Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Persistent, Recurring Rootkit Malware Attack Disables the Following: A

Started by RobAnderson , Jul 01 2011 09:59 PM

  • This topic is locked This topic is locked

#1
RobAnderson
Posted 01 July 2011 - 09:59 PM

RobAnderson

    New Member

  • Member
  • Pip
  • 5 posts
Hi There,

Thanks in advance for any help you can offer. If you can help me clean this horror show off my drive without my having to re-install Windows 7 (which has happened twice already in the past), you'll save my life.

Point of Infection:

I spend all of my surf time at Starbuck's, and I believe this malware is coming from their network.

Symptoms of Infection:

The following programs/apps will no longer function -
*Microsoft Office (all programs)
*Adobe Acrobat (only when attempting to create a PDF or read a PDF on-line)
*Any and all Facebook game apps (gui buttons become unclickable, but java applets still running and showing button effects upon mouse-over)
*Downloaders for ANY large files (50mb or more - essentially the download managers won't load).
*Any and all anti-virus/malware/spybot programs

Error messages from download sites reference something called "*Server.exe" (couldn't get screen capture, sorry)

(please see attachments for error messages)


Apps Running to Stop It:

*Firefox (latest version)
-NoScript (latest)
-Ghoster (latest)
-AdBlockPlus (latest)
*Avast Anti-Virus (identifies it as a rootkit, says it has deleted it but doesn't)
*IObit 360 (doesn't see it)
*IObit Anti-Malware (identifies it as a rootkit, can't delete it)
*Spybot Anti-Spyware (doesn't see it)

Note: I am running the free versions of all of the above.

Note: Windows System Restore does not remove it.

History:

I first contracted this malware in January, and had to re-install Windows 7 after three weeks of [bleep]. In that case it took just over a week for the full infection to take hold. The second time was in March, and it took over a month for the full infection to take hold. The latest instance was yesterday (06/30/11), and it took less than 24 hours for the full infection to take hold.

Conjecture:

I think this thing is androiding my laptop. That's the only thing that makes sense. It disables anything and everything that might disrupt or burden wifi network connectivity so it has a free hand to use the connection for its own purposes.

OTL Logs:

OTL logfile created on: 7/1/2011 8:23:27 PM - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Robert A\Downloads
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 41.19% Memory free
3.50 Gb Paging File | 2.19 Gb Available in Paging File | 62.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.33 Gb Total Space | 161.03 Gb Free Space | 72.10% Space Free | Partition Type: NTFS
Drive F: | 1.46 Gb Total Space | 1.28 Gb Free Space | 87.67% Space Free | Partition Type: NTFS

Computer Name: ROBERTA-PC | User Name: Robert A | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/01 20:20:54 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Robert A\Downloads\OTL.exe
PRC - [2011/07/01 12:45:42 | 000,583,680 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessLasso.exe
PRC - [2011/07/01 12:44:46 | 000,307,712 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessGovernor.exe
PRC - [2011/06/23 19:03:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/02 06:15:56 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/05/10 05:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/05/03 08:41:16 | 004,993,776 | ---- | M] (MooSoft Development LLC) -- C:\Program Files\The Cleaner\tcap.exe
PRC - [2011/04/21 16:54:40 | 000,402,832 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/11 13:45:54 | 001,295,736 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/11/25 18:50:10 | 002,011,205 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files\Software Informer\softinfo.exe
PRC - [2009/08/18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/13 18:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2006/10/22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2011/07/01 20:20:54 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Robert A\Downloads\OTL.exe
MOD - [2011/05/10 05:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/16 20:19:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/05 12:15:18 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/06/11 19:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV - [2011/06/06 06:17:53 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 04:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/11/26 19:02:22 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/29 10:06:58 | 000,254,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2009/08/18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/08/22 11:28:32 | 000,333,824 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2008/07/01 11:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2007/11/09 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A 27 3D 1E 47 13 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}:3.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.2
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.79
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.2.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.5.2

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/01 19:22:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/01 19:20:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011/06/12 06:20:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 12\components [2011/06/02 06:16:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 19:03:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/02 06:16:45 | 000,000,000 | ---D | M]

[2011/03/05 11:43:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert A\AppData\Roaming\Mozilla\Extensions
[2011/07/01 19:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert A\AppData\Roaming\Mozilla\Firefox\Profiles\ago84l0i.default\extensions
[2011/03/05 11:55:50 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Robert A\AppData\Roaming\Mozilla\Firefox\Profiles\ago84l0i.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/03/19 16:51:54 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Robert A\AppData\Roaming\Mozilla\Firefox\Profiles\ago84l0i.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2011/03/24 18:36:05 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Robert A\AppData\Roaming\Mozilla\Firefox\Profiles\ago84l0i.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011/06/23 19:03:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Robert A\AppData\Roaming\Mozilla\Firefox\Profiles\ago84l0i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/19 16:51:51 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Robert A\AppData\Roaming\Mozilla\Firefox\Profiles\ago84l0i.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/03/05 11:55:50 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Robert A\AppData\Roaming\Mozilla\Firefox\Profiles\ago84l0i.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011/04/21 20:09:16 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Robert A\AppData\Roaming\Mozilla\Firefox\Profiles\ago84l0i.default\extensions\[email protected]
[2011/07/01 19:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert A\AppData\Roaming\Mozilla\Firefox\Profiles\ago84l0i.default\extensions\staged
[2011/03/19 16:51:57 | 000,000,000 | ---D | M] (VideoSurf Videos at a Glance) -- C:\Users\Robert A\AppData\Roaming\Mozilla\Firefox\Profiles\ago84l0i.default\extensions\[email protected]
[2011/03/26 15:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\ROBERT A\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AGO84L0I.DEFAULT\EXTENSIONS\{1A0C9EBE-DDF9-4B76-B8A3-675C77874D37}.XPI
() (No name found) -- C:\USERS\ROBERT A\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AGO84L0I.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ROBERT A\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AGO84L0I.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\USERS\ROBERT A\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AGO84L0I.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ROBERT A\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AGO84L0I.DEFAULT\EXTENSIONS\{D9284E50-81FC-11DA-A72B-0800200C9A66}.XPI
() (No name found) -- C:\USERS\ROBERT A\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AGO84L0I.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
() (No name found) -- C:\USERS\ROBERT A\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AGO84L0I.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ROBERT A\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AGO84L0I.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ROBERT A\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AGO84L0I.DEFAULT\EXTENSIONS\[email protected]
[2011/06/23 19:03:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [FreeApp] C:\Program Files\FreeApps\FreeApps.exe (VTools)
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrivesInSendToMenu = 1
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8d98f1e4-4757-11e0-9014-705ab687c4db}\Shell - "" = AutoRun
O33 - MountPoints2\{8d98f1e4-4757-11e0-9014-705ab687c4db}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{c39efcca-477c-11e0-93ff-705ab687c4db}\Shell - "" = AutoRun
O33 - MountPoints2\{c39efcca-477c-11e0-93ff-705ab687c4db}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/01 20:10:12 | 000,000,000 | ---D | C] -- C:\Users\Robert A\AppData\Roaming\4Media
[2011/07/01 11:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2011/06/19 21:19:11 | 000,000,000 | ---D | C] -- C:\Users\Robert A\AppData\Local\{04B4F983-FF8C-454E-BEE5-440E1594BB0E}
[2011/06/19 21:06:40 | 000,000,000 | ---D | C] -- C:\Users\Robert A\AppData\Local\Freemake
[2011/06/19 20:51:27 | 000,000,000 | ---D | C] -- C:\Users\Robert A\AppData\Local\{40BE098E-535C-4841-A3BE-4418C18D6F13}
[2011/06/19 20:49:21 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/06/19 20:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/06/19 20:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/06/19 11:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Toshiba
[2011/06/19 11:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
[2011/06/19 11:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\TOSHIBA
[2011/06/19 11:30:52 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/06/19 11:30:04 | 000,000,000 | ---D | C] -- C:\Users\Robert A\AppData\Roaming\InstallShield
[2011/06/19 11:29:57 | 000,000,000 | ---D | C] -- C:\Users\Robert A\AppData\Roaming\WinBatch
[2011/06/15 05:57:20 | 000,000,000 | ---D | C] -- C:\Users\Robert A\AppData\Roaming\Auslogics
[2011/06/15 05:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/06/12 06:20:53 | 000,000,000 | ---D | C] -- C:\Users\Robert A\Documents\Freemake
[2011/06/12 06:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2011/06/12 06:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2011/06/08 06:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ProcessLasso
[2011/06/08 06:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso
[2011/06/08 06:35:30 | 000,000,000 | ---D | C] -- C:\Users\Robert A\AppData\Roaming\ProcessLasso
[2011/06/08 06:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Process Lasso
[2011/06/07 09:18:27 | 000,000,000 | ---D | C] -- C:\Users\Robert A\Desktop\Abraxas Work
[2011/06/06 07:14:03 | 000,000,000 | ---D | C] -- C:\Users\Robert A\AppData\Local\Google
[2011/06/06 06:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2011/06/06 06:17:53 | 000,231,248 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2011/06/06 06:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2011/06/02 06:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/06/02 06:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/06/02 06:15:58 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll

========== Files - Modified Within 30 Days ==========

[2011/07/01 20:19:05 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-330387234-3590394992-3727971401-1000UA.job
[2011/07/01 20:10:09 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/01 20:10:09 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/01 19:41:39 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/01 19:41:39 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/01 19:26:28 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/07/01 19:26:26 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/07/01 19:26:19 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job
[2011/07/01 19:21:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/01 19:21:46 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/28 10:44:00 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\AWC Update.job
[2011/06/25 07:19:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-330387234-3590394992-3727971401-1000Core.job
[2011/06/23 19:21:35 | 000,001,994 | ---- | M] () -- C:\Users\Robert A\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/20 16:00:05 | 000,218,765 | ---- | M] () -- C:\Users\Robert A\Desktop\Moving Job_06-20-11.jpg
[2011/06/19 20:47:55 | 000,000,020 | ---- | M] () -- C:\Windows\´öc
[2011/06/19 20:31:22 | 006,706,968 | ---- | M] () -- C:\Users\Robert A\Desktop\dwyer.mpg
[2011/06/12 06:20:47 | 000,001,278 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2011/06/08 20:50:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/06/06 06:17:57 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2011/06/06 06:17:53 | 000,231,248 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2011/06/02 06:16:36 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/06/02 06:15:58 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll

========== Files Created - No Company Name ==========

[2011/06/20 16:00:04 | 000,218,765 | ---- | C] () -- C:\Users\Robert A\Desktop\Moving Job_06-20-11.jpg
[2011/06/19 20:48:37 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/06/19 20:48:08 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/06/19 20:47:54 | 000,000,020 | ---- | C] () -- C:\Windows\´öc
[2011/06/19 20:31:54 | 006,706,968 | ---- | C] () -- C:\Users\Robert A\Desktop\dwyer.mpg
[2011/06/12 06:20:47 | 000,001,278 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2011/06/08 20:50:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/06/06 07:14:15 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-330387234-3590394992-3727971401-1000UA.job
[2011/06/06 07:14:12 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-330387234-3590394992-3727971401-1000Core.job
[2011/06/06 06:17:57 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2011/06/02 06:16:36 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/05/21 14:46:36 | 000,162,112 | ---- | C] () -- C:\Windows\DP Animation Maker Uninstaller.exe
[2011/05/03 17:37:57 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.245548635012626446356421263181
[2011/05/03 17:32:43 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
[2011/05/03 17:29:59 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105
[2011/04/16 20:02:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/03/05 21:06:01 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/03/05 12:46:11 | 000,028,496 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/03/05 12:46:11 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/03/05 12:39:06 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/03/05 11:21:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/15 05:46:02 | 014,135,296 | ---- | C] () -- C:\Windows\System32\common_res.dll
[2010/09/06 14:50:23 | 000,000,753 | ---- | C] () -- C:\Windows\System32\RTSLCS.dll
[2010/09/02 00:33:54 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2010/09/02 00:32:52 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 000,410,344 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/18 20:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/07/01 20:10:12 | 000,000,000 | ---D | M] -- C:\Users\Robert A\AppData\Roaming\4Media
[2011/06/15 06:00:46 | 000,000,000 | ---D | M] -- C:\Users\Robert A\AppData\Roaming\Auslogics
[2011/05/03 17:38:13 | 000,000,000 | ---D | M] -- C:\Users\Robert A\AppData\Roaming\Final Draft
[2011/07/01 19:20:46 | 000,000,000 | ---D | M] -- C:\Users\Robert A\AppData\Roaming\IObit
[2011/04/10 17:28:12 | 000,000,000 | ---D | M] -- C:\Users\Robert A\AppData\Roaming\Leawo
[2011/04/10 17:28:12 | 000,000,000 | ---D | M] -- C:\Users\Robert A\AppData\Roaming\Moyea
[2011/04/10 17:28:12 | 000,000,000 | ---D | M] -- C:\Users\Robert A\AppData\Roaming\PPT2DVD
[2011/06/08 09:34:16 | 000,000,000 | ---D | M] -- C:\Users\Robert A\AppData\Roaming\ProcessLasso
[2011/07/01 19:27:52 | 000,000,000 | ---D | M] -- C:\Users\Robert A\AppData\Roaming\Software Informer
[2011/04/04 18:30:07 | 000,000,000 | ---D | M] -- C:\Users\Robert A\AppData\Roaming\thecleaner
[2011/03/22 18:32:22 | 000,000,000 | ---D | M] -- C:\Users\Robert A\AppData\Roaming\WaveMax Sound Editor
[2011/06/19 11:29:57 | 000,000,000 | ---D | M] -- C:\Users\Robert A\AppData\Roaming\WinBatch
[2011/07/01 19:26:19 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\AWC AutoSweep.job
[2011/06/28 10:44:00 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\AWC Update.job
[2011/06/02 13:37:32 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >

Attached Thumbnails

  • Adobe Acrobat Error.jpg
  • Adobe Acrobat Message 2.jpg
  • Office-Word Error Message.jpg

  • 0

Advertisements

#2
Essexboy
Posted 02 July 2011 - 10:13 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there this looks a tad unusual - let see if I can find out what is amiss

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/05/03 17:37:57 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.245548635012626446356421263181
    [2011/05/03 17:32:43 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
    [2011/05/03 17:29:59 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
RobAnderson
Posted 02 July 2011 - 12:58 PM

RobAnderson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Essex,

Here's the log from OTL:

OTL logfile created on: 7/2/2011 10:45:16 AM - Run 2
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Robert A\Downloads
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 38.53% Memory free
3.50 Gb Paging File | 2.22 Gb Available in Paging File | 63.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.33 Gb Total Space | 163.59 Gb Free Space | 73.25% Space Free | Partition Type: NTFS
Drive F: | 1.46 Gb Total Space | 1.28 Gb Free Space | 87.67% Space Free | Partition Type: NTFS

Computer Name: ROBERTA-PC | User Name: Robert A | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/01 20:20:54 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Robert A\Downloads\OTL.exe
PRC - [2011/07/01 12:45:42 | 000,583,680 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessLasso.exe
PRC - [2011/07/01 12:44:46 | 000,307,712 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessGovernor.exe
PRC - [2011/06/23 19:03:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/02 06:15:56 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/05/10 05:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/05/03 08:41:16 | 004,993,776 | ---- | M] (MooSoft Development LLC) -- C:\Program Files\The Cleaner\tcap.exe
PRC - [2011/04/21 16:54:40 | 000,402,832 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/11 13:45:54 | 001,295,736 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/11/25 18:50:10 | 002,011,205 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files\Software Informer\softinfo.exe
PRC - [2009/08/18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2006/10/22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2011/07/01 20:20:54 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Robert A\Downloads\OTL.exe
MOD - [2011/05/10 05:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/16 20:19:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/05 12:15:18 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/06/11 19:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV - [2011/06/06 06:17:53 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 04:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/11/26 19:02:22 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/29 10:06:58 | 000,254,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2009/08/18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/08/22 11:28:32 | 000,333,824 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2008/07/01 11:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2007/11/09 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A 27 3D 1E 47 13 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}:3.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.2
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.79
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.2.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.5.2

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/01 19:22:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/01 19:20:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011/06/12 06:20:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 12\components [2011/06/02 06:16:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 19:03:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/02 06:16:45 | 000,000,000 | ---D | M]

[2011/03/05 11:43:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert A\AppData\Roaming\Mozilla\Extensions
[2011/07/02 07:12:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert A\AppData\Roaming\Mozilla\Firefox\Profiles\ago84l0i.default\extensions
[2011/03/05 11:55:50 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Robert A\AppData\Roaming\Mozilla\Firefox\Profiles\ago84l0i.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/03/19 16:51:54 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Robert A\AppData\Roaming\Mozilla\Firefox\Profiles\ago84l0i.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2011/03/24 18:36:05 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Robert A\AppData\Roaming\Mozilla\Firefox\Profiles\ago84l0i.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011/06/23 19:03:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Robert A\AppData\Roaming\Mozilla\Firefox\Profiles\ago84l0i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/19 16:51:51 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Robert A\AppData\Roaming\Mozilla\Firefox\Profiles\ago84l0i.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/03/05 11:55:50 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Robert A\AppData\Roaming\Mozilla\Firefox\Profiles\ago84l0i.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011/04/21 20:09:16 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Robert A\AppData\Roaming\Mozilla\Firefox\Profiles\ago84l0i.default\extensions\[email protected]
[2011/03/19 16:51:57 | 000,000,000 | ---D | M] (VideoSurf Videos at a Glance) -- C:\Users\Robert A\AppData\Roaming\Mozilla\Firefox\Profiles\ago84l0i.default\extensions\[email protected]
[2011/03/26 15:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\ROBERT A\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AGO84L0I.DEFAULT\EXTENSIONS\{1A0C9EBE-DDF9-4B76-B8A3-675C77874D37}.XPI
() (No name found) -- C:\USERS\ROBERT A\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AGO84L0I.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ROBERT A\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AGO84L0I.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\USERS\ROBERT A\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AGO84L0I.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ROBERT A\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AGO84L0I.DEFAULT\EXTENSIONS\{D9284E50-81FC-11DA-A72B-0800200C9A66}.XPI
() (No name found) -- C:\USERS\ROBERT A\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AGO84L0I.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
() (No name found) -- C:\USERS\ROBERT A\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AGO84L0I.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ROBERT A\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AGO84L0I.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ROBERT A\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AGO84L0I.DEFAULT\EXTENSIONS\[email protected]
[2011/06/23 19:03:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/02 10:33:13 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [FreeApp] C:\Program Files\FreeApps\FreeApps.exe (VTools)
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrivesInSendToMenu = 1
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8d98f1e4-4757-11e0-9014-705ab687c4db}\Shell - "" = AutoRun
O33 - MountPoints2\{8d98f1e4-4757-11e0-9014-705ab687c4db}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{c39efcca-477c-11e0-93ff-705ab687c4db}\Shell - "" = AutoRun
O33 - MountPoints2\{c39efcca-477c-11e0-93ff-705ab687c4db}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/02 10:33:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/01 20:10:12 | 000,000,000 | ---D | C] -- C:\Users\Robert A\AppData\Roaming\4Media
[2011/07/01 11:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2011/06/19 21:19:11 | 000,000,000 | ---D | C] -- C:\Users\Robert A\AppData\Local\{04B4F983-FF8C-454E-BEE5-440E1594BB0E}
[2011/06/19 21:06:40 | 000,000,000 | ---D | C] -- C:\Users\Robert A\AppData\Local\Freemake
[2011/06/19 20:51:27 | 000,000,000 | ---D | C] -- C:\Users\Robert A\AppData\Local\{40BE098E-535C-4841-A3BE-4418C18D6F13}
[2011/06/19 20:49:21 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/06/19 20:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/06/19 20:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/06/19 11:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Toshiba
[2011/06/19 11:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
[2011/06/19 11:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\TOSHIBA
[2011/06/19 11:30:52 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/06/19 11:30:04 | 000,000,000 | ---D | C] -- C:\Users\Robert A\AppData\Roaming\InstallShield
[2011/06/19 11:29:57 | 000,000,000 | ---D | C] -- C:\Users\Robert A\AppData\Roaming\WinBatch
[2011/06/15 05:57:20 | 000,000,000 | ---D | C] -- C:\Users\Robert A\AppData\Roaming\Auslogics
[2011/06/15 05:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/06/12 06:20:53 | 000,000,000 | ---D | C] -- C:\Users\Robert A\Documents\Freemake
[2011/06/12 06:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2011/06/12 06:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2011/06/08 06:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ProcessLasso
[2011/06/08 06:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso
[2011/06/08 06:35:30 | 000,000,000 | ---D | C] -- C:\Users\Robert A\AppData\Roaming\ProcessLasso
[2011/06/08 06:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Process Lasso
[2011/06/07 09:18:27 | 000,000,000 | ---D | C] -- C:\Users\Robert A\Desktop\Abraxas Work
[2011/06/06 07:14:03 | 000,000,000 | ---D | C] -- C:\Users\Robert A\AppData\Local\Google
[2011/06/06 06:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2011/06/06 06:17:53 | 000,231,248 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2011/06/06 06:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt

========== Files - Modified Within 30 Days ==========

[2011/07/02 10:44:00 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\AWC Update.job
[2011/07/02 10:43:53 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/02 10:43:53 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/02 10:41:29 | 000,029,715 | ---- | M] () -- C:\Users\Robert A\Desktop\386-exe Error Message.jpg
[2011/07/02 10:36:45 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job
[2011/07/02 10:36:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/02 10:36:23 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/02 10:33:13 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/07/02 10:31:25 | 000,001,381 | ---- | M] () -- C:\Users\Robert A\Desktop\OTL - Shortcut.lnk
[2011/07/02 10:19:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-330387234-3590394992-3727971401-1000UA.job
[2011/07/02 07:19:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-330387234-3590394992-3727971401-1000Core.job
[2011/07/02 07:10:23 | 000,410,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/01 20:56:54 | 000,248,630 | ---- | M] () -- C:\Users\Robert A\Desktop\Adobe Acrobat Message 2.jpg
[2011/07/01 20:55:46 | 000,485,371 | ---- | M] () -- C:\Users\Robert A\Desktop\Office-Word Error Message.jpg
[2011/07/01 20:51:54 | 000,231,575 | ---- | M] () -- C:\Users\Robert A\Desktop\Adobe Acrobat Error.jpg
[2011/07/01 19:41:39 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/01 19:41:39 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/01 19:26:28 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/07/01 19:26:26 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/06/23 19:21:35 | 000,001,994 | ---- | M] () -- C:\Users\Robert A\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/20 16:00:05 | 000,218,765 | ---- | M] () -- C:\Users\Robert A\Desktop\Moving Job_06-20-11.jpg
[2011/06/19 20:47:55 | 000,000,020 | ---- | M] () -- C:\Windows\´öc
[2011/06/19 20:31:22 | 006,706,968 | ---- | M] () -- C:\Users\Robert A\Desktop\dwyer.mpg
[2011/06/12 06:20:47 | 000,001,278 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2011/06/08 20:50:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/06/06 06:17:57 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2011/06/06 06:17:53 | 000,231,248 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys

========== Files Created - No Company Name ==========

[2011/07/02 10:41:29 | 000,029,715 | ---- | C] () -- C:\Users\Robert A\Desktop\386-exe Error Message.jpg
[2011/07/02 10:31:25 | 000,001,381 | ---- | C] () -- C:\Users\Robert A\Desktop\OTL - Shortcut.lnk
[2011/07/01 20:56:54 | 000,248,630 | ---- | C] () -- C:\Users\Robert A\Desktop\Adobe Acrobat Message 2.jpg
[2011/07/01 20:55:46 | 000,485,371 | ---- | C] () -- C:\Users\Robert A\Desktop\Office-Word Error Message.jpg
[2011/07/01 20:51:54 | 000,231,575 | ---- | C] () -- C:\Users\Robert A\Desktop\Adobe Acrobat Error.jpg
[2011/06/20 16:00:04 | 000,218,765 | ---- | C] () -- C:\Users\Robert A\Desktop\Moving Job_06-20-11.jpg
[2011/06/19 20:48:37 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/06/19 20:48:08 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/06/19 20:47:54 | 000,000,020 | ---- | C] () -- C:\Windows\´öc
[2011/06/19 20:31:54 | 006,706,968 | ---- | C] () -- C:\Users\Robert A\Desktop\dwyer.mpg
[2011/06/12 06:20:47 | 000,001,278 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2011/06/08 20:50:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/06/06 07:14:15 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-330387234-3590394992-3727971401-1000UA.job
[2011/06/06 07:14:12 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-330387234-3590394992-3727971401-1000Core.job
[2011/06/06 06:17:57 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2011/05/21 14:46:36 | 000,162,112 | ---- | C] () -- C:\Windows\DP Animation Maker Uninstaller.exe
[2011/04/16 20:02:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/03/05 21:06:01 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/03/05 12:46:11 | 000,028,496 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/03/05 12:46:11 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/03/05 12:39:06 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/03/05 11:21:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/15 05:46:02 | 014,135,296 | ---- | C] () -- C:\Windows\System32\common_res.dll
[2010/09/06 14:50:23 | 000,000,753 | ---- | C] () -- C:\Windows\System32\RTSLCS.dll
[2010/09/02 00:33:54 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2010/09/02 00:32:52 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 000,410,344 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/18 20:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/07/01 20:10:12 | 000,000,000 | ---D | M] -- C:\Users\Robert A\AppData\Roaming\4Media
[2011/06/15 06:00:46 | 000,000,000 | ---D | M] -- C:\Users\Robert A\AppData\Roaming\Auslogics
[2011/05/03 17:38:13 | 000,000,000 | ---D | M] -- C:\Users\Robert A\AppData\Roaming\Final Draft
[2011/07/01 19:20:46 | 000,000,000 | ---D | M] -- C:\Users\Robert A\AppData\Roaming\IObit
[2011/04/10 17:28:12 | 000,000,000 | ---D | M] -- C:\Users\Robert A\AppData\Roaming\Leawo
[2011/04/10 17:28:12 | 000,000,000 | ---D | M] -- C:\Users\Robert A\AppData\Roaming\Moyea
[2011/04/10 17:28:12 | 000,000,000 | ---D | M] -- C:\Users\Robert A\AppData\Roaming\PPT2DVD
[2011/06/08 09:34:16 | 000,000,000 | ---D | M] -- C:\Users\Robert A\AppData\Roaming\ProcessLasso
[2011/07/02 10:38:43 | 000,000,000 | ---D | M] -- C:\Users\Robert A\AppData\Roaming\Software Informer
[2011/04/04 18:30:07 | 000,000,000 | ---D | M] -- C:\Users\Robert A\AppData\Roaming\thecleaner
[2011/03/22 18:32:22 | 000,000,000 | ---D | M] -- C:\Users\Robert A\AppData\Roaming\WaveMax Sound Editor
[2011/06/19 11:29:57 | 000,000,000 | ---D | M] -- C:\Users\Robert A\AppData\Roaming\WinBatch
[2011/07/02 10:36:45 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\AWC AutoSweep.job
[2011/07/02 10:44:00 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\AWC Update.job
[2011/06/02 13:37:32 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >


Here's the log from MBR:

3ÀŽÐ¼ |ŽÀŽØ¾ |¿ ¹ üó¤PhËû¹ ½¾€~ | …ƒÅâñ͈V UÆFÆF ´A»ªUÍ]rûUªu ÷Á tþFf`€~ t&fh fÿvh h |h h ´BŠV ‹ôÍŸƒÄžë¸» |ŠV ŠvŠNŠnÍfasþNu €~ €„Š ²€ë„U2äŠV Í]ëž>þ}Uªunÿv è uú°Ñædèƒ °ßæ`è| °ÿædèu û¸ »Íf#Àu;fûTCPAu2ùr,fh» fh  fh fSfSfUfh fh | fah ÍZ2öê | Í ·ë ¶ë µ2ä ‹ð¬< t » ´Íëòôëý+Éädë $àø$ÃInvalid partition table Error loading operating system Missing operating system c{š š š € ! 'þÿÿ  à. Y¿þÿÿ è. ¨ê Uª

The Save Log button produced a .dat file. Is that what you were expecting? The result was machine language and one error message. Speaking of which, I'm attaching another error message that started appearing yesterday every time I start or restart the laptop.

Attached Thumbnails

  • 386-exe Error Message.jpg

  • 0

#4
Essexboy
Posted 02 July 2011 - 01:14 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There should be an aswMBR.txt file on the desktop, the dat file is a direct read of your MBR

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#5
RobAnderson
Posted 02 July 2011 - 09:30 PM

RobAnderson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Essex,

Here is the aswMBR.txt:

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-07-02 10:51:34
-----------------------------
10:51:34.801 OS Version: Windows 6.1.7601 Service Pack 1
10:51:34.801 Number of processors: 1 586 0x301
10:51:34.804 ComputerName: ROBERTA-PC UserName: Robert A
10:51:37.496 Initialize success
10:51:38.579 AVAST engine defs: 11070200
10:51:56.141 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
10:51:56.148 Disk 0 Vendor: TOSHIBA_MK2555GSX FG001M Size: 238475MB BusType: 11
10:51:58.195 Disk 0 MBR read successfully
10:51:58.201 Disk 0 MBR scan
10:51:58.213 Disk 0 Windows 7 default MBR code
10:52:00.240 Disk 0 scanning sectors +471437312
10:52:00.288 Disk 0 scanning C:\Windows\system32\drivers
10:52:12.142 Service scanning
10:52:13.125 Disk 0 trace - called modules:
10:52:13.174 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
10:52:13.183 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8547e030]
10:52:13.190 3 CLASSPNP.SYS[881a959e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x853a1908]
10:52:13.843 AVAST engine scan C:\Windows
11:32:39.017 AVAST engine scan C:\Users\Robert A
11:37:23.133 AVAST engine scan C:\ProgramData
11:38:19.173 Scan finished successfully
11:52:27.632 Disk 0 MBR has been saved successfully to "C:\Users\Robert A\Desktop\MBR.dat"
11:52:27.642 The log file has been saved successfully to "C:\Users\Robert A\Desktop\aswMBR.txt"


Here is the Combio Log:

ComboFix 11-07-02.02 - Robert A 07/02/2011 20:10:10.1.1 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1790.778 [GMT -7:00]
Running from: c:\users\Robert A\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\7Loader.TAG
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))))
.
.
2011-07-03 03:17 . 2011-07-03 03:17 -------- d-----w- c:\users\Robert A\AppData\Local\temp
2011-07-03 03:17 . 2011-07-03 03:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-03 03:04 . 2011-07-03 03:08 -------- d-----w- C:\32788R22FWJFW
2011-07-02 17:33 . 2011-07-02 17:33 -------- d-----w- C:\_OTL
2011-07-02 03:10 . 2011-07-02 03:10 -------- d-----w- c:\users\Robert A\AppData\Roaming\4Media
2011-07-02 02:33 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{87F73AA3-8569-4841-B9DB-5E7C97B81E1A}\mpengine.dll
2011-07-02 02:33 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-07-02 02:33 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-07-02 02:33 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-07-02 02:32 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-07-02 02:32 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-07-02 02:32 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
2011-07-02 02:32 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-07-02 02:32 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-07-02 02:32 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-07-02 02:32 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-28 15:44 . 2011-06-28 15:44 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-06-24 03:11 . 2011-06-28 15:45 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-06-24 03:10 . 2011-06-28 15:44 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-06-24 03:10 . 2011-06-28 15:44 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-06-24 02:03 . 2011-06-24 02:03 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-24 02:03 . 2011-06-24 02:03 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-20 04:19 . 2011-06-20 04:19 -------- d-----w- c:\users\Robert A\AppData\Local\{04B4F983-FF8C-454E-BEE5-440E1594BB0E}
2011-06-20 04:06 . 2011-06-20 04:06 -------- d-----w- c:\users\Robert A\AppData\Local\Freemake
2011-06-20 03:51 . 2011-06-20 03:51 -------- d-----w- c:\users\Robert A\AppData\Local\{40BE098E-535C-4841-A3BE-4418C18D6F13}
2011-06-20 03:49 . 2011-06-20 03:49 -------- d-----w- c:\windows\en
2011-06-20 03:47 . 2011-06-20 03:47 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-06-20 03:46 . 2011-06-20 03:47 -------- d-----w- c:\program files\Windows Live
2011-06-20 03:39 . 2011-06-27 17:31 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-06-20 03:39 . 2011-06-27 16:27 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-06-20 03:37 . 2011-06-27 16:25 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-06-20 03:37 . 2011-06-20 03:37 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-19 18:31 . 2011-06-19 18:31 -------- d-----w- c:\programdata\Toshiba
2011-06-19 18:30 . 2011-06-19 18:30 -------- d-----w- c:\program files\TOSHIBA
2011-06-19 18:30 . 2011-06-19 18:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2011-06-19 18:30 . 2011-06-19 18:30 -------- d-----w- c:\users\Robert A\AppData\Roaming\InstallShield
2011-06-19 18:29 . 2011-06-19 18:29 -------- d-----w- c:\users\Robert A\AppData\Roaming\WinBatch
2011-06-16 13:13 . 2011-04-25 04:31 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 13:13 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 13:13 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 13:13 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 13:13 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 12:57 . 2011-06-15 13:00 -------- d-----w- c:\users\Robert A\AppData\Roaming\Auslogics
2011-06-12 13:20 . 2011-06-12 13:20 -------- d-----w- c:\program files\Freemake
2011-06-08 13:36 . 2011-06-08 13:36 -------- d-----w- c:\programdata\ProcessLasso
2011-06-08 13:35 . 2011-07-02 02:33 -------- d-----w- c:\program files\Process Lasso
2011-06-08 13:35 . 2011-06-08 16:34 -------- d-----w- c:\users\Robert A\AppData\Roaming\ProcessLasso
2011-06-06 14:14 . 2011-06-06 14:15 -------- d-----w- c:\users\Robert A\AppData\Local\Google
2011-06-06 13:17 . 2011-06-06 13:17 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2011-06-06 13:17 . 2011-06-06 13:17 -------- d-----w- c:\program files\TrueCrypt
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 19:16 . 2011-05-23 15:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 13:15 . 2011-03-05 19:33 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-06-02 13:15 . 2011-03-05 19:33 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-25 02:14 . 2011-03-05 18:55 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-21 21:46 . 2011-05-21 21:46 162112 ----a-w- c:\windows\DP Animation Maker Uninstaller.exe
2011-05-10 16:01 . 2011-02-15 12:46 14135296 ----a-w- c:\windows\system32\common_res.dll
2011-05-10 12:10 . 2011-03-05 20:42 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2011-03-05 20:42 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-03-05 20:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2011-03-05 20:43 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2011-03-05 20:43 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2011-03-05 20:43 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2011-03-05 20:43 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2011-03-05 20:43 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-04 00:29 . 2011-05-04 00:29 51712 ----a-r- c:\users\Robert A\AppData\Roaming\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D174.exe
2011-05-04 00:29 . 2011-05-04 00:29 51712 ----a-r- c:\users\Robert A\AppData\Roaming\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D173.exe
2011-05-04 00:29 . 2011-05-04 00:29 51712 ----a-r- c:\users\Robert A\AppData\Roaming\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D172.exe
2011-05-04 00:29 . 2011-05-04 00:29 27648 ----a-r- c:\users\Robert A\AppData\Roaming\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D171.exe
2011-04-22 22:52 . 2011-04-22 22:52 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-22 22:52 . 2011-04-22 22:52 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-04-22 19:14 . 2011-05-27 00:23 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 06:02 . 2011-05-12 00:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-12 00:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-15 19:59 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-06-24 02:03 . 2011-03-26 22:04 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-11-26 2011205]
"FreeApp"="c:\program files\FreeApps\FreeApps.exe" [2011-03-05 814496]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-21 402832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-12 1280344]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"TkBellExe"="c:\program files\Real\realplayer\update\realsched.exe" [2011-06-02 273544]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000003}\_SC_Acrobat.exe [2011-4-16 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-12 312152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2010-04-29 254720]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 398720]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-05 1343400]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-27 15672]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-330387234-3590394992-3727971401-1000Core.job
- c:\users\Robert A\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-06 14:13]
.
2011-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-330387234-3590394992-3727971401-1000UA.job
- c:\users\Robert A\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-06 14:13]
.
.
------- Supplementary Scan -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.5.1
FF - ProfilePath - c:\users\Robert A\AppData\Roaming\Mozilla\Firefox\Profiles\ago84l0i.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,6e,45,80,60,67,8c,4b,89,2f,ed,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,6e,45,80,60,67,8c,4b,89,2f,ed,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-02 20:20:29
ComboFix-quarantined-files.txt 2011-07-03 03:20
.
Pre-Run: 175,510,953,984 bytes free
Post-Run: 175,446,855,680 bytes free
.
- - End Of File - - 08C17CDEEE2B36C068670857BB669898

By the way, IOBit 360 has been disabled through the deletion of a key file. That's what that last error message means.
  • 0

#6
Essexboy
Posted 03 July 2011 - 03:05 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Running two antivirus programmes is not recommended as they will fight over file analysis

Could you please uninstall either Iobit or Avast

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#7
Essexboy
Posted 07 July 2011 - 10:35 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP