Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Critical disk error, many pop ups


  • This topic is locked This topic is locked

#1
jrdriv

jrdriv

    Member

  • Member
  • PipPip
  • 44 posts
Hello,

I have a lap top with widows Vista, and I am getting a pop up that is called, "Data Restore". It will not close, and it stays on top of any window. It is telling me to purchase the full version of the software to repair the detected errors. I do not know how to get rid of this, please help. Thanks in advance.

here is the log...

OTL logfile created on: 10/3/2011 9:07:09 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\marina p. babyy\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 451.07 Gb Total Space | 337.04 Gb Free Space | 74.72% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 8.54 Gb Free Space | 58.28% Space Free | Partition Type: NTFS
Drive F: | 298.02 Gb Total Space | 234.45 Gb Free Space | 78.67% Space Free | Partition Type: FAT32

Computer Name: MARINAPBABYY | User Name: marina p. babyy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/02 20:35:26 | 000,348,160 | -H-- | M] (Daniel Pistelli) -- C:\ProgramData\6DSS92c31Apgjk.exe
PRC - [2011/10/02 20:28:05 | 000,462,336 | -H-- | M] (Daniel Pistelli) -- C:\ProgramData\PbOVsnXuaBESx.exe
PRC - [2010/11/22 00:22:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\marina p. babyy\Desktop\OTL.exe
PRC - [2010/10/18 09:01:05 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/24 15:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/07/07 10:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/05/28 16:28:18 | 001,320,288 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2009/04/24 11:05:56 | 000,250,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
PRC - [2009/04/11 12:59:39 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/19 11:26:18 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/03/19 11:26:08 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
PRC - [2009/03/19 11:25:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
PRC - [2009/02/04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/17 23:27:22 | 004,823,928 | ---- | M] (Dell Inc. and SightSpeed Inc.) -- C:\Program Files\Dell Video Chat\DellVideoChat.exe
PRC - [2008/12/04 16:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/09/26 15:06:16 | 001,664,280 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/06/24 01:27:40 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V305\dldtmsdmon.exe
PRC - [2008/06/24 01:26:16 | 000,668,912 | ---- | M] () -- C:\Program Files\Dell V305\dldtmon.exe
PRC - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldtcoms.exe
PRC - [2008/01/20 21:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe


========== Modules (SafeList) ==========

MOD - [2010/11/22 00:22:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\marina p. babyy\Desktop\OTL.exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/03/19 11:26:08 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)
SRV - [2009/03/19 11:25:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/12/04 16:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldtcoms.exe -- (dldt_device)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 21:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 21:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/08/25 20:31:30 | 009,024,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/05/06 17:03:00 | 000,274,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA008Vid.sys -- (OA008Vid)
DRV - [2009/03/19 11:26:22 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/12 11:36:38 | 000,143,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/03/06 07:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA008Ufd.sys -- (OA008Ufd)
DRV - [2009/02/02 08:44:56 | 000,054,656 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATMFVsp.sys -- (ATMFVsp)
DRV - [2009/02/02 08:44:20 | 000,103,424 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATMFNET.sys -- (ATMFNET)
DRV - [2009/02/02 08:44:00 | 000,054,656 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATMFNVsp.sys -- (ATMFNVsp)
DRV - [2009/02/02 08:43:46 | 000,054,656 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATMFCVsp.sys -- (ATMFCVsp)
DRV - [2009/02/02 08:43:32 | 000,054,528 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATMFMdm.sys -- (ATMFMdm)
DRV - [2009/02/02 08:43:20 | 000,038,528 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATMFBUS.sys -- (ATMFBUS)
DRV - [2009/01/05 05:18:16 | 000,011,520 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATMFFLT.sys -- (ATMFFLT)
DRV - [2008/12/21 13:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/12/16 12:22:02 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/11/30 08:39:30 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/11/30 08:30:40 | 000,204,464 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/10/07 12:37:36 | 000,212,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/09/15 12:11:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/09/15 12:11:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/09/15 12:10:56 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fptb-w3i
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://m.www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2009/09/21 00:20:29 | 000,000,000 | -H-D | M] -- C:\Users\marina p. babyy\AppData\Roaming\Mozilla\Extensions
[2009/09/21 00:20:29 | 000,000,000 | -H-D | M] -- C:\Users\marina p. babyy\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Shop to Win 2) - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files\Shop to Win 2\ShoppingBHO.dll (Freecause Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe File not found
O4 - HKLM..\Run: [dldtamon] C:\Program Files\Dell V305\dldtamon.exe ()
O4 - HKLM..\Run: [dldtmon.exe] C:\Program Files\Dell V305\dldtmon.exe ()
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PbOVsnXuaBESx.exe] C:\ProgramData\PbOVsnXuaBESx.exe (Daniel Pistelli)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
O4 - Startup: C:\Users\marina p. babyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\marina p. babyy\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\marina p. babyy\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/04/11 13:04:28 | 000,000,109 | R--- | M] () - F:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{8b1b585b-6319-11e0-b426-0026b904ce51}\Shell - "" = AutoRun
O33 - MountPoints2\{8b1b585b-6319-11e0-b426-0026b904ce51}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{97edbc66-a65b-11de-ad6d-0026b904ce51}\Shell - "" = AutoRun
O33 - MountPoints2\{97edbc66-a65b-11de-ad6d-0026b904ce51}\Shell\AutoRun\command - "" = H:\start.exe -- File not found
O33 - MountPoints2\{b700a612-aa2c-11df-855d-0026b904ce51}\Shell\AutoRun\command - "" = H:\PMBP_Win.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/03 21:06:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\marina p. babyy\Desktop\OTL.exe
[2011/10/02 20:35:26 | 000,348,160 | -H-- | C] (Daniel Pistelli) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011/10/02 20:28:54 | 000,163,840 | -H-- | C] (Microsoft Corporation) -- C:\Users\marina p. babyy\taskmgr.exe
[2011/10/02 20:28:46 | 000,462,336 | -H-- | C] (Daniel Pistelli) -- C:\ProgramData\PbOVsnXuaBESx.exe
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009/12/16 06:51:49 | 008,653,312 | -H-- | C] (Dell, Inc. ) -- C:\Users\marina p. babyy\AppData\Roaming\DataSafeDotNet.exe
[2009/10/20 21:23:12 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\DLDThcp.dll
[2009/10/20 21:23:12 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldtinpa.dll
[2009/10/20 21:23:11 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\dldtserv.dll
[2009/10/20 21:23:11 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\dldtusb1.dll
[2009/10/20 21:23:11 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldtiesc.dll
[2009/10/20 21:23:10 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\dldtpmui.dll
[2009/10/20 21:23:10 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldtlmpm.dll
[2009/10/20 21:23:10 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldtprox.dll
[2009/10/20 21:23:08 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldthbn3.dll
[2009/10/20 21:23:07 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldtcomc.dll
[2009/10/20 21:23:07 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\dldtcomm.dll

========== Files - Modified Within 30 Days ==========

[2011/10/03 21:06:58 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/03 21:06:58 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/03 21:02:59 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/10/03 20:46:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/03 20:46:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/03 20:36:34 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{810B29DF-DE99-411F-973A-72D5C48BF4C3}.job
[2011/10/03 20:33:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/02 20:58:22 | 000,000,631 | -H-- | M] () -- C:\Users\marina p. babyy\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Restore.lnk
[2011/10/02 20:56:36 | 000,007,052 | -H-- | M] () -- C:\Users\marina p. babyy\AppData\Local\d3d9caps.dat
[2011/10/02 20:56:18 | 3150,819,328 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/02 20:36:17 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/02 20:36:17 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/02 20:36:16 | 000,000,607 | -H-- | M] () -- C:\Users\marina p. babyy\Desktop\Data Restore.lnk
[2011/10/02 20:36:12 | 000,000,344 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/02 20:35:26 | 000,348,160 | -H-- | M] (Daniel Pistelli) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011/10/02 20:28:54 | 000,004,096 | -HS- | M] () -- C:\Users\marina p. babyy\wevtapi.dll
[2011/10/02 20:28:05 | 000,462,336 | -H-- | M] (Daniel Pistelli) -- C:\ProgramData\PbOVsnXuaBESx.exe
[2011/09/17 14:25:44 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/09/12 11:51:27 | 000,030,208 | -H-- | M] () -- C:\Users\marina p. babyy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/10/02 20:58:22 | 000,000,631 | -H-- | C] () -- C:\Users\marina p. babyy\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Restore.lnk
[2011/10/02 20:36:17 | 000,000,184 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/02 20:36:16 | 000,000,607 | -H-- | C] () -- C:\Users\marina p. babyy\Desktop\Data Restore.lnk
[2011/10/02 20:36:16 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/02 20:36:12 | 000,000,344 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/02 20:28:54 | 000,004,096 | -HS- | C] () -- C:\Users\marina p. babyy\wevtapi.dll
[2011/06/02 22:27:13 | 000,010,000 | -HS- | C] () -- C:\Users\marina p. babyy\AppData\Local\8t2g3aco2ve51wbdu7n1tkm4n1ly80y5b
[2011/06/02 22:27:13 | 000,010,000 | -HS- | C] () -- C:\ProgramData\8t2g3aco2ve51wbdu7n1tkm4n1ly80y5b
[2011/03/30 21:23:00 | 000,000,815 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2011/01/15 00:51:49 | 000,000,060 | -H-- | C] () -- C:\Users\marina p. babyy\AppData\Roaming\wklnhst.dat
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/10/24 02:41:01 | 000,007,052 | -H-- | C] () -- C:\Users\marina p. babyy\AppData\Local\d3d9caps.dat
[2009/10/20 21:29:07 | 000,360,448 | ---- | C] () -- C:\Windows\System32\dldtcoin.dll
[2009/10/20 21:23:30 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dldtwupd.dll
[2009/10/20 21:23:13 | 000,348,160 | ---- | C] () -- C:\Windows\System32\DLDTinst.dll
[2009/10/20 21:23:11 | 000,520,192 | ---- | C] () -- C:\Windows\System32\dldtutil.dll
[2009/10/20 21:23:09 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dldtinsb.dll
[2009/10/20 21:23:09 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldtins.dll
[2009/10/20 21:23:09 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldtjswr.dll
[2009/10/20 21:23:09 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldtinsr.dll
[2009/10/20 21:23:08 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldtgrd.dll
[2009/10/20 21:23:07 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldtcub.dll
[2009/10/20 21:23:07 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldtcu.dll
[2009/10/20 21:23:07 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldtcur.dll
[2009/10/20 21:23:06 | 000,077,906 | ---- | C] () -- C:\Windows\System32\DLDTcfg.dll
[2009/09/16 18:31:07 | 000,030,208 | -H-- | C] () -- C:\Users\marina p. babyy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/11 17:12:53 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2009/09/11 17:12:51 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/09/11 14:38:12 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/09/11 14:38:11 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/02/21 15:41:23 | 000,782,336 | ---- | C] () -- C:\Windows\System32\dldtdrs.dll
[2008/02/19 17:25:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dldtcaps.dll
[2007/11/13 14:13:09 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldtcnv4.dll
[2007/04/28 09:41:49 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldtvs.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2011/01/15 02:03:55 | 000,000,000 | -H-D | M] -- C:\Users\marina p. babyy\AppData\Roaming\enchant
[2011/02/22 16:22:49 | 000,000,000 | -H-D | M] -- C:\Users\marina p. babyy\AppData\Roaming\PCDr
[2011/04/09 22:17:08 | 000,000,000 | -H-D | M] -- C:\Users\marina p. babyy\AppData\Roaming\Template
[2011/01/15 01:59:26 | 000,000,000 | -H-D | M] -- C:\Users\marina p. babyy\AppData\Roaming\WeatherBug
[2011/09/17 14:25:44 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/10/02 20:54:24 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/03 21:02:59 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
[2011/10/03 20:36:34 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{810B29DF-DE99-411F-973A-72D5C48BF4C3}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >
  • 0

Advertisements


#2
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :yes:

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    PRC - [2011/10/02 20:35:26 | 000,348,160 | -H-- | M] (Daniel Pistelli) -- C:\ProgramData\6DSS92c31Apgjk.exe
    PRC - [2011/10/02 20:28:05 | 000,462,336 | -H-- | M] (Daniel Pistelli) -- C:\ProgramData\PbOVsnXuaBESx.exe
    O4 - HKCU..\Run: [PbOVsnXuaBESx.exe] C:\ProgramData\PbOVsnXuaBESx.exe (Daniel Pistelli)
    [2011/10/02 20:35:26 | 000,348,160 | -H-- | C] (Daniel Pistelli) -- C:\ProgramData\6DSS92c31Apgjk.exe
    [2011/10/02 20:28:54 | 000,163,840 | -H-- | C] (Microsoft Corporation) -- C:\Users\marina p. babyy\taskmgr.exe
    [2011/10/02 20:28:46 | 000,462,336 | -H-- | C] (Daniel Pistelli) -- C:\ProgramData\PbOVsnXuaBESx.exe
    [2009/12/16 06:51:49 | 008,653,312 | -H-- | C] (Dell, Inc. ) -- C:\Users\marina p. babyy\AppData\Roaming\DataSafeDotNet.exe
    [2011/10/02 20:58:22 | 000,000,631 | -H-- | M] () -- C:\Users\marina p. babyy\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Restore.lnk
    [2011/10/02 20:36:17 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
    [2011/10/02 20:36:17 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
    [2011/10/02 20:36:16 | 000,000,607 | -H-- | M] () -- C:\Users\marina p. babyy\Desktop\Data Restore.lnk
    [2011/10/02 20:36:12 | 000,000,344 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
    [2011/10/02 20:35:26 | 000,348,160 | -H-- | M] (Daniel Pistelli) -- C:\ProgramData\6DSS92c31Apgjk.exe
    [2011/10/02 20:28:54 | 000,004,096 | -HS- | M] () -- C:\Users\marina p. babyy\wevtapi.dll
    [2011/10/02 20:28:05 | 000,462,336 | -H-- | M] (Daniel Pistelli) -- C:\ProgramData\PbOVsnXuaBESx.exe
    [2011/10/02 20:58:22 | 000,000,631 | -H-- | C] () -- C:\Users\marina p. babyy\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Restore.lnk
    [2011/10/02 20:36:17 | 000,000,184 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
    [2011/10/02 20:36:16 | 000,000,607 | -H-- | C] () -- C:\Users\marina p. babyy\Desktop\Data Restore.lnk
    [2011/10/02 20:36:16 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
    [2011/10/02 20:36:12 | 000,000,344 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
    [2011/10/02 20:28:54 | 000,004,096 | -HS- | C] () -- C:\Users\marina p. babyy\wevtapi.dll
    [2011/06/02 22:27:13 | 000,010,000 | -HS- | C] () -- C:\Users\marina p. babyy\AppData\Local\8t2g3aco2ve51wbdu7n1tkm4n1ly80y5b
    [2011/06/02 22:27:13 | 000,010,000 | -HS- | C] () -- C:\ProgramData\8t2g3aco2ve51wbdu7n1tkm4n1ly80y5b
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:





Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



NEXT:



Re-Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

  • 0

#3
jrdriv

jrdriv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Ok, so I did the OTL part, but when I did the GMER part is said it could not find anything, and when I saved Gmer.txt it was blank. So, here is the first OTL log...


========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
No active process named 6DSS92c31Apgjk.exe was found!
No active process named PbOVsnXuaBESx.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PbOVsnXuaBESx.exe deleted successfully.
C:\ProgramData\PbOVsnXuaBESx.exe moved successfully.
C:\ProgramData\6DSS92c31Apgjk.exe moved successfully.
C:\Users\marina p. babyy\taskmgr.exe moved successfully.
File C:\ProgramData\PbOVsnXuaBESx.exe not found.
C:\Users\marina p. babyy\AppData\Roaming\DataSafeDotNet.exe moved successfully.
C:\Users\marina p. babyy\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Restore.lnk moved successfully.
C:\ProgramData\~6DSS92c31Apgjk moved successfully.
C:\ProgramData\~6DSS92c31Apgjkr moved successfully.
C:\Users\marina p. babyy\Desktop\Data Restore.lnk moved successfully.
C:\ProgramData\6DSS92c31Apgjk moved successfully.
File C:\ProgramData\6DSS92c31Apgjk.exe not found.
C:\Users\marina p. babyy\wevtapi.dll moved successfully.
File C:\ProgramData\PbOVsnXuaBESx.exe not found.
File C:\Users\marina p. babyy\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Restore.lnk not found.
File C:\ProgramData\~6DSS92c31Apgjkr not found.
File C:\Users\marina p. babyy\Desktop\Data Restore.lnk not found.
File C:\ProgramData\~6DSS92c31Apgjk not found.
File C:\ProgramData\6DSS92c31Apgjk not found.
File C:\Users\marina p. babyy\wevtapi.dll not found.
C:\Users\marina p. babyy\AppData\Local\8t2g3aco2ve51wbdu7n1tkm4n1ly80y5b moved successfully.
C:\ProgramData\8t2g3aco2ve51wbdu7n1tkm4n1ly80y5b moved successfully.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\marina p. babyy\Desktop\cmd.bat deleted successfully.
C:\Users\marina p. babyy\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\marina p. babyy\Desktop\cmd.bat deleted successfully.
C:\Users\marina p. babyy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: marina p. babyy
->Flash cache emptied: 161466 bytes

User: Public

User: RA Media Server

Total Flash Files Cleaned = 0.00 mb

Error: Unable to interpret <Push > in the current context!

OTL by OldTimer - Version 3.2.17.3 log created on 10062011_231437

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#4
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Please run this tool:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

  • 0

#5
jrdriv

jrdriv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hello,

Here is the combo fix log...



ComboFix 11-10-07.04 - marina p. babyy 10/07/2011 21:31:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3004.1483 [GMT -5:00]
Running from: c:\users\marina p. babyy\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\program files\Shop to Win 2\ShOPpingbho.dll
c:\programdata\PCDr\5830\Downloads\0fc909b5-f105-4459-82f3-583c6ea5d734.dll
c:\programdata\PCDr\5830\Downloads\482517d4-aaa6-47f8-a7ad-de5cf6021ac2.dll
c:\programdata\PCDr\5830\Downloads\b3c595f3-948c-4aae-b2a9-7aaa0df99c97.dll
c:\programdata\PCDr\5830\Downloads\b4ec5042-c9eb-4e0d-b56f-68c71eb653bf.dll
c:\programdata\PCDr\5830\Downloads\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
c:\users\marina p. babyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Restore
c:\users\marina p. babyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Restore\Data Restore.lnk
c:\users\marina p. babyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Restore\Uninstall Data Restore.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-09-08 to 2011-10-08 )))))))))))))))))))))))))))))))
.
.
2011-10-08 02:37 . 2011-10-08 02:37 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2011-10-08 02:37 . 2011-10-08 02:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-07 04:19 . 2011-10-07 04:19 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FFCDC994-CD4D-4C57-94B9-25F0F226B497}\offreg.dll
2011-10-07 04:14 . 2011-10-07 04:14 -------- d-----w- C:\_OTL
2011-10-06 00:57 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FFCDC994-CD4D-4C57-94B9-25F0F226B497}\mpengine.dll
2011-10-04 03:02 . 2011-10-04 03:02 -------- d-----w- c:\program files\GetData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-04 17:11 . 2011-08-04 17:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
2010-11-09 16:21 371320 ----a-w- c:\program files\Freeze.com\NetAssistant\NetAssistant.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"SightSpeed"="c:\program files\Dell Video Chat\DellVideoChat.exe" [2008-12-18 4823928]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-30 1422632]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-19 483428]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 3810304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2008-06-24 668912]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-06-24 16624]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
.
c:\users\marina p. babyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\DRIVERS\ATMFBUS.sys [2009-02-02 38528]
R3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\DRIVERS\ATMFCVsp.sys [2009-02-02 54656]
R3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\DRIVERS\ATMFFLT.sys [2009-01-05 11520]
R3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\DRIVERS\ATMFMdm.sys [2009-02-02 54528]
R3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\DRIVERS\ATMFNET.sys [2009-02-02 103424]
R3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\DRIVERS\ATMFNVsp.sys [2009-02-02 54656]
R3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\DRIVERS\ATMFVsp.sys [2009-02-02 54656]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-19 81920]
S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe [2008-02-25 595184]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-03-12 143840]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-11-30 112128]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-10-07 212992]
S3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\DRIVERS\OA008Ufd.sys [2009-03-06 133632]
S3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\DRIVERS\OA008Vid.sys [2009-05-06 274048]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2011-05-12 21744]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PWLIAPOD
*Deregistered* - pwliapod
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-17 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
2011-10-08 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
2011-10-07 c:\windows\Tasks\User_Feed_Synchronization-{810B29DF-DE99-411F-973A-72D5C48BF4C3}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fptb-w3i
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 0.0.0.0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-07 21:37
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-07 21:41:45
ComboFix-quarantined-files.txt 2011-10-08 02:41
.
Pre-Run: 360,955,387,904 bytes free
Post-Run: 361,727,586,304 bytes free
.
- - End Of File - - C7225A0103FB8C2DBE723E994AA4091F
  • 0

#6
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

How are things currently running?


Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (v1.51.0.1200) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.
  • 0

#7
jrdriv

jrdriv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hello,

My laptop is working great. There is no more pop ups of any kind. No more fake antivirus ads, or any critical disk errors. Here is the log...


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7898

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

10/8/2011 12:44:52 AM
mbam-log-2011-10-08 (00-44-52).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 324986
Time elapsed: 49 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\_OTL\movedfiles\10062011_231437\c_programdata\6dss92c31apgjk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\10062011_231437\c_programdata\pbovsnxuabesx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\marina p. babyy\Desktop\click to find and fix errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.
  • 0

#8
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Please run the following scans:


ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#9
jrdriv

jrdriv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hello,
Here are the two logs...
ESETScan,

C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application
C:\_OTL\MovedFiles\10062011_231437\C_Users\marina p. babyy\wevtapi.dll Win32/Agent.STE trojan



Results of screen317's Security Check version 0.99.21
Windows Vista Service Pack 1 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 13
Out of date Java installed!
Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
``````````End of Log````````````
  • 0

#10
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

These threat(s) below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.

C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application
C:\_OTL\MovedFiles\10062011_231437\C_Users\marina p. babyy\wevtapi.dll Win32/Agent.STE trojan


____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Your SecurityCheck log indicates that your version of Flash Player is outdated. This is a vulnerability that needs to be addressed. Please remove the outdated version of Flash Player and then install the latest version.

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Your computer is currently running with an outdated Service Pack installed. This is not something that I recommend you continue to do. Please visit this link here: http://support.micro.../935791#Method2 for information on how to obtain the latest Service Pack for Vista. The latest service pack for Vista is currently Service Pack 2.


NEXT:



No Anti-Virus Present

Looking over your log it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network.
Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.



NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?
  • 0

#11
jrdriv

jrdriv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hello,

My laptop is working great. I believe I updated the widows service pack, but I am not sure. Is there a way I can check to see if I did it correctly? Here are the two OTL logs...


Files\Folders moved on Reboot...
C:\Users\marina p. babyy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AB51U6JM\page__p__2069170__fromsearch__1[1].htm moved successfully.

Registry entries deleted on Reboot...







OTL logfile created on: 10/10/2011 11:07:26 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\marina p. babyy\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 451.07 Gb Total Space | 336.53 Gb Free Space | 74.61% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 8.54 Gb Free Space | 58.28% Space Free | Partition Type: NTFS

Computer Name: MARINAPBABYY | User Name: marina p. babyy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/10 19:02:05 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe
PRC - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/09/16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/11/22 00:22:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\marina p. babyy\Desktop\OTL.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/24 15:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/07/07 10:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/05/28 16:28:18 | 001,320,288 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2009/04/11 12:59:39 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/19 11:26:18 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/03/19 11:26:08 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
PRC - [2009/03/19 11:25:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
PRC - [2009/02/04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/17 23:27:22 | 004,823,928 | ---- | M] (Dell Inc. and SightSpeed Inc.) -- C:\Program Files\Dell Video Chat\DellVideoChat.exe
PRC - [2008/12/08 17:01:52 | 000,224,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2008/12/04 16:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/06/24 01:27:40 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V305\dldtmsdmon.exe
PRC - [2008/06/24 01:26:16 | 000,668,912 | ---- | M] () -- C:\Program Files\Dell V305\dldtmon.exe
PRC - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldtcoms.exe
PRC - [2008/01/20 21:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe


========== Modules (SafeList) ==========

MOD - [2010/11/22 00:22:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\marina p. babyy\Desktop\OTL.exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/03/19 11:26:08 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)
SRV - [2009/03/19 11:25:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/12/04 16:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldtcoms.exe -- (dldt_device)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 21:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 21:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\MARINA~1.BAB\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/08/25 20:31:30 | 009,024,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/06 17:03:00 | 000,274,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA008Vid.sys -- (OA008Vid)
DRV - [2009/03/19 11:26:22 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/12 11:36:38 | 000,143,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/03/06 07:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA008Ufd.sys -- (OA008Ufd)
DRV - [2009/02/02 08:44:56 | 000,054,656 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATMFVsp.sys -- (ATMFVsp)
DRV - [2009/02/02 08:44:20 | 000,103,424 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATMFNET.sys -- (ATMFNET)
DRV - [2009/02/02 08:44:00 | 000,054,656 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATMFNVsp.sys -- (ATMFNVsp)
DRV - [2009/02/02 08:43:46 | 000,054,656 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATMFCVsp.sys -- (ATMFCVsp)
DRV - [2009/02/02 08:43:32 | 000,054,528 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATMFMdm.sys -- (ATMFMdm)
DRV - [2009/02/02 08:43:20 | 000,038,528 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATMFBUS.sys -- (ATMFBUS)
DRV - [2009/01/05 05:18:16 | 000,011,520 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATMFFLT.sys -- (ATMFFLT)
DRV - [2008/12/21 13:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/12/16 12:22:02 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/11/30 08:39:30 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/11/30 08:30:40 | 000,204,464 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/10/07 12:37:36 | 000,212,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/09/15 12:11:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/09/15 12:11:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/09/15 12:10:56 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2009/09/21 00:20:29 | 000,000,000 | ---D | M] -- C:\Users\marina p. babyy\AppData\Roaming\Mozilla\Extensions
[2009/09/21 00:20:29 | 000,000,000 | ---D | M] -- C:\Users\marina p. babyy\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2011/10/10 21:58:51 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dldtamon] C:\Program Files\Dell V305\dldtamon.exe ()
O4 - HKLM..\Run: [dldtmon.exe] C:\Program Files\Dell V305\dldtmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - Startup: C:\Users\marina p. babyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75 0.0.0.0
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\marina p. babyy\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\marina p. babyy\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/10/10 23:03:47 | 000,000,000 | ---D | C] -- C:\Users\marina p. babyy\AppData\Roaming\Avira
[2011/10/10 23:03:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/10/10 23:03:11 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/10/10 23:03:11 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/10/10 23:03:11 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011/10/10 23:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/10/10 23:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/10 21:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/10/10 21:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/10 21:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/10/10 19:02:15 | 000,000,000 | ---D | C] -- C:\Users\marina p. babyy\AppData\Local\Google
[2011/10/10 19:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/10/10 19:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/10/08 12:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/07 23:49:50 | 000,000,000 | ---D | C] -- C:\Users\marina p. babyy\AppData\Roaming\Malwarebytes
[2011/10/07 23:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/07 23:49:40 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/07 23:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/07 23:45:49 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\marina p. babyy\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/07 21:41:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/07 21:41:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/07 21:30:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/07 21:30:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/07 21:30:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/07 21:29:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/07 21:29:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/07 21:23:22 | 004,248,265 | R--- | C] (Swearware) -- C:\Users\marina p. babyy\Desktop\ComboFix.exe
[2011/10/06 23:40:06 | 000,000,000 | ---D | C] -- C:\Users\marina p. babyy\Desktop\gmer
[2011/10/06 23:14:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/03 22:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\GetData
[2011/10/03 22:01:43 | 015,265,456 | ---- | C] ({code:GDConstant|CompanyName} ) -- C:\Users\marina p. babyy\Desktop\RecoverMyFiles-Setup.exe
[2011/10/03 21:06:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\marina p. babyy\Desktop\OTL.exe
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009/10/20 21:23:12 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\DLDThcp.dll
[2009/10/20 21:23:12 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldtinpa.dll
[2009/10/20 21:23:11 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\dldtserv.dll
[2009/10/20 21:23:11 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\dldtusb1.dll
[2009/10/20 21:23:11 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldtiesc.dll
[2009/10/20 21:23:10 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\dldtpmui.dll
[2009/10/20 21:23:10 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldtlmpm.dll
[2009/10/20 21:23:10 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldtprox.dll
[2009/10/20 21:23:08 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldthbn3.dll
[2009/10/20 21:23:07 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldtcomc.dll
[2009/10/20 21:23:07 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\dldtcomm.dll

========== Files - Modified Within 30 Days ==========

[2011/10/10 23:03:25 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/10/10 23:01:07 | 082,885,256 | ---- | M] () -- C:\Users\marina p. babyy\Desktop\avira_free_antivirus_en.exe
[2011/10/10 22:50:01 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{810B29DF-DE99-411F-973A-72D5C48BF4C3}.job
[2011/10/10 22:47:16 | 000,000,945 | ---- | M] () -- C:\Users\marina p. babyy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/10 22:46:33 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 22:46:31 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 22:46:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/10 22:45:49 | 3150,819,328 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/10 22:17:13 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/10/10 21:58:51 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/10/08 17:18:10 | 000,879,382 | ---- | M] () -- C:\Users\marina p. babyy\Desktop\SecurityCheck.exe
[2011/10/08 11:18:13 | 000,031,744 | ---- | M] () -- C:\Users\marina p. babyy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/07 23:49:43 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/07 23:45:50 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\marina p. babyy\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/07 21:29:43 | 004,248,265 | R--- | M] (Swearware) -- C:\Users\marina p. babyy\Desktop\ComboFix.exe
[2011/10/06 23:39:49 | 000,294,216 | ---- | M] () -- C:\Users\marina p. babyy\Desktop\gmer.zip
[2011/10/03 21:59:24 | 015,265,456 | ---- | M] ({code:GDConstant|CompanyName} ) -- C:\Users\marina p. babyy\Desktop\RecoverMyFiles-Setup.exe
[2011/10/03 21:06:58 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/03 21:06:58 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/02 20:56:36 | 000,007,052 | ---- | M] () -- C:\Users\marina p. babyy\AppData\Local\d3d9caps.dat
[2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/09/17 14:25:44 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

========== Files Created - No Company Name ==========

[2011/10/10 23:03:25 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/10/10 23:01:07 | 082,885,256 | ---- | C] () -- C:\Users\marina p. babyy\Desktop\avira_free_antivirus_en.exe
[2011/10/10 22:47:16 | 000,000,945 | ---- | C] () -- C:\Users\marina p. babyy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/10 22:43:18 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/10/08 17:18:07 | 000,879,382 | ---- | C] () -- C:\Users\marina p. babyy\Desktop\SecurityCheck.exe
[2011/10/07 23:49:43 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/07 21:30:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/07 21:30:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/07 21:30:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/07 21:30:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/07 21:30:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/06 23:39:44 | 000,294,216 | ---- | C] () -- C:\Users\marina p. babyy\Desktop\gmer.zip
[2011/03/30 21:23:00 | 000,000,815 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2011/01/15 00:51:49 | 000,000,060 | ---- | C] () -- C:\Users\marina p. babyy\AppData\Roaming\wklnhst.dat
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/10/24 02:41:01 | 000,007,052 | ---- | C] () -- C:\Users\marina p. babyy\AppData\Local\d3d9caps.dat
[2009/10/20 21:29:07 | 000,360,448 | ---- | C] () -- C:\Windows\System32\dldtcoin.dll
[2009/10/20 21:23:30 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dldtwupd.dll
[2009/10/20 21:23:13 | 000,348,160 | ---- | C] () -- C:\Windows\System32\DLDTinst.dll
[2009/10/20 21:23:11 | 000,520,192 | ---- | C] () -- C:\Windows\System32\dldtutil.dll
[2009/10/20 21:23:09 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dldtinsb.dll
[2009/10/20 21:23:09 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldtins.dll
[2009/10/20 21:23:09 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldtjswr.dll
[2009/10/20 21:23:09 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldtinsr.dll
[2009/10/20 21:23:08 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldtgrd.dll
[2009/10/20 21:23:07 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldtcub.dll
[2009/10/20 21:23:07 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldtcu.dll
[2009/10/20 21:23:07 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldtcur.dll
[2009/10/20 21:23:06 | 000,077,906 | ---- | C] () -- C:\Windows\System32\DLDTcfg.dll
[2009/09/16 18:31:07 | 000,031,744 | ---- | C] () -- C:\Users\marina p. babyy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/11 17:12:53 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2009/09/11 17:12:51 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/09/11 14:38:12 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/09/11 14:38:11 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/02/21 15:41:23 | 000,782,336 | ---- | C] () -- C:\Windows\System32\dldtdrs.dll
[2008/02/19 17:25:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dldtcaps.dll
[2007/11/13 14:13:09 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldtcnv4.dll
[2007/04/28 09:41:49 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldtvs.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2011/01/15 02:03:55 | 000,000,000 | ---D | M] -- C:\Users\marina p. babyy\AppData\Roaming\enchant
[2011/02/22 16:22:49 | 000,000,000 | ---D | M] -- C:\Users\marina p. babyy\AppData\Roaming\PCDr
[2011/04/09 22:17:08 | 000,000,000 | ---D | M] -- C:\Users\marina p. babyy\AppData\Roaming\Template
[2011/01/15 01:59:26 | 000,000,000 | ---D | M] -- C:\Users\marina p. babyy\AppData\Roaming\WeatherBug
[2011/09/17 14:25:44 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/10/10 22:44:49 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/10 22:17:13 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
[2011/10/10 22:50:01 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{810B29DF-DE99-411F-973A-72D5C48BF4C3}.job

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010/12/17 23:48:23 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010/12/17 23:48:23 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010/12/17 23:48:23 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/12/18 01:28:35 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2010/12/18 01:28:35 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-11 03:44:01

< >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >
  • 0

#12
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

According to your latest OTL log you still seem to be running Service Pack 1.

Can you please attempt to reinstall Service Pack 2?
  • 0

#13
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP