patient as it can take some time to complete)
    • When the scan is finished, click Save to save the scan results to your Desktop.
    • Save the file as Results.log and copy/paste the contents in your next reply.
    • Exit the program and re-enable all active protection when done.



    Logs&Info
    Remember to post back the following logs:
    1. defogger_disable
    2. OTL.txt
    3. Results.log
     
  4. Baggio

    Baggio Thread Starter

    Joined:
    Mar 27, 2009
    Messages:
    95
    Hello again!

    As you can see, I posted on the other board and they moved it back here. Thanks for offering to help again though. So, for the last three nights I've tried running the GMER scan - such was successful but come time to save the log and my computer freezes! I've had to force down my computer and didn't want to do this anymore in fear of damaging the hard drive. Also, for the OTL scans, the second window with Extras never popped up so nothing to save. Here is what I was able to get for you though...

    defogger_disable by jpshortstuff (23.02.10.1)
    Log created at 22:39 on 20/04/2010 (MarkR)

    Checking for autostart values...
    HKCU\~\Run values retrieved.
    HKLM\~\Run values retrieved.

    Checking for services/drivers...
    SPTD -> Already disabled


    -=E.O.F=-
     
  5. Baggio

    Baggio Thread Starter

    Joined:
    Mar 27, 2009
    Messages:
    95
    OTL logfile created on: 4/20/2010 10:46:52 PM - Run 5
    OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\MarkR\Desktop
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,015.00 Mb Total Physical Memory | 446.00 Mb Available Physical Memory | 44.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 93.16 Gb Total Space | 5.62 Gb Free Space | 6.03% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: TOSHIBA-USER
    Current User Name: MarkR
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/04/20 17:20:43 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
    PRC - [2010/04/20 17:20:35 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2010/04/02 08:41:37 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2010/04/01 10:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/03/31 00:01:03 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MarkR\Desktop\OTL.exe
    PRC - [2010/03/13 16:58:07 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2010/03/13 16:58:01 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2010/03/13 16:56:58 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    PRC - [2009/05/21 13:49:36 | 001,372,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    PRC - [2009/05/21 13:06:22 | 001,202,448 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    PRC - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2007/08/31 11:58:52 | 000,357,800 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/05/28 09:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    PRC - [2006/12/05 21:49:20 | 000,114,688 | ---- | M] (High Criteria inc.) -- C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    PRC - [2006/03/16 02:34:00 | 000,593,920 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
    PRC - [2006/03/10 13:01:56 | 000,110,592 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSODDCtl.exe
    PRC - [2006/03/10 13:01:54 | 000,315,392 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
    PRC - [2006/03/10 13:01:44 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
    PRC - [2006/02/21 21:09:20 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
    PRC - [2005/12/20 13:46:20 | 000,176,128 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
    PRC - [2005/12/20 13:17:48 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
    PRC - [2005/11/02 01:41:04 | 000,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    PRC - [2005/03/17 15:06:14 | 000,059,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    PRC - [2005/01/17 01:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
    PRC - [2004/08/28 01:37:00 | 000,155,648 | ---- | M] (Matsu****a Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
    PRC - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsu****a Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
    PRC - [2003/09/17 11:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
    PRC - [2002/03/08 04:02:56 | 000,900,096 | ---- | M] (Lexmark International Inc.) -- C:\WINDOWS\system32\LXSUPMON.EXE


    ========== Modules (SafeList) ==========

    MOD - [2010/03/31 00:01:03 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MarkR\Desktop\OTL.exe
    MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
    SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
    SRV - File not found [Auto | Stopped] -- -- (Roxio Upnp Server 9)
    SRV - File not found [On_Demand | Stopped] -- -- (Roxio UPnP Renderer 9)
    SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
    SRV - File not found [Auto | Stopped] -- -- (AntiVirService)
    SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService)
    SRV - [2010/03/13 16:58:01 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2009/05/21 13:23:04 | 000,909,312 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
    SRV - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2007/05/28 09:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
    SRV - [2005/12/20 13:46:20 | 000,176,128 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
    SRV - [2005/12/20 13:17:48 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
    SRV - [2005/01/17 01:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
    SRV - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsu****a Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/defaulta.aspx
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 EC 0C 21 81 8D C9 01 [binary data]
    IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "Google Powered Search"
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
    FF - prefs.js..extensions.enabledItems: [email protected]:4.002.023.004
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.5.6.0
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q="

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/20 22:43:26 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected] [2010/03/20 00:56:42 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/12/21 22:29:25 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/15 21:33:05 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/15 20:19:54 | 000,000,000 | ---D | M]

    [2009/02/17 18:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\Mozilla\Extensions
    [2010/04/20 19:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\Mozilla\Firefox\Profiles\i76h7hqu.default\extensions
    [2009/12/22 08:22:04 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\MarkR\Application Data\Mozilla\Firefox\Profiles\i76h7hqu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2010/02/07 12:06:52 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Documents and Settings\MarkR\Application Data\Mozilla\Firefox\Profiles\i76h7hqu.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2010/02/07 22:20:01 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\MarkR\Application Data\Mozilla\Firefox\Profiles\i76h7hqu.default\searchplugins\conduit.xml
    [2010/04/20 19:27:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2009/08/09 12:02:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe File not found
    O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE (Lexmark International Inc.)
    O4 - HKLM..\Run: [NDSTray.exe] File not found
    O4 - HKLM..\Run: [SbUsb AudCtrl] C:\WINDOWS\System32\sbusbdll.dll (Creative Technology Ltd)
    O4 - HKLM..\Run: [TFncKy] File not found
    O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
    O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TOSDCR] C:\WINDOWS\System32\TOSDCR.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe (High Criteria inc.)
    O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsu****a Electric Industrial Co., Ltd.)
    O4 - Startup: C:\Documents and Settings\MarkR\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Webpage Capture - {1F958B09-6612-7a0e-9223-4C7324C57B23} - C:\Program Files\Webpage Capture\Webpage Capture.exe File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\MarkR\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\MarkR\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/03/16 19:58:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/03/16 19:57:27 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: SSHNAS - File not found
     
  6. Baggio

    Baggio Thread Starter

    Joined:
    Mar 27, 2009
    Messages:
    95
    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16610416650092544)

    ========== Files/Folders - Created Within 14 Days ==========

    [2010/04/20 21:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Gang Starr - No More Mr. Nice Guy
    [2010/04/20 21:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Guru JazzMatazz Vol 2
    [2010/04/20 21:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Guru - JazzMatazz Vol. I
    [2010/04/18 00:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Marcos Valle Celso Fonseca
    [2010/04/16 23:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Lou Johnson
    [2010/04/16 23:21:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Bobby Watson Present Tense
    [2010/04/16 16:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Prince Best Of
    [2010/04/11 23:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Booker T MG's
    [2010/04/11 00:16:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\New Folder
    [2010/04/10 23:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Prince Montreux
    [2010/04/10 23:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Kindred Spirits
    [2010/04/10 16:41:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Jimi Hendrix Best
    [2010/04/10 16:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Prince Beautiful Experience Live
    [2010/04/10 15:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Eric Clapton Unplugged
    [2010/04/09 01:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Buddy Guy Stone
    [2010/04/09 00:17:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Buddy Guy Slippin In
    [2010/04/08 01:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Buddy Guy JR Wells Play The Blues
    [2010/04/07 23:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Buddy Guy Skin Deep
    [2010/04/07 21:54:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Buddy Guy Eric Clapton
    [2010/04/07 20:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarkR\My Documents\Buddy Guy
    [2010/04/02 19:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2009/10/24 22:18:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2009/10/24 22:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2009/10/24 22:18:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2009/08/12 23:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
    [2009/08/12 23:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
    [2009/08/12 23:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\temp
    [2009/08/12 23:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\temp
    [2008/04/25 10:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
    [2007/12/28 00:41:46 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\MarkR\Application Data\pcouffin.sys
    [2007/10/23 21:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2007/03/10 13:49:59 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

    ========== Files - Modified Within 14 Days ==========

    [2010/04/20 22:43:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/04/20 22:43:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/04/20 22:43:38 | 1064,554,496 | -HS- | M] () -- C:\hiberfil.sys
    [2010/04/20 22:42:19 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\MarkR\ntuser.dat
    [2010/04/20 22:42:19 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\MarkR\ntuser.ini
    [2010/04/20 22:37:49 | 000,000,190 | ---- | M] () -- C:\Documents and Settings\MarkR\defogger_reenable
    [2010/04/20 22:32:21 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\MarkR\Desktop\Defogger.exe
    [2010/04/20 22:02:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\MarkR\Local Settings\Application Data\prvlcl.dat
    [2010/04/20 17:20:35 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2010/04/20 17:20:32 | 059,094,882 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/04/15 20:20:02 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/04/15 20:16:27 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
    [2010/04/15 19:47:43 | 000,001,400 | -HS- | M] () -- C:\Documents and Settings\MarkR\Application Data\systemHc.$dk

    ========== Files Created - No Company Name ==========

    [2010/04/20 22:37:36 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\MarkR\defogger_reenable
    [2010/04/20 22:32:21 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\MarkR\Desktop\Defogger.exe
    [2010/04/15 20:20:02 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/04/15 19:47:43 | 000,001,400 | -HS- | C] () -- C:\Documents and Settings\MarkR\Application Data\systemHc.$dk
    [2009/10/29 17:06:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MarkR\Local Settings\Application Data\prvlcl.dat
    [2009/07/15 22:32:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
    [2008/07/13 11:28:05 | 000,052,489 | ---- | C] () -- C:\WINDOWS\dcMillpresets.ini
    [2008/05/10 00:55:25 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
    [2008/04/22 19:47:48 | 000,000,348 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2008/01/07 23:03:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
    [2007/12/28 00:41:58 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\MarkR\Application Data\pcouffin.log
    [2007/12/28 00:41:47 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\MarkR\Application Data\pcouffin.cat
    [2007/12/28 00:41:46 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\MarkR\Application Data\pcouffin.inf
    [2007/12/09 20:24:14 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
    [2007/12/02 21:36:11 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2007/11/07 21:06:27 | 000,001,426 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/10/21 20:53:06 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
    [2007/10/19 18:46:09 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy Video to DVD.INI
    [2007/08/05 05:32:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
    [2007/03/10 13:53:10 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
    [2007/03/10 13:50:36 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
    [2007/03/10 13:49:53 | 000,009,953 | ---- | C] () -- C:\WINDOWS\System32\SBUSB.INI
    [2007/03/08 21:22:06 | 000,000,273 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2007/01/11 22:41:37 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\MarkR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/01/11 01:57:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
    [2006/08/16 05:47:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2006/03/24 15:38:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/03/24 12:52:15 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
    [2006/03/24 12:48:53 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
    [2006/03/24 12:48:52 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
    [2006/03/24 12:48:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
    [2006/03/24 12:48:52 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
    [2006/03/16 21:27:01 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
    [2006/03/16 20:42:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
    [2006/03/16 20:41:31 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2006/03/16 20:41:31 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2006/03/16 20:41:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2006/03/16 20:41:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2006/03/16 20:41:31 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2006/03/16 20:41:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2006/03/16 20:11:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/03/16 20:03:24 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2006/03/16 18:42:24 | 000,002,392 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2005/09/02 15:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
    [2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
    [2005/07/15 11:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
    [2005/07/15 11:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
    [2005/07/15 11:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2004/07/20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
    [2004/01/15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
    [2003/12/20 19:45:26 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
    [2003/12/20 19:44:34 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

    ========== LOP Check ==========

    [2009/10/24 22:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2010/04/02 19:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2007/12/23 11:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2010/04/05 23:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
    [2009/07/04 14:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
    [2009/06/14 12:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2009/07/04 13:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/03/24 21:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2009/07/04 14:09:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
    [2009/10/27 23:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/06/28 08:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010/04/15 19:47:47 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\MarkR\Application Data\.#
    [2010/03/24 00:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\Azureus
    [2007/10/21 20:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\BitZipper
    [2010/04/05 23:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\Canneverbe Limited
    [2009/08/29 17:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\com.adobe.ExMan
    [2009/07/04 20:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\DeepBurner
    [2008/05/21 01:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\GetRightToGo
    [2007/12/16 15:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\ImgBurn
    [2009/07/04 19:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\InfraRecorder
    [2007/01/04 23:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\InterVideo
    [2009/02/17 04:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\NCH Swift Sound
    [2007/10/27 14:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\PPMate
    [2007/05/14 00:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\PrettyMay
    [2007/01/03 22:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\Protector Suite
    [2009/07/04 14:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\RipIt4Me
    [2007/03/10 15:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\Smart Recorder
    [2009/04/12 11:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\Thinstall
    [2006/03/16 21:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\toshiba
    [2009/07/04 14:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\Uniblue
    [2008/01/01 23:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\Vso
    [2009/07/05 23:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarkR\Application Data\Yandex

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
    [2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
    [2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
    [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
    [2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
    [2006/05/05 18:50:50 | 000,023,552 | ---- | M] (UPEK Inc.) MD5=885972DF728A6C0600C0133DCF7CDD78 -- C:\Program Files\Protector Suite QL\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
    [2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\cache\netlogon.dll
    [2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
    [2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2006/03/16 11:47:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2006/03/16 11:47:34 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2006/03/16 11:47:34 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\drivers\*.sys /90 >
    [2010/03/13 16:56:58 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
    [2010/03/13 16:58:06 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
    [2010/04/20 17:20:35 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
    [2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
    [2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
    < End of report >
     
  7. piano9playa5

    piano9playa5

    Joined:
    Jul 13, 2008
    Messages:
    132
    You're currently running AVG, but previously had installed Avira and Norton -- is this correct?

    Your logs still look alright. But we might as well make sure that there is not a speck of dust.

    Download avz4.zip from HERE

    1. Unzip it to your desktop to a folder named avz4
    2. Double click on AVZ.exe to run it.
    3. Run an update by clicking the Auto Update button on the Right of the Log window: [​IMG]
    4. Click Start to begin the update

    Note: If you recieve an error message, chose a different source, then click Start again



    1. Start AVZ.
    2. Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.
      [​IMG]
    3. Click on the “Execute selected scripts”.
    4. Automatic scanning, healing and system check will be executed.
    5. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
    6. It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
    7. All applications will work properly after the system restart.


    When restarted


    1. Start AVZ.
    2. Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
      [​IMG]
    3. Click on the "Execute selected scripts".
    4. A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.


    Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

    To attach a file:
    • Click Reply ("Go Advanced")
    • Under Additional Options, click Manage Attachments
    • Under Upload File from your Computer, click Browse...
    • On the left (or via drop-down menu) select Desktop
    • Then click the OTS text file to highlight, and click Open
    • Next to the Browse... button, click Upload
    • Allow time to upload, then close the window
     
  8. Baggio

    Baggio Thread Starter

    Joined:
    Mar 27, 2009
    Messages:
    95
    Hi!

    So I kind of got suspicious with my browser (firefox). Decided to uninstall this and set Safari as my browser going forward. It has been 1 day now and no problems. Do you think this may have been the cause of all my problems? The initial browser was damaged due to the virus?
     
  9. piano9playa5

    piano9playa5

    Joined:
    Jul 13, 2008
    Messages:
    132
    I can't see it being the problem. Perhaps I misunderstood your problems. Were they only happening within the browser? The only thing I can see affecting anything outside the browser, would be a continuing process of Firefox eating up resources. Of course, a reboot would kill it.

    Run the computer for 24-48 hours and let me know if anything changes. Scrap AVZ and do the following:

    Please re-open Malwarebytes' Anti-Malware.
    • Click the Update tab, and then click Check for Updates.
    • After updating, click the Scanner tab.
    • Select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
     
  10. Baggio

    Baggio Thread Starter

    Joined:
    Mar 27, 2009
    Messages:
    95
    So far so good. Looks like it may have just been the browser that was damaged all along. Here is my new log...


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 7.0.5730.11

    4/29/2010 6:27:09 PM
    mbam-log-2010-04-29 (18-27-09).txt

    Scan type: Quick scan
    Objects scanned: 125855
    Time elapsed: 8 minute(s), 26 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  11. piano9playa5

    piano9playa5

    Joined:
    Jul 13, 2008
    Messages:
    132
    Well.. I guess all is well after all.

    You're in the All Clear! Here are a few cleanup procedures that are a must after malware removal. Also, I have a few program recommendations I like to suggest.


    System Restore
    System Restore creates snapshots of your computer, called Restore Points, so that in the event something goes wrong, you can restore your computer to an earlier date. Viruses would have gotten got in the Restore Point snapshots also and can reinfect you if you restore to an infected date. Clearing the Restore Points and making a new one is essential after removal:
    • Open OTL.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following:
      Code:
      :commands
      [CLEARALLRESTOREPOINTS]
    • Then click the Run Fix button at the top.
    • You may or may not be asked to reboot. In any case, I don't need the log that follows.




    Removal of Removal-Tools
    This is to make sure that tools that any powerful tools we used aren't left behind and to make sure that if you ever get reinfected, you will download all the most recent tools.

    • Open OTL.
    • In the top right corner will be a button called "Clean Up!"; click it.
    • Follow any prompts, and reboot when prompted.
    • OTL will be gone on startup also. Delete any logs or leftover tools manually.



    Windows Updates
    You should visit Windows Update about once a month, to receive Security Fixes, Hot Fixes and Service Packs. These are all important to fix things like bugs to vulnerabilities which could lead to infection.

    Go to Tools > Windows Update, within Internet Explorer
    • Click Express. It will check for updates for your computer.
    • Click Install Updates. A windows should pop up giving the status of each update.
    • Reboot when prompted.


    If you're feeling lazy you can turn on Automatic Updates which will do the work for you.
    • Click Start, then Control Panel
    • Click Automatic Updates
    • Check Automatic (Recommended)
    • Ok your way out.


    More information about Windows Updates and clear configuration instructions can be found here.




    Prevention Programs and Practices
    • Two AntiSpyware \ AntiMalware programs that are effective, easy to use, and free. A weekly scanning with one or both of these tools can be very useful in preventing\removing a wide variety of infections. I strongly recommend these products:
    • The following are two alternative web-browsers. Both are great choices (And can be installed and used with Internet Explorer still present!) You may wish to experiment with the two, to decide which you prefer.

    • Cleans out temporary files safely and effective. It does not clean out URL history, prefetch, or cookies.

    • Keep your programs and applications up to date. This is important, not only for content, but for vulnerability-fixes. Here are a few you should definitely keep up-to-date if you have them:


    Glad I could help, piano9playa5 :cheers:
     
  12. Baggio

    Baggio Thread Starter

    Joined:
    Mar 27, 2009
    Messages:
    95
    Great, followed all your last instructions. Thanks so much for bearing with me and all your help!
     
  13. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Biggio,

    piano9playa5 is away for a week. I will be assisting you. How is everything now?
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/916094

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice