24 replies to this topic

[Flatiron]

A friends PC.
Boot into Windows and too many pop ups to do anything.
Out of date antivirus. Live One Care or something like that.

Went into safe mode with networking and managed to download MBAM.

FIRST run

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4466

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

8/23/2010 1:12:25 PM
mbam-log-2010-08-23 (13-12-25).txt

Scan type: Quick scan
Objects scanned: 137363
Time elapsed: 8 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 40

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus[1] (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hpqintntlibrary (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\versiondynamic (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\setuplauncher (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\installshieldlauncher (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wtgutilsmodule (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\452ZX275\antivirus[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\hewlett-packard\digital imaging\Unload\hpqunsetrepository.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\installshield installation information\pc-doctor\diagnostics\launchersetup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\wildtangent\Games\gamechannel\space rocks\installerwtinstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\m.21AD.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\E1S84O0Z\antivirus[2].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GV1SDMCC\antivirus[2].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Desktop Security\securitycenter.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Desktop Security\securityhelper.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Desktop Security\taskmgr.dll (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Desktop Security.LNK (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Security.LNK (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\17dkf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\472a10e2ebxd9.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\alerfa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\backd-efq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\cunifuc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\dd10x10.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\dkfjd93.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\ds7hw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\eelnvd13.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\eephilpe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\gedx_ae09.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\gpupz2a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\hhbboll_2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\hodeme.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\hvipws9.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\jdhellwo3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\kilslmd.exex (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\kjdh_gf_jjdhgd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\lorsk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\ppddfcfux.exxe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\pswwg3c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\qwedvor.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrcud12.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrfwe_di.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Second run in Windows

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4466

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/23/2010 1:33:42 PM
mbam-log-2010-08-23 (13-33-42).txt

Scan type: Quick scan
Objects scanned: 138100
Time elapsed: 15 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Security (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ot2shrurfcsq (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Broni]

You must complete all steps listed here: http://www.smartestc...ease-read-this/
If you have any problem with a particular step, let me know.
Start with uninstalling OneCare and installing one of AV programs listed at my link.
After installation, run full scan.

[Flatiron]

Uninstalled One Care & installed Avira



Avira AntiVir Personal
Report file date: Monday, August 23, 2010 15:29

Scanning for 2739575 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Owner
Computer name : YOUR-6JNHHU0520

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 18:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 20:26:59
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 20:27:06
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 20:27:19
VBASE008.VDF : 7.10.9.166 2048 Bytes 7/23/2010 20:27:19
VBASE009.VDF : 7.10.9.167 2048 Bytes 7/23/2010 20:27:19
VBASE010.VDF : 7.10.9.168 2048 Bytes 7/23/2010 20:27:19
VBASE011.VDF : 7.10.9.169 2048 Bytes 7/23/2010 20:27:19
VBASE012.VDF : 7.10.9.170 2048 Bytes 7/23/2010 20:27:20
VBASE013.VDF : 7.10.9.198 157696 Bytes 7/26/2010 20:27:20
VBASE014.VDF : 7.10.9.255 997888 Bytes 7/29/2010 20:27:23
VBASE015.VDF : 7.10.10.28 139264 Bytes 8/2/2010 20:27:24
VBASE016.VDF : 7.10.10.52 127488 Bytes 8/3/2010 20:27:24
VBASE017.VDF : 7.10.10.84 137728 Bytes 8/6/2010 20:27:25
VBASE018.VDF : 7.10.10.107 176640 Bytes 8/9/2010 20:27:25
VBASE019.VDF : 7.10.10.130 132608 Bytes 8/10/2010 20:27:26
VBASE020.VDF : 7.10.10.158 131072 Bytes 8/12/2010 20:27:26
VBASE021.VDF : 7.10.10.190 136704 Bytes 8/16/2010 20:27:27
VBASE022.VDF : 7.10.10.217 118272 Bytes 8/19/2010 20:27:27
VBASE023.VDF : 7.10.10.246 130048 Bytes 8/23/2010 20:27:28
VBASE024.VDF : 7.10.10.247 2048 Bytes 8/23/2010 20:27:28
VBASE025.VDF : 7.10.10.248 2048 Bytes 8/23/2010 20:27:28
VBASE026.VDF : 7.10.10.249 2048 Bytes 8/23/2010 20:27:28
VBASE027.VDF : 7.10.10.250 2048 Bytes 8/23/2010 20:27:28
VBASE028.VDF : 7.10.10.251 2048 Bytes 8/23/2010 20:27:28
VBASE029.VDF : 7.10.10.252 2048 Bytes 8/23/2010 20:27:29
VBASE030.VDF : 7.10.10.253 2048 Bytes 8/23/2010 20:27:29
VBASE031.VDF : 7.10.11.1 30208 Bytes 8/23/2010 20:27:29
Engineversion : 8.2.4.38
AEVDF.DLL : 8.1.2.1 106868 Bytes 8/23/2010 20:27:40
AESCRIPT.DLL : 8.1.3.42 1364347 Bytes 8/23/2010 20:27:39
AESCN.DLL : 8.1.6.1 127347 Bytes 8/23/2010 20:27:38
AESBX.DLL : 8.1.3.1 254324 Bytes 8/23/2010 20:27:40
AERDL.DLL : 8.1.8.2 614772 Bytes 8/23/2010 20:27:38
AEPACK.DLL : 8.2.3.5 471412 Bytes 8/23/2010 20:27:37
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 8/23/2010 20:27:36
AEHEUR.DLL : 8.1.2.15 2859382 Bytes 8/23/2010 20:27:36
AEHELP.DLL : 8.1.13.2 242039 Bytes 8/23/2010 20:27:32
AEGEN.DLL : 8.1.3.19 393587 Bytes 8/23/2010 20:27:32
AEEMU.DLL : 8.1.2.0 393588 Bytes 8/23/2010 20:27:31
AECORE.DLL : 8.1.16.2 192887 Bytes 8/23/2010 20:27:31
AEBB.DLL : 8.1.1.0 53618 Bytes 8/23/2010 20:27:30
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 18:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 18:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 18:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 20:14:29

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Monday, August 23, 2010 15:29

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wcmdmgr.exe' - '1' Module(s) have been scanned
Scan process 'S3tray2.exe' - '1' Module(s) have been scanned
Scan process 'KBD.EXE' - '1' Module(s) have been scanned
Scan process 'hpqcmon.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
C:\Documents and Settings\Owner\Application Data\Desktop Security\Desktop Security 2010.exe
[DETECTION] Is the TR/FakeAV.ldi.2 Trojan

The registry was scanned ( '353' files ).


Beginning disinfection:
C:\Documents and Settings\Owner\Application Data\Desktop Security\Desktop Security 2010.exe
[DETECTION] Is the TR/FakeAV.ldi.2 Trojan
[NOTE] The registration entry <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Desktop Security> was removed successfully.
[NOTE] The file was moved to the quarantine directory under the name '46777fb1.qua'.


End of the scan: Monday, August 23, 2010 15:32
Used time: 00:54 Minute(s)

The scan has been done completely.

0 Scanned directories
822 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
821 Files not concerned
3 Archives were scanned
0 Warnings
1 Notes



Avira AntiVir Personal
Report file date: Monday, August 23, 2010 17:06

Scanning for 2739575 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : YOUR-6JNHHU0520

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 18:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 20:26:59
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 20:27:06
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 20:27:19
VBASE008.VDF : 7.10.9.166 2048 Bytes 7/23/2010 20:27:19
VBASE009.VDF : 7.10.9.167 2048 Bytes 7/23/2010 20:27:19
VBASE010.VDF : 7.10.9.168 2048 Bytes 7/23/2010 20:27:19
VBASE011.VDF : 7.10.9.169 2048 Bytes 7/23/2010 20:27:19
VBASE012.VDF : 7.10.9.170 2048 Bytes 7/23/2010 20:27:20
VBASE013.VDF : 7.10.9.198 157696 Bytes 7/26/2010 20:27:20
VBASE014.VDF : 7.10.9.255 997888 Bytes 7/29/2010 20:27:23
VBASE015.VDF : 7.10.10.28 139264 Bytes 8/2/2010 20:27:24
VBASE016.VDF : 7.10.10.52 127488 Bytes 8/3/2010 20:27:24
VBASE017.VDF : 7.10.10.84 137728 Bytes 8/6/2010 20:27:25
VBASE018.VDF : 7.10.10.107 176640 Bytes 8/9/2010 20:27:25
VBASE019.VDF : 7.10.10.130 132608 Bytes 8/10/2010 20:27:26
VBASE020.VDF : 7.10.10.158 131072 Bytes 8/12/2010 20:27:26
VBASE021.VDF : 7.10.10.190 136704 Bytes 8/16/2010 20:27:27
VBASE022.VDF : 7.10.10.217 118272 Bytes 8/19/2010 20:27:27
VBASE023.VDF : 7.10.10.246 130048 Bytes 8/23/2010 20:27:28
VBASE024.VDF : 7.10.10.247 2048 Bytes 8/23/2010 20:27:28
VBASE025.VDF : 7.10.10.248 2048 Bytes 8/23/2010 20:27:28
VBASE026.VDF : 7.10.10.249 2048 Bytes 8/23/2010 20:27:28
VBASE027.VDF : 7.10.10.250 2048 Bytes 8/23/2010 20:27:28
VBASE028.VDF : 7.10.10.251 2048 Bytes 8/23/2010 20:27:28
VBASE029.VDF : 7.10.10.252 2048 Bytes 8/23/2010 20:27:29
VBASE030.VDF : 7.10.10.253 2048 Bytes 8/23/2010 20:27:29
VBASE031.VDF : 7.10.11.1 30208 Bytes 8/23/2010 20:27:29
Engineversion : 8.2.4.38
AEVDF.DLL : 8.1.2.1 106868 Bytes 8/23/2010 20:27:40
AESCRIPT.DLL : 8.1.3.42 1364347 Bytes 8/23/2010 20:27:39
AESCN.DLL : 8.1.6.1 127347 Bytes 8/23/2010 20:27:38
AESBX.DLL : 8.1.3.1 254324 Bytes 8/23/2010 20:27:40
AERDL.DLL : 8.1.8.2 614772 Bytes 8/23/2010 20:27:38
AEPACK.DLL : 8.2.3.5 471412 Bytes 8/23/2010 20:27:37
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 8/23/2010 20:27:36
AEHEUR.DLL : 8.1.2.15 2859382 Bytes 8/23/2010 20:27:36
AEHELP.DLL : 8.1.13.2 242039 Bytes 8/23/2010 20:27:32
AEGEN.DLL : 8.1.3.19 393587 Bytes 8/23/2010 20:27:32
AEEMU.DLL : 8.1.2.0 393588 Bytes 8/23/2010 20:27:31
AECORE.DLL : 8.1.16.2 192887 Bytes 8/23/2010 20:27:31
AEBB.DLL : 8.1.1.0 53618 Bytes 8/23/2010 20:27:30
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 18:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 18:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 18:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 20:14:29

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_a7c863ee\guard_slideup.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high

Start of the scan: Monday, August 23, 2010 17:06

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'msdtc.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
Scan process 'wcmdmgr.exe' - '1' Module(s) have been scanned
Scan process 'S3tray2.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'KBD.EXE' - '1' Module(s) have been scanned
Scan process 'hpqcmon.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Owner\My Documents\My Pictures\antivirus.exe'
C:\Documents and Settings\Owner\My Documents\My Pictures\antivirus.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan

Beginning disinfection:
C:\Documents and Settings\Owner\My Documents\My Pictures\antivirus.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4fd055cb.qua'.


End of the scan: Monday, August 23, 2010 17:06
Used time: 00:01 Minute(s)

The scan has been done completely.

0 Scanned directories
35 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
34 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes



Avira AntiVir Personal
Report file date: Monday, August 23, 2010 15:46

Scanning for 2739575 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : YOUR-6JNHHU0520

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 18:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 20:26:59
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 20:27:06
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 20:27:19
VBASE008.VDF : 7.10.9.166 2048 Bytes 7/23/2010 20:27:19
VBASE009.VDF : 7.10.9.167 2048 Bytes 7/23/2010 20:27:19
VBASE010.VDF : 7.10.9.168 2048 Bytes 7/23/2010 20:27:19
VBASE011.VDF : 7.10.9.169 2048 Bytes 7/23/2010 20:27:19
VBASE012.VDF : 7.10.9.170 2048 Bytes 7/23/2010 20:27:20
VBASE013.VDF : 7.10.9.198 157696 Bytes 7/26/2010 20:27:20
VBASE014.VDF : 7.10.9.255 997888 Bytes 7/29/2010 20:27:23
VBASE015.VDF : 7.10.10.28 139264 Bytes 8/2/2010 20:27:24
VBASE016.VDF : 7.10.10.52 127488 Bytes 8/3/2010 20:27:24
VBASE017.VDF : 7.10.10.84 137728 Bytes 8/6/2010 20:27:25
VBASE018.VDF : 7.10.10.107 176640 Bytes 8/9/2010 20:27:25
VBASE019.VDF : 7.10.10.130 132608 Bytes 8/10/2010 20:27:26
VBASE020.VDF : 7.10.10.158 131072 Bytes 8/12/2010 20:27:26
VBASE021.VDF : 7.10.10.190 136704 Bytes 8/16/2010 20:27:27
VBASE022.VDF : 7.10.10.217 118272 Bytes 8/19/2010 20:27:27
VBASE023.VDF : 7.10.10.246 130048 Bytes 8/23/2010 20:27:28
VBASE024.VDF : 7.10.10.247 2048 Bytes 8/23/2010 20:27:28
VBASE025.VDF : 7.10.10.248 2048 Bytes 8/23/2010 20:27:28
VBASE026.VDF : 7.10.10.249 2048 Bytes 8/23/2010 20:27:28
VBASE027.VDF : 7.10.10.250 2048 Bytes 8/23/2010 20:27:28
VBASE028.VDF : 7.10.10.251 2048 Bytes 8/23/2010 20:27:28
VBASE029.VDF : 7.10.10.252 2048 Bytes 8/23/2010 20:27:29
VBASE030.VDF : 7.10.10.253 2048 Bytes 8/23/2010 20:27:29
VBASE031.VDF : 7.10.11.1 30208 Bytes 8/23/2010 20:27:29
Engineversion : 8.2.4.38
AEVDF.DLL : 8.1.2.1 106868 Bytes 8/23/2010 20:27:40
AESCRIPT.DLL : 8.1.3.42 1364347 Bytes 8/23/2010 20:27:39
AESCN.DLL : 8.1.6.1 127347 Bytes 8/23/2010 20:27:38
AESBX.DLL : 8.1.3.1 254324 Bytes 8/23/2010 20:27:40
AERDL.DLL : 8.1.8.2 614772 Bytes 8/23/2010 20:27:38
AEPACK.DLL : 8.2.3.5 471412 Bytes 8/23/2010 20:27:37
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 8/23/2010 20:27:36
AEHEUR.DLL : 8.1.2.15 2859382 Bytes 8/23/2010 20:27:36
AEHELP.DLL : 8.1.13.2 242039 Bytes 8/23/2010 20:27:32
AEGEN.DLL : 8.1.3.19 393587 Bytes 8/23/2010 20:27:32
AEEMU.DLL : 8.1.2.0 393588 Bytes 8/23/2010 20:27:31
AECORE.DLL : 8.1.16.2 192887 Bytes 8/23/2010 20:27:31
AEBB.DLL : 8.1.1.0 53618 Bytes 8/23/2010 20:27:30
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 18:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 18:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 18:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 20:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Monday, August 23, 2010 15:46

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '59' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '67' Module(s) have been scanned
Scan process 'avcenter.exe' - '96' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'avshadow.exe' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'avguard.exe' - '53' Module(s) have been scanned
Scan process 'msmsgs.exe' - '42' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'avgnt.exe' - '50' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '25' Module(s) have been scanned
Scan process 'wcmdmgr.exe' - '45' Module(s) have been scanned
Scan process 'S3tray2.exe' - '20' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'KBD.EXE' - '46' Module(s) have been scanned
Scan process 'hpqcmon.exe' - '26' Module(s) have been scanned
Scan process 'hpgs2wnd.exe' - '26' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '13' Module(s) have been scanned
Scan process 'sched.exe' - '44' Module(s) have been scanned
Scan process 'spoolsv.exe' - '53' Module(s) have been scanned
Scan process 'Explorer.EXE' - '89' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '153' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '35' Module(s) have been scanned
Scan process 'winlogon.exe' - '66' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '351' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\Documents and Settings\Owner\My Documents\My Pictures\antivirus.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP273\A0027214.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP273\A0027215.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP273\A0027216.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP273\A0027221.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP273\A0027222.exe
[DETECTION] Is the TR/FakeAV.LDI Trojan
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP273\A0027223.dll
[DETECTION] Is the TR/Spy.83968.37 Trojan
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP277\A0027882.exe
[DETECTION] Is the TR/FakeAV.ldi.2 Trojan
C:\WINDOWS\SoftwareDistribution\Download\521f6da728839b8f5adae08abddc50f0\BIT82.tmp
[0] Archive type: CAB (Microsoft)
--> _sfx_0000._p
[WARNING] The file could not be written!
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.0.0.173\npwthost.dll
[DETECTION] Is the TR/Spy.945.1 Trojan
Begin scan in 'D:\' <HP_RECOVERY>

Beginning disinfection:
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.0.0.173\npwthost.dll
[DETECTION] Is the TR/Spy.945.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '46ae5517.qua'.
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP277\A0027882.exe
[DETECTION] Is the TR/FakeAV.ldi.2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5e727a70.qua'.
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP273\A0027223.dll
[DETECTION] Is the TR/Spy.83968.37 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0c2d2099.qua'.
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP273\A0027222.exe
[DETECTION] Is the TR/FakeAV.LDI Trojan
[NOTE] The file was moved to the quarantine directory under the name '6a1a6f5b.qua'.
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP273\A0027221.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '2f9e4265.qua'.
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP273\A0027216.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '50857004.qua'.
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP273\A0027215.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '1c3d5c4e.qua'.
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP273\A0027214.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '60251c1e.qua'.
C:\Documents and Settings\Owner\My Documents\My Pictures\antivirus.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
[WARNING] The file could not be copied to quarantine!
[WARNING] The file does not exist!
[NOTE] The file is scheduled for deleting after reboot.
The repair notes were written to the file 'C:\avrescue\rescue.avp'.


End of the scan: Monday, August 23, 2010 17:09
Used time: 1:07:14 Hour(s)

The scan has been done completely.

4766 Scanned directories
272501 Files were scanned
9 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
8 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
272492 Files not concerned
18154 Archives were scanned
2 Warnings
9 Notes
253373 Objects were scanned with rootkit scan
0 Hidden objects were found

GMER would freeze. Tried in safe mode but resolution was so big I could not get to all the buttons. Sorry!

Waiting on next instructions.

[Broni]

Did you go to my link to see what else is missing?

[Flatiron]

I ran TFC.

I only get one text file from OLT.

OTL logfile created on: 8/24/2010 2:16:03 PM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

351.00 Mb Total Physical Memory | 143.00 Mb Available Physical Memory | 41.00% Memory free
852.00 Mb Paging File | 650.00 Mb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2 528 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.97 Gb Total Space | 22.47 Gb Free Space | 70.29% Space Free | Partition Type: NTFS
Drive D: | 5.27 Gb Total Space | 1.10 Gb Free Space | 20.81% Space Free | Partition Type: FAT32
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-6JNHHU0520
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/23 14:34:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/02/25 05:33:14 | 000,069,632 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\S3tray2.exe
PRC - [2002/06/18 11:01:00 | 000,155,648 | ---- | M] (VERITAS Software, Inc.) -- C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
PRC - [2002/06/18 02:11:24 | 000,069,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
PRC - [2002/05/07 19:46:04 | 000,139,264 | ---- | M] (WildTangent, Inc.) -- C:\WINDOWS\wt\updater\wcmdmgr.exe
PRC - [2002/04/17 20:49:16 | 000,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 20:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (SafeList) ==========

MOD - [2010/08/23 14:34:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)


========== Driver Services (SafeList) ==========

DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2004/10/01 11:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 00:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/05/26 14:57:50 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2003/03/31 15:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/10/28 13:59:22 | 000,028,164 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2002/10/28 02:01:48 | 000,009,856 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/10/21 13:21:00 | 000,082,784 | ---- | M] (VERITAS Software, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\drvmcdb.sys -- (drvmcdb)
DRV - [2002/07/17 22:25:18 | 000,028,160 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGP.sys -- (SISAGP)
DRV - [2002/03/04 14:10:00 | 000,027,648 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2001/06/04 17:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.CenturyLink.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2002/08/29 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe (WildTangent, Inc.)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [SecurityCenter] C:\Documents and Settings\Owner\Application Data\Desktop Security\securitycenter.exe File not found
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
O4 - HKLM..\RunServices: [antivirus[1]] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\452ZX275\antivirus[1].exe File not found
O4 - HKLM..\RunServices: [antivirus[2]] c:\documents and settings\owner\local settings\temporary internet files\content.ie5\e1s84o0z\antivirus[2].exe File not found
O4 - HKLM..\RunServices: [HpqIntntHpqUnSet] C:\program files\hewlett-packard\digital imaging\unload\hpqunsetrepository.exe File not found
O4 - HKLM..\RunServices: [SetupInstallShield] C:\program files\installshield installation information\pc-doctor\diagnostics\launchersetup.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy ()
O9 - Extra 'Tools' menuitem : MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1237238589980 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1237593603500 (MUWebControl Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.177.176.38 97.81.22.195
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/28 12:36:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | RHS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - Unable to obtain root file information for disk D:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/23 20:48:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/23 20:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/08/23 17:13:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/08/23 16:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/23 15:46:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/08/23 15:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
[2010/08/23 15:25:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/08/23 15:25:06 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/08/23 15:25:06 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/08/23 15:25:06 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/08/23 15:25:06 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/08/23 15:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/08/23 15:25:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/08/23 15:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/08/23 15:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/08/23 14:34:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/23 14:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Downloads
[2010/08/23 13:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/08/23 12:54:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/23 12:54:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/23 12:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/23 12:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/26 19:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WeatherBug
[2010/06/26 19:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\WeatherBug

========== Files - Modified Within 90 Days ==========

[2010/08/24 14:13:25 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8158C364-9E82-453C-A6B1-1F1173FE0C14}.job
[2010/08/24 14:11:56 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/08/24 14:11:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/24 14:11:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/24 14:11:47 | 368,627,712 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/24 14:11:06 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/08/24 14:11:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/08/24 14:11:03 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/08/23 20:48:37 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2010/08/23 15:25:33 | 000,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/08/23 14:34:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/23 14:33:09 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\93bnxi11.exe
[2010/08/23 12:54:30 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/23 12:13:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/13 08:41:39 | 000,172,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 23:49:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 23:47:53 | 000,490,816 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 23:47:53 | 000,434,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 23:47:53 | 000,068,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2010/08/24 14:11:47 | 368,627,712 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/23 20:48:37 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2010/08/23 15:25:33 | 000,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/08/23 14:33:06 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\93bnxi11.exe
[2010/08/23 12:54:30 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2002/10/28 17:48:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/10/28 14:31:35 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2002/10/28 14:29:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2002/10/28 14:29:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2002/10/28 14:18:04 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/10/28 14:17:57 | 000,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/10/28 13:42:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/10/28 13:34:32 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2002/10/28 13:31:05 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2002/10/28 13:23:47 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2002/10/28 13:23:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2002/10/28 13:23:25 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2002/10/28 12:40:15 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/10/28 11:23:12 | 000,000,659 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/10/24 02:01:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2001/09/01 01:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/14 21:47:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\vxpsapi.dll

========== LOP Check ==========

[2002/10/28 14:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom
[2009/03/21 16:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape ISP Dialer
[2010/08/23 20:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2002/10/28 14:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2009/03/21 17:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Netscape ISP Dialer
[2002/10/28 14:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2002/10/28 13:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VERITAS
[2010/06/26 19:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug
[2010/08/24 14:13:25 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8158C364-9E82-453C-A6B1-1F1173FE0C14}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/03/16 17:01:03 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/03/16 20:18:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/03/16 17:01:03 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/03/16 20:18:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\i386\sp1.cab:atapi.sys
[2002/08/29 14:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2009/03/16 17:01:03 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/03/16 20:18:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 14:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2009/03/16 17:01:03 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/03/16 20:18:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 07:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331060$\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/10/28 04:26:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2002/10/28 04:26:04 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2002/10/28 04:26:04 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

[Broni]

Fair enough...

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=============================================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
  
• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.
  
  • Close any open browsers.
    
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.
  
• When finished, it will produce a report for you.
  
• Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

[Flatiron]

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 116):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7DC9000 \WINDOWS\system32\KDCOM.DLL
0xF7CD9000 \WINDOWS\system32\BOOTVID.dll
0xF787A000 ACPI.sys
0xF7DCB000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7869000 pci.sys
0xF78C9000 isapnp.sys
0xF7DCD000 viaide.sys
0xF7B49000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF78D9000 MountMgr.sys
0xF784A000 ftdisk.sys
0xF7B51000 PartMgr.sys
0xF78E9000 VolSnap.sys
0xF7832000 atapi.sys
0xF78F9000 disk.sys
0xF7909000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7812000 fltmgr.sys
0xF7800000 sr.sys
0xF77EC000 drvmcdb.sys
0xF7919000 PxHelp20.sys
0xF77D5000 KSecDD.sys
0xF7748000 Ntfs.sys
0xF771B000 NDIS.sys
0xF7B59000 SISAGP.sys
0xF7B61000 viaagp1.sys
0xF7701000 Mup.sys
0xF7A69000 \SystemRoot\System32\DRIVERS\amdk7.sys
0xF7690000 \SystemRoot\System32\DRIVERS\s3gnbm.sys
0xF767C000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF75E7000 \SystemRoot\System32\DRIVERS\ltmdmnt.sys
0xF7BC9000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7BD1000 \SystemRoot\System32\DRIVERS\RTL8139.SYS
0xF7BD9000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF75C3000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7BE1000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF7A79000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF7BE9000 \SystemRoot\System32\Drivers\MxlW2k.SYS
0xF7D71000 \SystemRoot\system32\drivers\pfc.sys
0xF7A89000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF7A99000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF75A0000 \SystemRoot\System32\DRIVERS\ks.sys
0xF7348000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF7324000 \SystemRoot\system32\drivers\portcls.sys
0xF7AA9000 \SystemRoot\system32\drivers\drmk.sys
0xF7BF1000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF7AB9000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7D79000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF7310000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7AC9000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7BF9000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7D7D000 \SystemRoot\System32\DRIVERS\PS2.sys
0xF7C01000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7EFF000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7AD9000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7D81000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF72F9000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF7AE9000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7AF9000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7C09000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF72E8000 \SystemRoot\System32\DRIVERS\psched.sys
0xF7B09000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7C11000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7C19000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7B39000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7DF9000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF71EA000 \SystemRoot\System32\DRIVERS\update.sys
0xF7D91000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7949000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7969000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7DFD000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7C29000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF7DFF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7F59000 \SystemRoot\System32\Drivers\Null.SYS
0xF7E01000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7C39000 \SystemRoot\System32\drivers\vga.sys
0xF7E03000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7E05000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7C41000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7C49000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF76D9000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF5117000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF50BE000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF5096000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF5074000 \SystemRoot\System32\drivers\afd.sys
0xF7989000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF7C51000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF5049000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF4FD9000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF79A9000 \SystemRoot\System32\Drivers\Fips.SYS
0xF4FB3000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF79B9000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF4F91000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7E0D000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF4F45000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF79F9000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF4F2D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7E0F000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF516A000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7C89000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8006000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\s3gnb.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF0940000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF0959000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF05E3000 \SystemRoot\system32\drivers\wdmaud.sys
0xF08B8000 \SystemRoot\system32\drivers\sysaudio.sys
0xF03D6000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7E7D000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF01DE000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xF0037000 \SystemRoot\System32\DRIVERS\srv.sys
0xEFD11000 \SystemRoot\System32\Drivers\HTTP.sys
0xEFA7D000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 31):
0 System Idle Process
4 System
424 C:\WINDOWS\system32\smss.exe
480 csrss.exe
504 C:\WINDOWS\system32\winlogon.exe
548 C:\WINDOWS\system32\services.exe
560 C:\WINDOWS\system32\lsass.exe
720 C:\WINDOWS\system32\svchost.exe
784 svchost.exe
852 C:\WINDOWS\system32\svchost.exe
916 svchost.exe
1072 svchost.exe
1220 C:\WINDOWS\explorer.exe
1280 C:\WINDOWS\system32\spoolsv.exe
1360 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1560 svchost.exe
1588 C:\WINDOWS\system\hpsysdrv.exe
1608 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
1616 C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
1624 C:\hp\KBD\kbd.exe
1728 C:\WINDOWS\system32\S3tray2.exe
1768 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1784 C:\WINDOWS\wt\updater\wcmdmgr.exe
1800 C:\WINDOWS\system32\ctfmon.exe
1828 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
1840 C:\Program Files\Messenger\msmsgs.exe
176 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
352 C:\WINDOWS\system32\svchost.exe
1016 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
972 alg.exe
2428 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`52486400 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: ST340810A, Rev: 5.46

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 7D48A7E764A5D83438A39192BFF3677448B54B84


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
---------------------------------
ComboFix 10-08-24.07 - Owner 08/24/2010 15:59:51.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.351.211 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\fonts
c:\windows\system32\fonts\ACADEMY_.PFB
c:\windows\system32\fonts\ACADEMY_.PFM
c:\windows\system32\fonts\ACADEMY_.TTF
D:\Autorun.inf
D:\resycled

.
((((((((((((((((((((((((( Files Created from 2010-07-24 to 2010-08-24 )))))))))))))))))))))))))))))))
.

2010-08-24 01:48 . 2010-08-24 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-24 01:48 . 2010-01-11 00:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-08-24 01:48 . 2010-08-24 01:49 -------- d-----w- c:\program files\SpywareBlaster
2010-08-23 20:46 . 2010-08-23 22:07 -------- d-----w- c:\windows\system32\NtmsData
2010-08-23 20:43 . 2010-08-23 20:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
2010-08-23 20:25 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-23 20:25 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-23 20:25 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-23 20:25 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-23 20:25 . 2010-08-23 20:25 -------- d-----w- c:\program files\Avira
2010-08-23 20:25 . 2010-08-23 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-08-23 20:17 . 2010-08-23 20:17 3584 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-08-23 20:17 . 2010-08-23 20:17 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-08-23 20:17 . 2010-08-23 20:17 -------- d-----w- c:\program files\MSECACHE
2010-08-23 18:15 . 2010-08-23 18:15 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-08-23 17:54 . 2010-08-23 17:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-23 18:45 . 2002-10-28 18:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-23 17:54 . 2010-08-23 17:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-23 17:54 . 2010-08-23 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-30 12:31 . 2002-11-13 17:43 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-27 00:18 . 2010-06-27 00:18 -------- d-----w- c:\documents and settings\Owner\Application Data\WeatherBug
2010-06-27 00:18 . 2010-06-27 00:18 18944 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2010-06-24 12:22 . 2002-11-13 17:45 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2002-11-13 17:45 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2002-11-13 17:44 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2002-11-13 18:37 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2002-11-13 18:37 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2002-11-13 17:43 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2002-10-01 548933]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-09-09 114688]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-18 69632]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-18 69632]
"KBD"="c:\hp\KBD\KBD.EXE" [2001-07-07 61440]
"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"nwiz"="nwiz.exe" [2002-10-01 372736]
"PS2"="c:\windows\system32\ps2.exe" [2002-06-15 81920]
"S3TRAY2"="S3tray2.exe" [2003-02-25 69632]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"wcmdmgr"="c:\windows\wt\updater\wcmdmgrl.exe" [2002-05-08 20480]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/23/2010 3:25 PM 135336]
S2 mrtRate;mrtRate; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-08-24 c:\windows\Tasks\User_Feed_Synchronization-{8158C364-9E82-453C-A6B1-1F1173FE0C14}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.CenturyLink.net/
uDefault_Search_URL = hxxp://srch-us7.hpwis.com/
mSearch Bar = hxxp://srch-us7.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: {{17A27031-71FC-11d4-815C-005004D0F1FA} - c:\program files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKCU-Run-SecurityCenter - c:\documents and settings\Owner\Application Data\Desktop Security\securitycenter.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-24 16:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-08-24 16:09:24
ComboFix-quarantined-files.txt 2010-08-24 21:09

Pre-Run: 24,020,721,664 bytes free
Post-Run: 23,998,894,080 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - ADC23D505E11E8113AECBA8E854F91DC

[Broni]

MBRCheck log doesn't look good...

Run MBRCheck again.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Press the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 0 (zero) and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 1 for Windows XP, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then reboot, run MBRCheck again and post new log.

[Flatiron]

Sorry, got a phone call..

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 119):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7DC9000 \WINDOWS\system32\KDCOM.DLL
0xF7CD9000 \WINDOWS\system32\BOOTVID.dll
0xF787A000 ACPI.sys
0xF7DCB000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7869000 pci.sys
0xF78C9000 isapnp.sys
0xF7DCD000 viaide.sys
0xF7B49000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF78D9000 MountMgr.sys
0xF784A000 ftdisk.sys
0xF7B51000 PartMgr.sys
0xF78E9000 VolSnap.sys
0xF7832000 atapi.sys
0xF78F9000 disk.sys
0xF7909000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7812000 fltmgr.sys
0xF7800000 sr.sys
0xF77EC000 drvmcdb.sys
0xF7919000 PxHelp20.sys
0xF77D5000 KSecDD.sys
0xF7748000 Ntfs.sys
0xF771B000 NDIS.sys
0xF7B59000 SISAGP.sys
0xF7B61000 viaagp1.sys
0xF7701000 Mup.sys
0xF7A69000 \SystemRoot\System32\DRIVERS\amdk7.sys
0xF7690000 \SystemRoot\System32\DRIVERS\s3gnbm.sys
0xF767C000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF75E7000 \SystemRoot\System32\DRIVERS\ltmdmnt.sys
0xF7BC9000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7BD1000 \SystemRoot\System32\DRIVERS\RTL8139.SYS
0xF7BD9000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF75C3000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7BE1000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF7A79000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF7BE9000 \SystemRoot\System32\Drivers\MxlW2k.SYS
0xF7D71000 \SystemRoot\system32\drivers\pfc.sys
0xF7A89000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF7A99000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF75A0000 \SystemRoot\System32\DRIVERS\ks.sys
0xF7348000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF7324000 \SystemRoot\system32\drivers\portcls.sys
0xF7AA9000 \SystemRoot\system32\drivers\drmk.sys
0xF7BF1000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF7AB9000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7D79000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF7310000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7AC9000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7BF9000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7D7D000 \SystemRoot\System32\DRIVERS\PS2.sys
0xF7C01000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7EFF000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7AD9000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7D81000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF72F9000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF7AE9000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7AF9000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7C09000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF72E8000 \SystemRoot\System32\DRIVERS\psched.sys
0xF7B09000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7C11000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7C19000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7B39000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7DF9000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF71EA000 \SystemRoot\System32\DRIVERS\update.sys
0xF7D91000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7949000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7969000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7DFD000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7C29000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF7DFF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7F59000 \SystemRoot\System32\Drivers\Null.SYS
0xF7E01000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7C39000 \SystemRoot\System32\drivers\vga.sys
0xF7E03000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7E05000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7C41000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7C49000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF76D9000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF5117000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF50BE000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF5096000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF5074000 \SystemRoot\System32\drivers\afd.sys
0xF7989000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF7C51000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF5049000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF4FD9000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF79A9000 \SystemRoot\System32\Drivers\Fips.SYS
0xF4FB3000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF79B9000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF4F91000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7E0D000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF4F45000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF79F9000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF4F2D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7E0F000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF516A000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7C89000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8006000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\s3gnb.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF0940000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF0959000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF05E3000 \SystemRoot\system32\drivers\wdmaud.sys
0xF08B8000 \SystemRoot\system32\drivers\sysaudio.sys
0xF03D6000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7E7D000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF01DE000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xF0037000 \SystemRoot\System32\DRIVERS\srv.sys
0xEFD11000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7BC1000 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys
0xF7E77000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xF7BA1000 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys
0xEFA7D000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 31):
0 System Idle Process
4 System
424 C:\WINDOWS\system32\smss.exe
480 csrss.exe
504 C:\WINDOWS\system32\winlogon.exe
548 C:\WINDOWS\system32\services.exe
560 C:\WINDOWS\system32\lsass.exe
720 C:\WINDOWS\system32\svchost.exe
784 svchost.exe
852 C:\WINDOWS\system32\svchost.exe
916 svchost.exe
1072 svchost.exe
1280 C:\WINDOWS\system32\spoolsv.exe
1360 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1560 svchost.exe
1588 C:\WINDOWS\system\hpsysdrv.exe
1608 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
1616 C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
1624 C:\hp\KBD\kbd.exe
1728 C:\WINDOWS\system32\S3tray2.exe
1768 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1784 C:\WINDOWS\wt\updater\wcmdmgr.exe
1800 C:\WINDOWS\system32\ctfmon.exe
1828 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
176 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
352 C:\WINDOWS\system32\svchost.exe
1016 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
972 alg.exe
1256 C:\WINDOWS\explorer.exe
632 C:\WINDOWS\system32\notepad.exe
224 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`52486400 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: ST340810A, Rev: 5.46

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 7D48A7E764A5D83438A39192BFF3677448B54B84


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
-------------------------------
Gonna reboot and post another MBR.

[Broni]

:)

[Flatiron]

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 115):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7DC9000 \WINDOWS\system32\KDCOM.DLL
0xF7CD9000 \WINDOWS\system32\BOOTVID.dll
0xF787A000 ACPI.sys
0xF7DCB000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7869000 pci.sys
0xF78C9000 isapnp.sys
0xF7DCD000 viaide.sys
0xF7B49000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF78D9000 MountMgr.sys
0xF784A000 ftdisk.sys
0xF7B51000 PartMgr.sys
0xF78E9000 VolSnap.sys
0xF7832000 atapi.sys
0xF78F9000 disk.sys
0xF7909000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7812000 fltmgr.sys
0xF7800000 sr.sys
0xF77EC000 drvmcdb.sys
0xF7919000 PxHelp20.sys
0xF77D5000 KSecDD.sys
0xF7748000 Ntfs.sys
0xF771B000 NDIS.sys
0xF7B59000 SISAGP.sys
0xF7B61000 viaagp1.sys
0xF7701000 Mup.sys
0xF7A89000 \SystemRoot\System32\DRIVERS\amdk7.sys
0xF7690000 \SystemRoot\System32\DRIVERS\s3gnbm.sys
0xF767C000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF75E7000 \SystemRoot\System32\DRIVERS\ltmdmnt.sys
0xF7BC1000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7BC9000 \SystemRoot\System32\DRIVERS\RTL8139.SYS
0xF7BD1000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF75C3000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7BD9000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF7A99000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF7BE1000 \SystemRoot\System32\Drivers\MxlW2k.SYS
0xF7D75000 \SystemRoot\system32\drivers\pfc.sys
0xF7AA9000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF7AB9000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF75A0000 \SystemRoot\System32\DRIVERS\ks.sys
0xF7373000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF734F000 \SystemRoot\system32\drivers\portcls.sys
0xF7AC9000 \SystemRoot\system32\drivers\drmk.sys
0xF7BE9000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF7AD9000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7D7D000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF733B000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7AE9000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7BF1000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7D81000 \SystemRoot\System32\DRIVERS\PS2.sys
0xF7BF9000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7EFE000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7AF9000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7D85000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF7324000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF7B09000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7B19000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7C01000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7313000 \SystemRoot\System32\DRIVERS\psched.sys
0xF7B29000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7C09000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7C11000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7B39000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7DFF000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF728A000 \SystemRoot\System32\DRIVERS\update.sys
0xF7D95000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7949000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7989000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7E03000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7C21000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF7E07000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7F5D000 \SystemRoot\System32\Drivers\Null.SYS
0xF7E09000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7C39000 \SystemRoot\System32\drivers\vga.sys
0xF7E0B000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7E0D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7C41000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7C49000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF76D9000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF5117000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF50BE000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF5096000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF5074000 \SystemRoot\System32\drivers\afd.sys
0xF79A9000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF7C51000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF5049000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF4FD9000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF79C9000 \SystemRoot\System32\Drivers\Fips.SYS
0xF4FB3000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF79D9000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF4F91000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7E15000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF4F6D000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF7A29000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF4F2D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7E29000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF516A000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7C79000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8008000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\s3gnb.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF0940000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF0938000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF05CB000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF05B6000 \SystemRoot\system32\drivers\wdmaud.sys
0xF0868000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7E6B000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF02AE000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xF00FF000 \SystemRoot\System32\DRIVERS\srv.sys
0xEFD52000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 32):
0 System Idle Process
4 System
420 C:\WINDOWS\system32\smss.exe
476 csrss.exe
500 C:\WINDOWS\system32\winlogon.exe
544 C:\WINDOWS\system32\services.exe
556 C:\WINDOWS\system32\lsass.exe
716 C:\WINDOWS\system32\svchost.exe
776 svchost.exe
848 C:\WINDOWS\system32\svchost.exe
912 svchost.exe
996 svchost.exe
1264 C:\WINDOWS\system32\spoolsv.exe
1272 C:\WINDOWS\explorer.exe
1328 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1456 svchost.exe
1596 C:\WINDOWS\system\hpsysdrv.exe
1616 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
1624 C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
1632 C:\hp\KBD\kbd.exe
1640 C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
1732 C:\WINDOWS\system32\S3tray2.exe
1760 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1776 C:\WINDOWS\wt\updater\wcmdmgr.exe
1808 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
2000 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
368 C:\WINDOWS\system32\svchost.exe
392 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1200 C:\WINDOWS\system32\wuauclt.exe
816 alg.exe
2312 wmiprvse.exe
3000 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`52486400 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: ST340810A, Rev: 5.46

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 7D48A7E764A5D83438A39192BFF3677448B54B84


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

[Broni]

Unfortunately, our fix didn't work, so we'll have to use a different way....

Please download NTBR by noahdfear and save it to your Desktop.

• Place a blank CD in your CD drive.
  
• Double click on NTBR_CD.exe file and a folder of the same name will appear.
  
• Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  
• Follow the prompts to burn the CD.

• Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  
• If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

• Insert the newly created CD into your infected PC and reboot your computer.
  
• Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  
• Read the warning and then continue as prompted.
  
• You first need to select your keyboard layout - press Enter for English.
  
• Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  
• On the following screen enter 5 to select Install Standard MBR code.
  
• Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
  
• When asked to confirm please do so.
  
• Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  
• Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted run MBRCheck one more time and let me have the log produced.

[Flatiron]

I'm disabled so it'll take some time to do this with no help. :)

[Broni]

No worries.
It may look complicated at first, but when you print it out and go step by step, I'm sure, you can do it.
Take your time :)

[Flatiron]

my brother-in-law just put his XP CD in and entered the the recovery console and fixed the MBR I believe.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 115):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7DC9000 \WINDOWS\system32\KDCOM.DLL
0xF7CD9000 \WINDOWS\system32\BOOTVID.dll
0xF787A000 ACPI.sys
0xF7DCB000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7869000 pci.sys
0xF78C9000 isapnp.sys
0xF7DCD000 viaide.sys
0xF7B49000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF78D9000 MountMgr.sys
0xF784A000 ftdisk.sys
0xF7B51000 PartMgr.sys
0xF78E9000 VolSnap.sys
0xF7832000 atapi.sys
0xF78F9000 disk.sys
0xF7909000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7812000 fltmgr.sys
0xF7800000 sr.sys
0xF77EC000 drvmcdb.sys
0xF7919000 PxHelp20.sys
0xF77D5000 KSecDD.sys
0xF7748000 Ntfs.sys
0xF771B000 NDIS.sys
0xF7B59000 SISAGP.sys
0xF7B61000 viaagp1.sys
0xF7701000 Mup.sys
0xF7AB9000 \SystemRoot\System32\DRIVERS\amdk7.sys
0xF7448000 \SystemRoot\System32\DRIVERS\s3gnbm.sys
0xF7434000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF739F000 \SystemRoot\System32\DRIVERS\ltmdmnt.sys
0xF7BC1000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7BC9000 \SystemRoot\System32\DRIVERS\RTL8139.SYS
0xF7BD1000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF737B000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7BD9000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF7AC9000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF7BE1000 \SystemRoot\System32\Drivers\MxlW2k.SYS
0xF7D79000 \SystemRoot\system32\drivers\pfc.sys
0xF7AD9000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF7AE9000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF7358000 \SystemRoot\System32\DRIVERS\ks.sys
0xF712B000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF7107000 \SystemRoot\system32\drivers\portcls.sys
0xF7AF9000 \SystemRoot\system32\drivers\drmk.sys
0xF7BE9000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF7B09000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7D81000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF70F3000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7B19000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7BF1000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7D85000 \SystemRoot\System32\DRIVERS\PS2.sys
0xF7BF9000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7EF5000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7B29000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7D89000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF70DC000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF7B39000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7949000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7C01000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF70CB000 \SystemRoot\System32\DRIVERS\psched.sys
0xF7959000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7C09000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7C11000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7969000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7DF9000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF7042000 \SystemRoot\System32\DRIVERS\update.sys
0xF7D99000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7979000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF79A9000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7DFD000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7C29000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF7E01000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7F51000 \SystemRoot\System32\Drivers\Null.SYS
0xF7E03000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7C39000 \SystemRoot\System32\drivers\vga.sys
0xF7E05000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7E07000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7C41000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7C49000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF748D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF4ECF000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF4E76000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF4E4E000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF4E2C000 \SystemRoot\System32\drivers\afd.sys
0xF79C9000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF7C51000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF4E01000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF4D91000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF79E9000 \SystemRoot\System32\Drivers\Fips.SYS
0xF4D6B000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF79F9000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF4D49000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7E11000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF4D25000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF4CE5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7E1F000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF4F26000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7C79000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8005000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\s3gnb.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF06F8000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF0719000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF0383000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF036E000 \SystemRoot\system32\drivers\wdmaud.sys
0xF04F0000 \SystemRoot\system32\drivers\sysaudio.sys
0xF0084000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF7E4B000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF01EC000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xEFEB5000 \SystemRoot\System32\DRIVERS\srv.sys
0xEFB2C000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 32):
0 System Idle Process
4 System
420 C:\WINDOWS\system32\smss.exe
476 csrss.exe
500 C:\WINDOWS\system32\winlogon.exe
544 C:\WINDOWS\system32\services.exe
556 C:\WINDOWS\system32\lsass.exe
720 C:\WINDOWS\system32\svchost.exe
776 svchost.exe
844 C:\WINDOWS\system32\svchost.exe
904 svchost.exe
1020 svchost.exe
1220 C:\WINDOWS\explorer.exe
1284 C:\WINDOWS\system32\spoolsv.exe
1332 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1444 svchost.exe
1588 C:\WINDOWS\system\hpsysdrv.exe
1608 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
1616 C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
1624 C:\hp\KBD\kbd.exe
1636 C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
1732 C:\WINDOWS\system32\S3tray2.exe
1756 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1772 C:\WINDOWS\wt\updater\wcmdmgr.exe
1780 C:\WINDOWS\system32\ctfmon.exe
1824 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
2012 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
196 C:\WINDOWS\system32\svchost.exe
672 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1520 C:\WINDOWS\system32\wuauclt.exe
668 alg.exe
3608 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`52486400 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: ST340810A, Rev: 5.46

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

[Broni]

Good job :)
Looks good :)

Let me check your Combofix log now....

[Flatiron]

I'm on my PC right now just to let you know it'll be in the morning before I'll be able to get on the other PC.
Folks around here go to bed early.:)

[Broni]

Combofix looks good :)

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

===========================================================================

1. Update Malwarebytes, run "Quick scan" and post fresh log.
2. Run OTL "Quick scan" again and post fresh log as well.

[Broni]

No problem. Take your time :)

[Flatiron]

OK, maybe clean..:)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4475

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/25/2010 9:58:52 AM
mbam-log-2010-08-25 (09-58-52).txt

Scan type: Quick scan
Objects scanned: 136883
Time elapsed: 11 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-------------------------------------------
OTL logfile created on: 8/25/2010 10:08:10 AM - Run 4
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

351.00 Mb Total Physical Memory | 233.00 Mb Available Physical Memory | 66.00% Memory free
852.00 Mb Paging File | 649.00 Mb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2 528 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.97 Gb Total Space | 24.02 Gb Free Space | 75.13% Space Free | Partition Type: NTFS
Drive D: | 5.27 Gb Total Space | 1.10 Gb Free Space | 20.81% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-6JNHHU0520
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/24 14:30:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/02/25 05:33:14 | 000,069,632 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\S3tray2.exe
PRC - [2002/06/18 02:11:24 | 000,069,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
PRC - [2002/05/07 19:46:04 | 000,139,264 | ---- | M] (WildTangent, Inc.) -- C:\WINDOWS\wt\updater\wcmdmgr.exe
PRC - [2002/04/17 20:49:16 | 000,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 20:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (SafeList) ==========

MOD - [2010/08/24 14:30:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2004/10/01 11:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 00:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/05/26 14:57:50 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2003/03/31 15:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/10/28 13:59:22 | 000,028,164 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2002/10/28 02:01:48 | 000,009,856 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/10/21 13:21:00 | 000,082,784 | ---- | M] (VERITAS Software, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\drvmcdb.sys -- (drvmcdb)
DRV - [2002/07/17 22:25:18 | 000,028,160 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGP.sys -- (SISAGP)
DRV - [2002/03/04 14:10:00 | 000,027,648 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2001/06/04 17:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.CenturyLink.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/08/24 16:05:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe (WildTangent, Inc.)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy ()
O9 - Extra 'Tools' menuitem : MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1237238589980 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1237593603500 (MUWebControl Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.177.176.38 97.81.22.195
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/28 12:36:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | RHS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Unable to start service SrService!

========== Files/Folders - Created Within 90 Days ==========

[2010/08/24 16:23:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/24 16:09:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/24 15:56:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/24 15:53:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/24 14:30:49 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/23 20:48:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/23 20:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/08/23 17:13:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/08/23 16:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/23 15:46:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/08/23 15:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
[2010/08/23 15:25:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/08/23 15:25:06 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/08/23 15:25:06 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/08/23 15:25:06 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/08/23 15:25:06 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/08/23 15:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/08/23 15:25:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/08/23 15:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/08/23 15:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/08/23 14:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Downloads
[2010/08/23 13:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/08/23 12:54:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/23 12:54:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/23 12:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/23 12:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/26 19:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WeatherBug

========== Files - Modified Within 90 Days ==========

[2010/08/25 09:37:51 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/08/25 09:37:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/25 09:37:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/25 09:37:45 | 368,627,712 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/25 09:36:46 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/08/25 09:36:46 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/08/25 09:36:38 | 001,993,476 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/08/25 09:25:18 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8158C364-9E82-453C-A6B1-1F1173FE0C14}.job
[2010/08/24 16:05:13 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/24 16:05:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/24 15:56:59 | 000,000,270 | RHS- | M] () -- C:\boot.ini
[2010/08/24 15:36:00 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/08/24 14:30:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/23 20:48:37 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2010/08/23 15:25:33 | 000,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/08/23 12:54:30 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/23 12:13:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/13 08:41:39 | 000,172,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 23:49:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 23:47:53 | 000,490,816 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 23:47:53 | 000,434,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 23:47:53 | 000,068,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2010/08/24 15:56:59 | 000,000,201 | ---- | C] () -- C:\Boot.bak
[2010/08/24 15:56:55 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/24 15:36:00 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/08/24 14:11:47 | 368,627,712 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/23 20:48:37 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2010/08/23 15:25:33 | 000,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/08/23 12:54:30 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2002/10/28 17:48:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/10/28 14:31:35 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2002/10/28 14:29:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2002/10/28 14:29:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2002/10/28 14:18:04 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/10/28 14:17:57 | 000,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/10/28 13:42:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/10/28 13:34:32 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2002/10/28 13:31:05 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2002/10/28 13:23:47 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2002/10/28 13:23:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2002/10/28 13:23:25 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2002/10/28 12:40:15 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/10/28 11:23:12 | 000,000,659 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/10/24 02:01:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2001/09/01 01:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/14 21:47:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\vxpsapi.dll

========== LOP Check ==========

[2002/10/28 14:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom
[2009/03/21 16:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape ISP Dialer
[2010/08/23 20:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2002/10/28 14:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2009/03/21 17:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Netscape ISP Dialer
[2002/10/28 14:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2002/10/28 13:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VERITAS
[2010/08/25 09:25:18 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8158C364-9E82-453C-A6B1-1F1173FE0C14}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/03/16 17:01:03 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/03/16 20:18:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/03/16 17:01:03 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/03/16 20:18:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\i386\sp1.cab:atapi.sys
[2002/08/29 14:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2009/03/16 17:01:03 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/03/16 20:18:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 14:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2009/03/16 17:01:03 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/03/16 20:18:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 07:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331060$\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/10/28 04:26:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2002/10/28 04:26:04 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2002/10/28 04:26:04 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >