Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Problems after virus removal

Started by 18928 , Jun 04 2011 08:33 PM

This topic is locked

#1
18928

Posted 04 June 2011 - 08:33 PM

Member

Member
41 posts

Hello guys, first of all I'm not a computer expert so go easy on me. About a week ago out of the blue I got a message saying, that I have a virus and it's scanning for problems and everything on my desktop disappeared. After couple days of research I found out that I have a virus and I ran "rkill" and "unhide" to show hidden files. Now the computer is still infected. Half of my desktop is gone and applications on "start" menu. I want to backup the system, but all the restore points are gone and even if I choose the one that is still there, the message pops up " windows has detected file corruption on the C.... OS" I can't remember the exact message. Secondly, skype is messed up - I can't get it to stay for a second( it flashes and goes away). Everytime I go on the internet, I get redirected multiple times.
I'm soooo frustrated it's a pretty new computer( Dell).
Please help!!!

Edited by 18928, 05 June 2011 - 03:59 PM.

#2
18928

Posted 05 June 2011 - 09:59 AM

Member

Topic Starter
Member
41 posts

OTL logfile created on: 6/5/2011 11:50:52 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\asta\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 51.01% Memory free
6.48 Gb Paging File | 4.86 Gb Available in Paging File | 74.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.94 Gb Total Space | 189.56 Gb Free Space | 81.73% Space Free | Partition Type: NTFS
Drive E: | 3.72 Gb Total Space | 3.68 Gb Free Space | 98.76% Space Free | Partition Type: FAT32

Computer Name: ASTA-PC | User Name: asta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/05 11:49:12 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\asta\Desktop\OTL.scr
PRC - [2011/05/14 09:19:57 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2011/01/10 12:56:32 | 004,318,520 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2011/01/10 12:56:32 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2010/10/13 18:06:34 | 000,098,304 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2010/09/10 09:29:47 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2010/07/20 01:29:06 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
PRC - [2010/05/13 00:33:44 | 000,288,112 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/04/05 12:56:06 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/04/05 12:56:02 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\stacsv.exe
PRC - [2010/04/05 12:54:56 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe
PRC - [2010/03/23 17:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2010/02/17 19:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2010/02/10 19:11:00 | 000,020,480 | ---- | M] () -- C:\Program Files\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exe
PRC - [2010/02/10 19:10:50 | 000,233,472 | ---- | M] () -- C:\Program Files\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe
PRC - [2010/02/10 16:20:56 | 000,028,672 | ---- | M] (DigiData Corp.) -- C:\Program Files\Verizon\Online Backup & Sharing\vewatch.exe
PRC - [2010/02/09 17:14:56 | 000,228,352 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Internet Content Filter\UpdateService.exe
PRC - [2010/02/09 17:07:22 | 001,275,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Internet Content Filter\mfp.exe
PRC - [2010/02/02 20:02:52 | 000,024,576 | ---- | M] (DigiData Corp.) -- C:\Program Files\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe
PRC - [2010/02/02 09:20:46 | 000,040,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
PRC - [2010/02/02 09:20:44 | 005,249,024 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
PRC - [2010/02/02 09:19:10 | 004,539,392 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
PRC - [2010/01/15 13:41:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/01/15 13:41:28 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/01/14 17:53:48 | 000,034,232 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2010/01/14 15:47:26 | 000,147,328 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2010/01/10 13:01:26 | 000,060,928 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
PRC - [2009/12/29 17:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/12/17 11:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2009/12/17 11:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2009/12/10 14:41:38 | 000,386,848 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2009/11/24 16:48:36 | 001,148,264 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2009/11/20 18:42:48 | 000,278,304 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2009/11/02 12:40:54 | 000,657,920 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/07/08 18:08:30 | 000,413,827 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/02/01 02:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe

========== Modules (SafeList) ==========

MOD - [2011/06/05 11:49:12 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\asta\Desktop\OTL.scr
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/10 12:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2010/10/13 18:06:34 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2010/09/10 09:29:47 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (Rpcnet) Remote Procedure Call (RPC)
SRV - [2010/08/14 12:22:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/05 12:56:02 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\stacsv.exe -- (STacSV)
SRV - [2010/04/05 12:54:56 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe -- (AESTFilters)
SRV - [2010/02/10 19:11:00 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exe -- (OnlineBackupSchedulerService)
SRV - [2010/02/09 17:14:56 | 000,228,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Internet Content Filter\UpdateService.exe -- (fpUpdateSvc)
SRV - [2010/02/02 20:02:52 | 000,024,576 | ---- | M] (DigiData Corp.) [Auto | Running] -- C:\Program Files\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe -- (FilesystemWatcher)
SRV - [2010/02/02 09:20:46 | 000,040,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2010/01/15 13:41:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/01/10 13:01:26 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/12/17 11:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2009/12/17 11:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2009/12/10 14:41:38 | 000,386,848 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/11/24 16:48:36 | 001,148,264 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/11/20 18:42:48 | 000,278,304 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2009/11/18 17:35:48 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/29 15:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/11/12 14:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)

========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:30 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/06/25 22:44:13 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/05/13 00:17:00 | 000,255,096 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/04/16 23:41:02 | 009,935,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/04/05 12:56:08 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/03/21 15:25:04 | 000,059,904 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2010/03/21 15:25:04 | 000,048,640 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rimspe86.sys -- (rimspci)
DRV - [2010/03/21 15:25:04 | 000,038,912 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rixdpe86.sys -- (rixdpcie)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/02/02 09:18:24 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2010/01/28 11:25:04 | 000,068,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/01/18 08:56:26 | 000,042,672 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelern.sys -- (Acceler)
DRV - [2010/01/18 08:56:26 | 000,017,072 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\stdfltn.sys -- (stdflt)
DRV - [2010/01/14 15:47:22 | 000,211,328 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/12/10 13:36:54 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel®
DRV - [2009/11/03 17:40:42 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2009/10/26 16:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/10/14 12:29:54 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2009/09/17 18:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HECI.sys -- (HECI) Intel®
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/15 14:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/05/28 11:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2009/04/29 15:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/06/04 14:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search.defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search.order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search.selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolba...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.2
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.517.0
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.0.0
FF - prefs.js..keyword.URL: "http://mp3tubetoolba...bid=&Keywords="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - user.js..keyword.URL: "http://mp3tubetoolba...removelink2&q="
FF - user.js..keyword.enabled: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/03 08:07:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions [2011/05/26 11:19:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 21:30:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/04 23:11:14 | 000,000,000 | ---D | M]

[2011/03/13 20:18:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asta\AppData\Roaming\Mozilla\Extensions
[2011/03/13 20:18:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asta\AppData\Roaming\Mozilla\Firefox\Profiles\jdd79h3g.default\extensions
[2011/05/26 11:19:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/26 11:19:35 | 000,000,000 | ---D | M] (MP3Tube Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/06/03 08:07:59 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
File not found (No name found) -- C:\PROGRAM FILES\HBLITE\BIN\11.0.363.0\FIREFOX\EXTENSIONS
[2011/05/26 11:19:18 | 000,000,000 | ---D | M] (ShopperReports) -- C:\PROGRAM FILES\SHOPPERREPORTS3\BIN\3.0.517.0\FIREFOX\FIREFOXTOOLBAR\EXTENSIONS
[2011/05/26 11:19:40 | 000,001,211 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Mp3Tube.xml

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (ShopperReports) - {100EB1FD-D03E-47fd-81F3-EE91287F9465} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll (SmartShopper Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (Mp3Tube Toolbar) - {46897C77-E7A6-4c33-BFFB-E9C2E2718942} - C:\Program Files\Mp3Tube Toolbar\mp3tubetb.DLL (Mp3Tube Toolbar)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Mp3Tube Toolbar) - {46897C77-E7A6-4C33-BFFB-E9C2E2718942} - C:\Program Files\Mp3Tube Toolbar\mp3tubetb.DLL (Mp3Tube Toolbar)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ICF] C:\Program Files\Internet Content Filter\mfp.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [Online Backup Auto Update] C:\Program Files\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [Vault Explorer Cache Watcher] C:\Program Files\Verizon\Online Backup & Sharing\vewatch.exe (DigiData Corp.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll (SmartShopper Inc.)
O9 - Extra Button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll (SmartShopper Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\icf.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\icf.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\icf.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\icf.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\icf.dll (McAfee, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/05 11:49:12 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\asta\Desktop\OTL.scr
[2011/06/04 23:10:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/04 23:03:06 | 000,000,000 | ---D | C] -- C:\Users\asta\AppData\Roaming\Error Fix
[2011/06/04 23:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\Error Fix
[2011/05/31 08:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/05/28 09:41:29 | 000,000,000 | ---D | C] -- C:\Users\asta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
[2011/05/26 11:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/05/26 11:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/26 11:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3Tube Toolbar
[2011/05/26 11:19:15 | 000,000,000 | ---D | C] -- C:\Users\asta\AppData\Roaming\ShopperReports3
[2011/05/26 11:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\ShopperReports3
[2011/05/26 08:44:43 | 000,000,000 | ---D | C] -- C:\Users\asta\AppData\Roaming\AVG
[2011/05/26 08:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/05/26 08:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011/05/26 08:17:25 | 000,000,000 | ---D | C] -- C:\Users\asta\AppData\Roaming\AVG10
[2011/05/26 08:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/05/26 08:15:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/05/26 08:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/05/25 20:25:02 | 000,000,000 | ---D | C] -- C:\Users\asta\AppData\Roaming\Malwarebytes
[2011/05/25 20:24:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/25 20:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/25 20:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/25 20:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/25 09:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2011/05/25 09:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/05/25 09:19:30 | 000,000,000 | ---D | C] -- C:\bc259d1509c64b8bda09048185
[2011/05/24 23:12:44 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/05/24 22:35:46 | 000,000,000 | ---D | C] -- C:\Users\asta\AppData\Local\MigWiz
[2011/05/19 07:33:47 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/05/11 09:08:52 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/05/11 09:08:51 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2011/05/11 09:08:45 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/05/11 09:08:45 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

========== Files - Modified Within 30 Days ==========

[2011/06/05 11:49:12 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\asta\Desktop\OTL.scr
[2011/06/05 11:34:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/05 11:33:32 | 000,014,256 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/05 11:33:32 | 000,014,256 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/05 11:30:26 | 117,270,103 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/06/05 11:27:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3353683146-4250850509-2122086200-1000UA.job
[2011/06/05 11:25:09 | 000,000,000 | ---- | M] () -- C:\Users\asta\AppData\Local\WavXMapDrive.bat
[2011/06/05 11:24:59 | 000,017,920 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2011/06/05 11:24:57 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2011/06/05 11:24:53 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/05 11:24:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/05 11:24:23 | 2609,250,304 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/04 14:34:08 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3353683146-4250850509-2122086200-1000Core.job
[2011/05/31 16:03:53 | 000,017,920 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2011/05/28 09:51:59 | 000,636,630 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/28 09:51:59 | 000,110,746 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/28 09:41:30 | 000,000,136 | ---- | M] () -- C:\ProgramData\~28368632r
[2011/05/28 09:41:30 | 000,000,104 | ---- | M] () -- C:\ProgramData\~28368632
[2011/05/28 09:41:24 | 000,000,352 | ---- | M] () -- C:\ProgramData\28368632
[2011/05/25 15:07:10 | 195,029,290 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/24 16:07:09 | 000,000,144 | ---- | M] () -- C:\ProgramData\~33545976r
[2011/05/24 16:07:09 | 000,000,112 | ---- | M] () -- C:\ProgramData\~33545976
[2011/05/24 16:06:47 | 000,000,344 | ---- | M] () -- C:\ProgramData\33545976

========== Files Created - No Company Name ==========

[2011/06/05 11:30:26 | 117,270,103 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/05/28 09:41:30 | 000,000,136 | ---- | C] () -- C:\ProgramData\~28368632r
[2011/05/28 09:41:30 | 000,000,104 | ---- | C] () -- C:\ProgramData\~28368632
[2011/05/28 09:41:24 | 000,000,352 | ---- | C] () -- C:\ProgramData\28368632
[2011/05/28 09:20:41 | 000,002,503 | ---- | C] () -- C:\Users\asta\Desktop\Skype.lnk
[2011/05/25 14:56:52 | 195,029,290 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/24 16:07:09 | 000,000,144 | ---- | C] () -- C:\ProgramData\~33545976r
[2011/05/24 16:07:08 | 000,000,112 | ---- | C] () -- C:\ProgramData\~33545976
[2011/05/24 16:06:47 | 000,000,344 | ---- | C] () -- C:\ProgramData\33545976
[2010/08/15 11:55:08 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/14 15:28:30 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2010/08/14 15:27:29 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2010/08/14 01:10:37 | 000,000,000 | ---- | C] () -- C:\Users\asta\AppData\Local\WavXMapDrive.bat
[2010/06/25 21:51:19 | 001,731,176 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2010/06/25 21:51:19 | 001,657,448 | ---- | C] () -- C:\Windows\System32\nwiz.exe
[2010/06/25 21:51:19 | 001,612,392 | ---- | C] () -- C:\Windows\System32\nView.dll
[2010/06/25 21:51:19 | 001,108,584 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2010/06/25 21:51:19 | 000,473,704 | ---- | C] () -- C:\Windows\System32\nvShell.dll
[2010/06/25 21:51:19 | 000,449,128 | ---- | C] () -- C:\Windows\System32\nvAppBar.exe
[2010/06/25 21:51:19 | 000,262,248 | ---- | C] () -- C:\Windows\System32\nViewSetup.exe
[2010/06/25 20:10:21 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010/06/25 20:01:11 | 000,206,216 | ---- | C] () -- C:\Windows\System32\bipbsp.dll
[2010/06/25 20:01:10 | 000,308,624 | ---- | C] () -- C:\Windows\System32\brcmbsp.dll
[2010/06/25 20:00:08 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2010/04/16 23:02:42 | 000,040,588 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2009/11/19 16:47:10 | 000,249,856 | ---- | C] () -- C:\Windows\System32\wxvault.dll
[2009/11/18 16:21:08 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-HK.dll
[2009/11/18 16:21:06 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sl.dll
[2009/11/18 16:21:06 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_th.dll
[2009/11/18 16:21:04 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sk.dll
[2009/11/18 16:21:02 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_hr.dll
[2009/11/18 16:20:56 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll
[2009/11/18 16:20:56 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll
[2009/11/18 16:20:54 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
[2009/11/18 16:20:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll
[2009/11/18 16:20:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll
[2009/11/18 16:20:50 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll
[2009/11/18 16:20:48 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll
[2009/11/18 16:20:48 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll
[2009/11/18 16:20:46 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll
[2009/11/18 16:20:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2009/11/18 16:20:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2009/11/18 16:20:42 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll
[2009/11/18 16:20:40 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2009/11/18 16:20:40 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2009/11/18 16:20:38 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll
[2009/11/18 16:20:36 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll
[2009/11/18 16:20:36 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll
[2009/11/18 16:20:34 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2009/11/18 16:20:32 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2009/11/18 16:20:30 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2009/11/18 16:20:30 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2009/11/18 16:20:28 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2009/11/18 16:20:26 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2009/11/18 16:20:24 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll
[2009/11/13 09:17:00 | 000,010,752 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
[2009/11/06 16:27:22 | 000,839,680 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2009/08/26 17:25:08 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,266,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,636,630 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,110,746 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 19:15:05 | 000,668,160 | ---- | C] () -- C:\Windows\System32\autochk.exe
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/03/25 10:46:00 | 000,077,536 | ---- | C] () -- C:\Windows\System32\xltZlib.dll
[2006/06/30 13:58:44 | 000,176,128 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2006/06/30 13:58:44 | 000,126,976 | ---- | C] () -- C:\Windows\System32\bioapi100.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2010/06/25 22:44:06 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2010/06/25 22:44:12 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\asta\AppData\Local\Temp\RarSFX4\procs\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010/06/25 22:44:08 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\asta\AppData\Local\Temp\RarSFX4\h\explorer.exe
[2010/06/25 22:44:08 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2010/06/25 22:44:12 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2010/06/25 22:44:06 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\asta\AppData\Local\Temp\RarSFX4\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/06/25 22:44:12 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2010/06/25 22:44:12 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010/06/25 22:44:12 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\asta\AppData\Local\Temp\RarSFX4\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/07 21:30:08 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/07 21:30:08 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/07 21:30:08 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/07 21:30:07 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/07 21:30:07 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/07 21:30:07 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/02/24 01:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: %programfiles%\Internet Explorer\iexplore.exe [2011/02/24 01:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/07 21:30:08 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/07 21:30:08 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/07 21:30:08 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/07 21:30:07 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/07 21:30:07 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/07 21:30:07 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/02/24 01:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: %programfiles%\Internet Explorer\iexplore.exe [2011/02/24 01:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

#3
18928

Posted 05 June 2011 - 10:12 AM

Member

Topic Starter
Member
41 posts

The second step- TDSSKiller.zip is not opening.

#4
18928

Posted 05 June 2011 - 10:22 AM

Member

Topic Starter
Member
41 posts

OTL Extras logfile created on: 6/5/2011 11:50:52 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\asta\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 51.01% Memory free
6.48 Gb Paging File | 4.86 Gb Available in Paging File | 74.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.94 Gb Total Space | 189.56 Gb Free Space | 81.73% Space Free | Partition Type: NTFS
Drive E: | 3.72 Gb Total Space | 3.68 Gb Free Space | 98.76% Space Free | Partition Type: FAT32

Computer Name: ASTA-PC | User Name: asta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iCall\iCall.exe" = C:\Program Files\iCall\iCall.exe:*:Enabled:iCall -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
"{057159C5-3B94-4E36-9271-11615618CACE}" = Dell ControlPoint System Manager
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{08DE682A-3858-4591-9EBB-E5290E4DC3DD}" = Family Protection
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{11107A2A-AD44-4BC8-ABB5-E88E63BCA785}" = Intel® Network Connections 14.8.43.0
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23DA4222-E517-42B3-8F97-9CFD49E2A732}" = AVG 2011
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{33F0BD6D-49B0-4030-8940-0FD0414DD9CB}" = Dell Control Point
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49DFA1BB-F417-491C-9457-F483CC98678C}" = SO32MMWrapper
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DFC26EF-8316-41D5-BCCD-E562A79EC3B2}" = Vz In Home Agent
"{5F89E4AF-07EF-48C7-9F3D-46E96E338D1D}" = Verizon Online Backup and Sharing
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6A7F4379-B2EE-444F-AC4A-C5379B1CF95E}" = Dell ControlVault Host Components Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C5D035A-B5B8-41DC-8F00-C133BA21AD4E}" = DCP32MMWrapper
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B83E30A9-A744-4C55-BF55-33CA9FCB62C1}" = Wave Infrastructure Installer
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CC40FA96-9445-4EF4-8DDB-5DADF5F01BA8}" = AVG 2011
"{CCD35D5A-7B97-46E0-AB2E-21C59BA253B6}" = Verizon Download Manager
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DDD6BE8C-9AFA-48F1-A6AE-3BD596E2EB0B}" = Trusted Drive Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2011
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Dell Webcam Central" = Dell Webcam Central
"DW WLAN Card Utility" = DW WLAN Card Utility
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"IspAssistant-Mp3Tube" = IspAssistant-Mp3Tube
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PROSetDX" = Intel® Network Connections 14.8.43.0
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.7.44
"Search Toolbar" = Search Toolbar
"ShopperReportsSA" = ShopperReports
"Verizon Help and Support" = Verizon Help and Support Tool
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/30/2011 10:26:09 PM | Computer Name = asta-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16766,
time stamp: 0x4d65d5c3 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x44838b00 Faulting process id:
0x738 Faulting application start time: 0x01cc1f35a1b03170 Faulting application path:
C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: unknown Report
Id: 57c947ba-8b2d-11e0-bec2-0026b9d183cc

Error - 5/31/2011 7:51:54 AM | Computer Name = asta-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.3.0.111, time stamp:
0x4dac4a84 Faulting module name: Skype.exe, version: 5.3.0.111, time stamp: 0x4dac4a84
Exception
code: 0xc0000005 Fault offset: 0x006eb5e2 Faulting process id: 0x138c Faulting application
start time: 0x01cc1f89154bc2b5 Faulting application path: C:\Program Files\Skype\Phone\Skype.exe
Faulting
module path: C:\Program Files\Skype\Phone\Skype.exe Report Id: 60e35cbf-8b7c-11e0-b5ec-0026b9d183cc

Error - 5/31/2011 7:53:00 AM | Computer Name = asta-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.3.0.111, time stamp:
0x4dac4a84 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0xa6094b88 Faulting process id: 0x138c Faulting application
start time: 0x01cc1f89154bc2b5 Faulting application path: C:\Program Files\Skype\Phone\Skype.exe
Faulting
module path: unknown Report Id: 87fa75bf-8b7c-11e0-b5ec-0026b9d183cc

Error - 5/31/2011 7:54:11 AM | Computer Name = asta-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.3.0.111, time stamp:
0x4dac4a84 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x82e728cb Faulting process id: 0x1dc8 Faulting application
start time: 0x01cc1f897180b993 Faulting application path: C:\Program Files\Skype\Phone\Skype.exe
Faulting
module path: unknown Report Id: b244a688-8b7c-11e0-b5ec-0026b9d183cc

Error - 5/31/2011 7:54:28 AM | Computer Name = asta-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16766,
time stamp: 0x4d65d5c3 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0xffff7485 Faulting process id:
0x18c4 Faulting application start time: 0x01cc1f894d349835 Faulting application path:
C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: unknown Report
Id: bc91adfa-8b7c-11e0-b5ec-0026b9d183cc

Error - 5/31/2011 8:22:25 AM | Computer Name = asta-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.3.0.116, time stamp:
0x4ddea058 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x82e728cb Faulting process id: 0x239c Faulting application
start time: 0x01cc1f8d64372ea6 Faulting application path: C:\Program Files\Skype\Phone\Skype.exe
Faulting
module path: unknown Report Id: a4449d15-8b80-11e0-b5ec-0026b9d183cc

Error - 5/31/2011 8:28:54 AM | Computer Name = asta-PC | Source = Windows Backup | ID = 4104
Description =

Error - 5/31/2011 8:29:53 AM | Computer Name = asta-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16766,
time stamp: 0x4d65d5c3 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0xc0850000 Faulting process id:
0x1f9c Faulting application start time: 0x01cc1f8e07c41bac Faulting application path:
C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: unknown Report
Id: adb98feb-8b81-11e0-94a5-0026b9d183cc

Error - 5/31/2011 8:30:20 AM | Computer Name = asta-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16766,
time stamp: 0x4d65d5c3 Faulting module name: ntdll.dll, version: 6.1.7600.16695,
time stamp: 0x4cc7ab44 Exception code: 0xc0000005 Fault offset: 0x00052016 Faulting
process id: 0x1f9c Faulting application start time: 0x01cc1f8e07c41bac Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: bf242fed-8b81-11e0-94a5-0026b9d183cc

Error - 5/31/2011 8:43:05 AM | Computer Name = asta-PC | Source = EventSystem | ID = 4622
Description =

[ System Events ]
Error - 6/4/2011 10:53:18 PM | Computer Name = asta-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%2

Error - 6/4/2011 10:55:06 PM | Computer Name = asta-PC | Source = DCOM | ID = 10010
Description =

Error - 6/4/2011 10:55:06 PM | Computer Name = asta-PC | Source = Service Control Manager | ID = 7022
Description = The IHA_MessageCenter service hung on starting.

Error - 6/4/2011 11:12:31 PM | Computer Name = asta-PC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 6/4/2011 11:12:47 PM | Computer Name = asta-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%3

Error - 6/4/2011 11:14:33 PM | Computer Name = asta-PC | Source = Service Control Manager | ID = 7022
Description = The IHA_MessageCenter service hung on starting.

Error - 6/4/2011 11:14:35 PM | Computer Name = asta-PC | Source = DCOM | ID = 10010
Description =

Error - 6/5/2011 11:24:40 AM | Computer Name = asta-PC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 6/5/2011 11:24:56 AM | Computer Name = asta-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%3

Error - 6/5/2011 11:26:29 AM | Computer Name = asta-PC | Source = Service Control Manager | ID = 7022
Description = The IHA_MessageCenter service hung on starting.

< End of report >

#5
Render

Posted 11 June 2011 - 08:24 AM

Trusted Helper

Malware Removal
4,195 posts

Hi, 18928! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
Please reply within 3 days to be fair to other people asking for help.
When in doubt, please stop and ask first. There's no harm in asking questions!

Sorry for the delay.

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Step 1

Download RogueKiller to your desktop

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 1 and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Step 2

Please download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it.
Click the Scan button to start scan.
On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 3

Posted Image

OTL Custom Scan

Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Under the Extra Registry section, check Use SafeList
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:

contents of the RKreport.txt
aswMBR log
OTL scan log
Extras log

#6
18928

Posted 11 June 2011 - 09:04 AM

Member

Topic Starter
Member
41 posts

Hello Render, thank you for helping me.
Here's the info:
Step 1:

RogueKiller V5.2.2 [06/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: asta [Admin rights]
Mode: Scan -- Date : 06/11/2011 10:30:41

Bad processes: 1
[SUSP PATH] Skype.exe -- c:\users\asta\desktop\skype.exe -> KILLED

Registry Entries: 14
[SUSP PATH] HKCU\[...]\Run : Skype ("C:\Users\asta\Desktop\Skype.exe" /nosplash /minimized) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3353683146-4250850509-2122086200-1000[...]\Run : Skype ("C:\Users\asta\Desktop\Skype.exe" /nosplash /minimized) -> FOUND
[SUSP PATH] {058B3A4B-1196-4166-9FC2-1A59E42D242F}.job : c:\users\asta\desktop\tdsskiller\tdsskiller.exe -> FOUND
[SUSP PATH] {E5263B04-EA02-462E-82B5-8EED453FB597}.job : c:\users\asta\desktop\tdsskiller\tdsskiller.exe -> FOUND
[SUSP PATH] setup_9.0.0.722_06.06.2011_01-08[1].lnk : C:\Users\asta\Desktop\Virus Removal Tool\setup_9.0.0.722_06.06.2011_01-08[1]\startup.exe -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

HOSTS File:

Finished : << RKreport[1].txt >>
RKreport[1].txt

Step 2:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-11 10:32:45
-----------------------------
10:32:45.383 OS Version: Windows 6.1.7600
10:32:45.383 Number of processors: 4 586 0x2502
10:32:45.385 ComputerName: ASTA-PC UserName: asta
10:32:59.946 Initialize success
10:33:33.063 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:33:33.067 Disk 0 Vendor: ST925041 D005 Size: 238475MB BusType: 8
10:33:33.077 Disk 0 MBR read successfully
10:33:33.081 Disk 0 MBR scan
10:33:33.085 Disk 0 Windows 7 default MBR code
10:33:33.091 Disk 0 scanning sectors +488394752
10:33:33.133 Disk 0 scanning C:\Windows\system32\drivers
10:33:39.326 Service scanning
10:33:43.403 Disk 0 trace - called modules:
10:33:43.415 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x887821ed]<<
10:33:43.422 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88752030]
10:33:43.429 3 CLASSPNP.SYS[8c38159e] -> nt!IofCallDriver -> [0x88751380]
10:33:43.434 \Driver\stdflt[0x86ce3f38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x887821ed
10:33:43.439 Scan finished successfully
10:34:22.303 Disk 0 MBR has been saved successfully to "C:\Users\asta\Desktop\MBR.dat"
10:34:22.308 The log file has been saved successfully to "C:\Users\asta\Desktop\log.txt"

OTL is not working. I ran it multiple times and it freezes on scanning XAudio

#7
Render

Posted 11 June 2011 - 09:23 AM

Trusted Helper

Malware Removal
4,195 posts

On your desktop should be a file MBR.dat.
Right-click that file, point to Send To, and then click Compressed (zipped) Folder.
A new compressed file is created.
Please attach that file in your next reply.

How to add an attachment to a new topic or reply

#8
18928

Posted 11 June 2011 - 09:35 AM

Member

Topic Starter
Member
41 posts

Here it is

Attached Files

MBR.zip 574bytes 73 downloads

#9
Render

Posted 11 June 2011 - 11:00 AM

Trusted Helper

Malware Removal
4,195 posts

Please follow these steps:

Step 1

Quit all running programs and run RogueKiller once again.

For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 2 and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Step 2

Please uninstall IspAssistant-Mp3Tube, ShopperReports and Search Toolbar.

How to unistall program in Windows 7:

Open Programs and Features by clicking the Start button , clicking Control Panel, clicking Programs, and then clicking Programs and Features.
Select a program(s) listed above, and then click Uninstall. Some programs include the option to change or repair the program in addition to uninstalling it. But many simply offer the option to uninstall. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Step 3

We need to run an OTL Fix

Please right click on on your desktop and click on Run as administrator.
Under the Custom Scans/Fixes box copy and paste this in:

:OTL
O2 - BHO: (ShopperReports) - {100EB1FD-D03E-47fd-81F3-EE91287F9465} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll (SmartShopper Inc.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O9 - Extra Button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll (SmartShopper Inc.)
O9 - Extra Button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll (SmartShopper Inc.)
[2011/06/04 23:03:06 | 000,000,000 | ---D | C] -- C:\Users\asta\AppData\Roaming\Error Fix
[2011/06/04 23:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\Error Fix
[2011/05/25 09:19:30 | 000,000,000 | ---D | C] -- C:\bc259d1509c64b8bda09048185
[2011/05/28 09:41:30 | 000,000,136 | ---- | M] () -- C:\ProgramData\~28368632r
[2011/05/28 09:41:30 | 000,000,104 | ---- | M] () -- C:\ProgramData\~28368632
[2011/05/28 09:41:24 | 000,000,352 | ---- | M] () -- C:\ProgramData\28368632
[2011/05/24 16:07:09 | 000,000,144 | ---- | M] () -- C:\ProgramData\~33545976r
[2011/05/24 16:07:09 | 000,000,112 | ---- | M] () -- C:\ProgramData\~33545976
[2011/05/24 16:06:47 | 000,000,344 | ---- | M] () -- C:\ProgramData\33545976

:Files
ipconfig /flushdns /c

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
Click on button.
OTL may ask to reboot the machine. Please do so if asked.
Click on button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 4

Posted Image

OTL Custom Scan

Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt in Notepad window.
Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

When completed the above, please post back the following in the order asked for:

contents of the RKreport.txt
OTL fix log
OTL scan log

#10
18928

Posted 11 June 2011 - 11:59 AM

Member

Topic Starter
Member
41 posts

RogueKiller V5.2.2 [06/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: asta [Admin rights]
Mode: Remove -- Date : 06/11/2011 13:08:26

Bad processes: 0

Registry Entries: 13
[SUSP PATH] HKCU\[...]\Run : Skype ("C:\Users\asta\Desktop\Skype.exe" /nosplash /minimized) -> DELETED
[SUSP PATH] {058B3A4B-1196-4166-9FC2-1A59E42D242F}.job : c:\users\asta\desktop\tdsskiller\tdsskiller.exe -> DELETED
[SUSP PATH] {E5263B04-EA02-462E-82B5-8EED453FB597}.job : c:\users\asta\desktop\tdsskiller\tdsskiller.exe -> DELETED
[SUSP PATH] setup_9.0.0.722_06.06.2011_01-08[1].lnk : C:\Users\asta\Desktop\Virus Removal Tool\setup_9.0.0.722_06.06.2011_01-08[1]\startup.exe -> DELETED
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\Users\asta\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

HOSTS File:

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Step 2 those programs are not on the list, so I can't uninstall them.
Step 3 and 4 feezing up it says it's not responding.

#11
Render

Posted 11 June 2011 - 12:13 PM

Trusted Helper

Malware Removal
4,195 posts

Are you able to run AVG and perform virus scan?

#12
18928

Posted 11 June 2011 - 12:21 PM

Member

Topic Starter
Member
41 posts

yes, I did it couple times and it can't find anything wrong

#13
18928

Posted 11 June 2011 - 12:26 PM

Member

Topic Starter
Member
41 posts

I'm running it now 12 threats found so far

#14
Render

Posted 11 June 2011 - 12:30 PM

Trusted Helper

Malware Removal
4,195 posts

OK. When finished please post also AVG log and then do the following:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
```
:filefind
volsnap.*
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

#15
18928

Posted 11 June 2011 - 01:21 PM

Member

Topic Starter
Member
41 posts

AVG is finished, but I can't attach the results.

Here's the Systemlook result.

SystemLook 04.09.10 by jpshortstuff
Log created at 15:10 on 11/06/2011 by asta
Administrator - Elevation successful

========== filefind ==========

Searching for "volsnap.*"
C:\Windows\inf\volsnap.inf --a---- 1666 bytes [04:51 14/07/2009] [04:51 14/07/2009] 0513FB1D99C3313A55B8C7F378AB5714
C:\Windows\inf\volsnap.PNF --a---- 5096 bytes [04:38 14/07/2009] [23:59 25/06/2010] EE7FB84D064F2EA30F260BD3F25A39DF
C:\Windows\System32\drivers\volsnap.sys --a---- 245328 bytes [23:11 13/07/2009] [01:19 14/07/2009] 58DF9D2481A56EDDE167E51B334D44FD
C:\Windows\System32\drivers\en-US\volsnap.sys.mui --a---- 23552 bytes [04:55 14/07/2009] [02:03 14/07/2009] 747EC73A2F1046431763323C1E26F017
C:\Windows\System32\DriverStore\en-US\volsnap.inf_loc --a---- 198 bytes [04:55 14/07/2009] [02:04 14/07/2009] F040058B592FE682204B2FC15DDEAC0D
C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_x86_neutral_42f862e05fcb0306\volsnap.inf --a---- 1666 bytes [20:21 13/07/2009] [20:21 13/07/2009] 0513FB1D99C3313A55B8C7F378AB5714
C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_x86_neutral_42f862e05fcb0306\volsnap.PNF --a---- 5096 bytes [04:51 14/07/2009] [23:59 25/06/2010] 80431B9D6F61CE42F5051128DFAE1036
C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys --a---- 245328 bytes [23:11 13/07/2009] [01:19 14/07/2009] 58DF9D2481A56EDDE167E51B334D44FD
C:\Windows\winsxs\x86_volsnap.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_13398118e291963b\volsnap.inf_loc --a---- 198 bytes [04:55 14/07/2009] [02:04 14/07/2009] F040058B592FE682204B2FC15DDEAC0D
C:\Windows\winsxs\x86_volsnap.inf_31bf3856ad364e35_6.1.7600.16385_none_6d76054c9136060d\volsnap.inf --a---- 1666 bytes [20:21 13/07/2009] [20:21 13/07/2009] 0513FB1D99C3313A55B8C7F378AB5714
C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7afca05c2148f2a6\volsnap.sys.mui --a---- 23552 bytes [04:55 14/07/2009] [02:03 14/07/2009] 747EC73A2F1046431763323C1E26F017
C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys --a---- 245328 bytes [23:11 13/07/2009] [01:19 14/07/2009] 58DF9D2481A56EDDE167E51B334D44FD

-= EOF =-