Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

startup infection, rootkit, virus

Started by mickelle , Oct 09 2011 05:57 PM

This topic is locked

#1
mickelle

Posted 09 October 2011 - 05:57 PM

Member

Member
29 posts

Hello, I'm posting this OTL.text file because i believe i have a rootkit or something that keeps coming back and infecting the boot files. I'm not that computer savy but thats the way i would describe the situation. Basically, the computer will boot and then keep restarting over and over.v I use Avira and it seems to find some malware which says 'access denied'. So, i guess its not allowed to clean it? anyway, theres the OTL file..Thank you for your help!!! >_<

*Mickelle*

OTL logfile created on: 10/9/2011 6:59:09 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\deedee\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.60% Memory free
3.85 Gb Paging File | 3.22 Gb Available in Paging File | 83.70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 20.64 Gb Free Space | 36.93% Space Free | Partition Type: NTFS

Computer Name: OLDSCHOOL | User Name: deedee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/09 18:48:51 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\deedee\My Documents\OTL.exe
PRC - [2011/09/29 02:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/09/16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/16 12:54:10 | 000,025,264 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
PRC - [2007/07/16 12:54:08 | 000,434,864 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
PRC - [2007/06/11 10:14:52 | 000,517,040 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdicoms.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/29 02:53:40 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/16 02:05:58 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/08/10 12:27:38 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/08/10 02:15:56 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/10 02:15:45 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011/08/10 02:15:22 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011/08/10 02:09:08 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/08/09 23:27:08 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/06/20 22:26:42 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/12/13 12:07:58 | 005,971,408 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/08/15 18:08:44 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/07/16 12:54:10 | 000,025,264 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
MOD - [2007/07/16 12:54:08 | 000,434,864 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
MOD - [2007/05/02 05:11:56 | 000,040,960 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.Monitor.Core.dll
MOD - [2007/05/02 05:11:56 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.Monitor.Common.dll
MOD - [2007/05/02 05:10:58 | 000,057,344 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.DevMons.MCMDevMon.dll
MOD - [2007/04/30 08:20:26 | 000,011,776 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
MOD - [2007/04/30 08:19:52 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.DevMons.ScanDevMon.dll
MOD - [2007/04/30 08:19:48 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.DevMons.NetworkCardDevMon.dll
MOD - [2007/03/23 15:41:44 | 000,278,528 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiscw.dll
MOD - [2007/03/15 23:08:12 | 000,113,664 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdidrpp.dll
MOD - [2007/03/05 10:45:26 | 000,589,824 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdidatr.dll
MOD - [2006/12/28 11:47:42 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdicats.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2007/06/11 10:14:52 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdicoms.exe -- (lxdi_device)
SRV - [2007/06/11 10:14:42 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (Micorsoft Windows Service)
DRV - [2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2005/05/11 18:47:56 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/03/04 10:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/29 14:10:06 | 000,274,688 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/04/29 14:09:20 | 000,292,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2003/05/01 22:42:00 | 000,030,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/05/01 22:40:00 | 000,165,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/05/01 22:38:00 | 000,622,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/05/01 22:37:00 | 001,107,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2C 84 CE 09 74 8B CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.8

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/05 00:40:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/04 21:24:31 | 000,000,000 | ---D | M]

[2010/11/23 21:08:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\deedee\Application Data\Mozilla\Extensions
[2011/10/04 20:43:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\deedee\Application Data\Mozilla\Firefox\Profiles\ntrh1pz3.default\extensions
[2010/11/26 21:10:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\deedee\Application Data\Mozilla\Firefox\Profiles\ntrh1pz3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/28 18:46:49 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\deedee\Application Data\Mozilla\Firefox\Profiles\ntrh1pz3.default\extensions\[email protected]
[2011/07/20 00:29:39 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\deedee\Application Data\Mozilla\Firefox\Profiles\ntrh1pz3.default\extensions\[email protected]
[2011/04/02 02:51:14 | 000,002,569 | ---- | M] () -- C:\Documents and Settings\deedee\Application Data\Mozilla\Firefox\Profiles\ntrh1pz3.default\searchplugins\askcom.xml
[2011/10/05 00:40:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 19:30:37 | 000,002,287 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2001/08/23 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.201.245.77 24.200.243.189 24.200.241.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{095FCF27-4AB7-4EB6-8917-B3DF1F7158D1}: DhcpNameServer = 24.201.245.77 24.200.243.189 24.200.241.37
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\deedee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\deedee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/08 23:58:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/09 18:48:48 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\deedee\My Documents\OTL.exe
[2011/10/08 11:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/10/07 15:29:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\Desktop\New Folder
[2011/10/05 02:41:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\deedee\Recent
[2011/10/04 21:31:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/10/04 21:28:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\Application Data\Avira
[2011/10/04 21:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/04 21:27:47 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/10/04 21:27:44 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/10/04 21:27:44 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/10/04 21:27:43 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/10/04 21:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/04 21:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/10/04 20:33:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/04 18:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/10/04 18:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/10/03 19:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\rnwsfksi
[2011/10/03 19:26:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\Application Data\Help
[2011/09/29 18:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\Desktop\self pix 2011
[2011/09/28 18:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\Local Settings\Application Data\Babylon
[2011/09/28 18:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\Application Data\Babylon
[2011/09/28 18:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/09/28 17:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\Desktop\Montreal Artwork
[2010/09/17 18:42:28 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll
[2010/09/17 18:42:28 | 000,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll
[2010/09/17 18:42:28 | 000,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll
[2010/09/17 18:42:28 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll
[2010/09/17 18:42:28 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll
[2010/09/17 18:42:28 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll
[2010/09/17 18:42:28 | 000,311,296 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihcp.dll
[2010/09/17 18:42:28 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll
[2010/09/17 18:42:28 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll
[2010/09/17 18:42:27 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll
[2010/09/17 18:42:27 | 000,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll
[2010/09/17 18:42:27 | 000,517,040 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicoms.exe
[2010/09/17 18:42:27 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll
[2010/09/17 18:42:27 | 000,340,912 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicfg.exe
[2010/09/17 18:42:27 | 000,320,432 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiih.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/09 18:48:51 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\deedee\My Documents\OTL.exe
[2011/10/09 16:48:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/09 16:45:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/09 16:45:53 | 2146,484,224 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/08 11:59:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/05 02:56:39 | 000,072,704 | ---- | M] () -- C:\Documents and Settings\deedee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/05 00:41:00 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\deedee\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/05 00:41:00 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/04 21:28:11 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/04 21:26:39 | 082,885,256 | ---- | M] () -- C:\Documents and Settings\deedee\My Documents\avira_free_antivirus_en.exe
[2011/10/04 18:48:40 | 000,004,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/09/29 16:21:17 | 000,037,515 | ---- | M] () -- C:\Documents and Settings\deedee\Desktop\M2011_eng.rtf
[2011/09/29 14:48:10 | 000,039,176 | ---- | M] () -- C:\Documents and Settings\deedee\Desktop\MC_eng.rtf
[2011/09/24 19:47:16 | 000,000,629 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/05 00:41:00 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\deedee\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/05 00:41:00 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/05 00:41:00 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/04 21:28:11 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/04 21:25:58 | 082,885,256 | ---- | C] () -- C:\Documents and Settings\deedee\My Documents\avira_free_antivirus_en.exe
[2011/10/04 18:45:47 | 000,004,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/09/29 16:21:17 | 000,037,515 | ---- | C] () -- C:\Documents and Settings\deedee\Desktop\M2011_eng.rtf
[2011/09/29 14:48:10 | 000,039,176 | ---- | C] () -- C:\Documents and Settings\deedee\Desktop\MC_eng.rtf
[2011/09/24 19:47:56 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/24 19:47:16 | 000,000,629 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/09/07 18:40:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/07/12 07:40:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/25 14:19:39 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\deedee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/17 18:46:53 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll
[2010/09/17 18:46:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdicoin.dll
[2010/09/17 18:46:21 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdidrs.dll
[2010/09/17 18:46:21 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdicnv4.dll
[2010/09/17 18:46:21 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdicaps.dll
[2010/09/17 18:42:28 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxdiinst.dll
[2010/09/17 18:42:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll
[2010/08/09 22:16:24 | 000,000,250 | ---- | C] () -- C:\WINDOWS\RealFlight.INI
[2010/08/09 21:12:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/09 00:00:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/08 23:54:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/08 19:46:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/08 19:44:56 | 000,117,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/04/07 22:16:43 | 000,684,004 | -H-- | C] () -- C:\Documents and Settings\deedee\Application Data\logs.dat
[2004/08/03 19:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 11:00:00 | 000,432,944 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 11:00:00 | 000,067,860 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/08/09 21:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/09/28 18:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/10/04 20:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/10/20 14:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TOSHIBA
[2011/04/03 01:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/09/28 18:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deedee\Application Data\Babylon
[2010/11/23 21:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deedee\Application Data\Lexmark Productivity Studio
[2011/04/05 22:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deedee\Application Data\PhotoFiltre
[2011/10/09 01:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deedee\Application Data\uTorrent

========== Purity Check ==========

< End of report >

#2
Essexboy

Posted 10 October 2011 - 01:48 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there I can see the problem but I am not sure whether OTL will be strong enough to remove it, but lets give it a try

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
DRV - File not found [Kernel | Unknown | Running] -- -- (Micorsoft Windows Service)

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

#3
mickelle

Posted 10 October 2011 - 05:56 PM

Member

Topic Starter
Member
29 posts

Hey Essexboy, Cheers for the reply!!
OK so heres the OTL log and the aswMBR :

OTL logfile created on: 10/10/2011 7:13:19 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\deedee\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.52% Memory free
3.85 Gb Paging File | 3.28 Gb Available in Paging File | 85.23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 19.35 Gb Free Space | 34.62% Space Free | Partition Type: NTFS

Computer Name: OLDSCHOOL | User Name: deedee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/09 18:48:51 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\deedee\Desktop\OTL.exe
PRC - [2011/09/29 02:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/09/16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/16 12:54:10 | 000,025,264 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
PRC - [2007/07/16 12:54:08 | 000,434,864 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
PRC - [2007/06/11 10:14:52 | 000,517,040 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdicoms.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/29 02:53:40 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/16 02:05:58 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/08/10 12:27:38 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/08/10 02:15:56 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/10 02:15:45 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011/08/10 02:15:22 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011/08/10 02:09:08 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/08/09 23:27:08 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/06/20 22:26:42 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/12/13 12:07:58 | 005,971,408 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/08/15 18:08:44 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/07/16 12:54:10 | 000,025,264 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
MOD - [2007/07/16 12:54:08 | 000,434,864 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
MOD - [2007/05/02 05:11:56 | 000,040,960 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.Monitor.Core.dll
MOD - [2007/05/02 05:11:56 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.Monitor.Common.dll
MOD - [2007/05/02 05:10:58 | 000,057,344 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.DevMons.MCMDevMon.dll
MOD - [2007/04/30 08:20:26 | 000,011,776 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
MOD - [2007/04/30 08:19:52 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.DevMons.ScanDevMon.dll
MOD - [2007/04/30 08:19:48 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.DevMons.NetworkCardDevMon.dll
MOD - [2007/03/23 15:41:44 | 000,278,528 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiscw.dll
MOD - [2007/03/15 23:08:12 | 000,113,664 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdidrpp.dll
MOD - [2007/03/05 10:45:26 | 000,589,824 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdidatr.dll
MOD - [2006/12/28 11:47:42 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdicats.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2007/06/11 10:14:52 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdicoms.exe -- (lxdi_device)
SRV - [2007/06/11 10:14:42 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)

========== Driver Services (SafeList) ==========

DRV - [2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2005/05/11 18:47:56 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/03/04 10:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/29 14:10:06 | 000,274,688 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/04/29 14:09:20 | 000,292,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2003/05/01 22:42:00 | 000,030,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/05/01 22:40:00 | 000,165,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/05/01 22:38:00 | 000,622,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/05/01 22:37:00 | 001,107,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2C 84 CE 09 74 8B CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.8

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/05 00:40:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/04 21:24:31 | 000,000,000 | ---D | M]

[2010/11/23 21:08:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\deedee\Application Data\Mozilla\Extensions
[2011/10/04 20:43:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\deedee\Application Data\Mozilla\Firefox\Profiles\ntrh1pz3.default\extensions
[2010/11/26 21:10:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\deedee\Application Data\Mozilla\Firefox\Profiles\ntrh1pz3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/28 18:46:49 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\deedee\Application Data\Mozilla\Firefox\Profiles\ntrh1pz3.default\extensions\[email protected]
[2011/07/20 00:29:39 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\deedee\Application Data\Mozilla\Firefox\Profiles\ntrh1pz3.default\extensions\[email protected]
[2011/04/02 02:51:14 | 000,002,569 | ---- | M] () -- C:\Documents and Settings\deedee\Application Data\Mozilla\Firefox\Profiles\ntrh1pz3.default\searchplugins\askcom.xml
[2011/10/05 00:40:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 19:30:37 | 000,002,287 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.201.245.77 24.200.243.189 24.200.241.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{095FCF27-4AB7-4EB6-8917-B3DF1F7158D1}: DhcpNameServer = 24.201.245.77 24.200.243.189 24.200.241.37
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\deedee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\deedee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/08 23:58:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/10 19:17:18 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\deedee\Desktop\aswMBR.exe
[2011/10/10 17:00:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/09 22:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\Desktop\Fash illy
[2011/10/09 20:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\Desktop\Fierce
[2011/10/09 18:48:48 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\deedee\Desktop\OTL.exe
[2011/10/08 11:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/10/07 15:29:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\My Documents\New Folder
[2011/10/05 02:41:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\deedee\Recent
[2011/10/04 21:31:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/10/04 21:28:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\Application Data\Avira
[2011/10/04 21:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/04 21:27:47 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/10/04 21:27:44 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/10/04 21:27:44 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/10/04 21:27:43 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/10/04 21:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/04 21:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/10/04 20:33:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/04 18:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/10/04 18:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/10/03 19:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\rnwsfksi
[2011/10/03 19:26:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\Application Data\Help
[2011/09/29 18:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\Desktop\self pix 2011
[2011/09/28 18:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\Local Settings\Application Data\Babylon
[2011/09/28 18:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\Application Data\Babylon
[2011/09/28 18:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/09/28 17:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\Desktop\Montreal Artwork
[2010/09/17 18:42:28 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll
[2010/09/17 18:42:28 | 000,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll
[2010/09/17 18:42:28 | 000,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll
[2010/09/17 18:42:28 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll
[2010/09/17 18:42:28 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll
[2010/09/17 18:42:28 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll
[2010/09/17 18:42:28 | 000,311,296 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihcp.dll
[2010/09/17 18:42:28 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll
[2010/09/17 18:42:28 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll
[2010/09/17 18:42:27 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll
[2010/09/17 18:42:27 | 000,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll
[2010/09/17 18:42:27 | 000,517,040 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicoms.exe
[2010/09/17 18:42:27 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll
[2010/09/17 18:42:27 | 000,340,912 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicfg.exe
[2010/09/17 18:42:27 | 000,320,432 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiih.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/10 19:17:21 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\deedee\Desktop\aswMBR.exe
[2011/10/10 19:07:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/10 19:05:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/10 19:05:38 | 2146,484,224 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/09 18:48:51 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\deedee\Desktop\OTL.exe
[2011/10/08 11:59:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/05 02:56:39 | 000,072,704 | ---- | M] () -- C:\Documents and Settings\deedee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/05 00:41:00 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\deedee\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/05 00:41:00 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/04 21:28:11 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/04 21:26:39 | 082,885,256 | ---- | M] () -- C:\Documents and Settings\deedee\My Documents\avira_free_antivirus_en.exe
[2011/10/04 18:48:40 | 000,004,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/09/29 16:21:17 | 000,037,515 | ---- | M] () -- C:\Documents and Settings\deedee\Desktop\M2011_eng.rtf
[2011/09/29 14:48:10 | 000,039,176 | ---- | M] () -- C:\Documents and Settings\deedee\Desktop\MC_eng.rtf
[2011/09/24 19:47:16 | 000,000,629 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/05 00:41:00 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\deedee\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/05 00:41:00 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/05 00:41:00 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/04 21:28:11 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/04 21:25:58 | 082,885,256 | ---- | C] () -- C:\Documents and Settings\deedee\My Documents\avira_free_antivirus_en.exe
[2011/10/04 18:45:47 | 000,004,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/09/29 16:21:17 | 000,037,515 | ---- | C] () -- C:\Documents and Settings\deedee\Desktop\M2011_eng.rtf
[2011/09/29 14:48:10 | 000,039,176 | ---- | C] () -- C:\Documents and Settings\deedee\Desktop\MC_eng.rtf
[2011/09/24 19:47:56 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/24 19:47:16 | 000,000,629 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/09/07 18:40:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/07/12 07:40:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/25 14:19:39 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\deedee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/17 18:46:53 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll
[2010/09/17 18:46:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdicoin.dll
[2010/09/17 18:46:21 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdidrs.dll
[2010/09/17 18:46:21 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdicnv4.dll
[2010/09/17 18:46:21 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdicaps.dll
[2010/09/17 18:42:28 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxdiinst.dll
[2010/09/17 18:42:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll
[2010/08/09 22:16:24 | 000,000,250 | ---- | C] () -- C:\WINDOWS\RealFlight.INI
[2010/08/09 21:12:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/09 00:00:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/08 23:54:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/08 19:46:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/08 19:44:56 | 000,117,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/04/07 22:16:43 | 000,684,004 | -H-- | C] () -- C:\Documents and Settings\deedee\Application Data\logs.dat
[2004/08/03 19:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 11:00:00 | 000,432,944 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 11:00:00 | 000,067,860 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/08/09 21:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/09/28 18:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/10/04 20:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/10/20 14:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TOSHIBA
[2011/04/03 01:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/09/28 18:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deedee\Application Data\Babylon
[2010/11/23 21:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deedee\Application Data\Lexmark Productivity Studio
[2011/04/05 22:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deedee\Application Data\PhotoFiltre
[2011/10/10 16:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deedee\Application Data\uTorrent

========== Purity Check ==========

< End of report >

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-10 19:33:31
-----------------------------
19:33:31.390 OS Version: Windows 5.1.2600 Service Pack 3
19:33:31.390 Number of processors: 2 586 0x209
19:33:31.390 ComputerName: OLDSCHOOL UserName: deedee
19:33:32.296 Initialize success
19:33:50.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:33:50.718 Disk 0 Vendor: IC25N060ATMR04-0 MO3OAD5A Size: 57231MB BusType: 3
19:33:52.750 Disk 0 MBR read successfully
19:33:52.750 Disk 0 MBR scan
19:33:52.750 Disk 0 unknown MBR code
19:33:52.750 Disk 0 scanning sectors +117194175
19:33:52.812 Disk 0 scanning C:\WINDOWS\system32\drivers
19:34:05.937 Service scanning
19:34:07.250 Modules scanning
19:34:13.734 Disk 0 trace - called modules:
19:34:13.765 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
19:34:13.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b72ab8]
19:34:13.781 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000079[0x89ba79e8]
19:34:13.781 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89b99d98]
19:34:13.781 Scan finished successfully
19:51:51.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\deedee\Desktop\MBR.dat"
19:51:51.593 The log file has been saved successfully to "C:\Documents and Settings\deedee\Desktop\aswMBR.txt"

Thanks !

-Mickelle

#4
Essexboy

Posted 11 October 2011 - 11:12 AM

GeekU Moderator

Retired Staff
69,964 posts

Well either OTL killed it or it has gone into hiding

Are you still experiencing the problem ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

#5
mickelle

Posted 11 October 2011 - 01:43 PM

Member

Topic Starter
Member
29 posts

Hello Essexboy :

Yeah, I think the virus/malware/rootkit came back with a vengence. But anyway, i managed to get the log files here ...

OTL logfile created on: 11/10/2011 3:32:40 PM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\deedee\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.42% Memory free
3.85 Gb Paging File | 3.29 Gb Available in Paging File | 85.49% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 19.56 Gb Free Space | 35.00% Space Free | Partition Type: NTFS

Computer Name: OLDSCHOOL | User Name: deedee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/09 18:48:51 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\deedee\Desktop\OTL.exe
PRC - [2011/09/29 02:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/09/16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/16 12:54:10 | 000,025,264 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
PRC - [2007/07/16 12:54:08 | 000,434,864 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
PRC - [2007/06/11 10:14:52 | 000,517,040 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdicoms.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/29 02:53:40 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/16 02:05:58 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/08/10 12:27:38 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/08/10 02:15:56 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/10 02:15:45 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011/08/10 02:15:22 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011/08/10 02:09:08 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/08/09 23:27:08 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/06/20 22:26:42 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/12/13 12:07:58 | 005,971,408 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/08/15 18:08:44 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/07/16 12:54:10 | 000,025,264 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
MOD - [2007/07/16 12:54:08 | 000,434,864 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
MOD - [2007/05/02 05:11:56 | 000,040,960 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.Monitor.Core.dll
MOD - [2007/05/02 05:11:56 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.Monitor.Common.dll
MOD - [2007/05/02 05:10:58 | 000,057,344 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.DevMons.MCMDevMon.dll
MOD - [2007/04/30 08:20:26 | 000,011,776 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
MOD - [2007/04/30 08:19:52 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.DevMons.ScanDevMon.dll
MOD - [2007/04/30 08:19:48 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.DevMons.NetworkCardDevMon.dll
MOD - [2007/03/23 15:41:44 | 000,278,528 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiscw.dll
MOD - [2007/03/15 23:08:12 | 000,113,664 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdidrpp.dll
MOD - [2007/03/05 10:45:26 | 000,589,824 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdidatr.dll
MOD - [2006/12/28 11:47:42 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdicats.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2007/06/11 10:14:52 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdicoms.exe -- (lxdi_device)
SRV - [2007/06/11 10:14:42 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (Micorsoft Windows Service)
DRV - [2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2005/05/11 18:47:56 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/03/04 10:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/29 14:10:06 | 000,274,688 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/04/29 14:09:20 | 000,292,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2003/05/01 22:42:00 | 000,030,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/05/01 22:40:00 | 000,165,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/05/01 22:38:00 | 000,622,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/05/01 22:37:00 | 001,107,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2C 84 CE 09 74 8B CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.8

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/05 00:40:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/04 21:24:31 | 000,000,000 | ---D | M]

[2010/11/23 21:08:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\deedee\Application Data\Mozilla\Extensions
[2011/10/04 20:43:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\deedee\Application Data\Mozilla\Firefox\Profiles\ntrh1pz3.default\extensions
[2010/11/26 21:10:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\deedee\Application Data\Mozilla\Firefox\Profiles\ntrh1pz3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/28 18:46:49 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\deedee\Application Data\Mozilla\Firefox\Profiles\ntrh1pz3.default\extensions\[email protected]
[2011/07/20 00:29:39 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\deedee\Application Data\Mozilla\Firefox\Profiles\ntrh1pz3.default\extensions\[email protected]
[2011/04/02 02:51:14 | 000,002,569 | ---- | M] () -- C:\Documents and Settings\deedee\Application Data\Mozilla\Firefox\Profiles\ntrh1pz3.default\searchplugins\askcom.xml
[2011/10/05 00:40:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 19:30:37 | 000,002,287 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/11 15:08:46 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.201.245.77 24.200.243.189 24.200.241.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{095FCF27-4AB7-4EB6-8917-B3DF1F7158D1}: DhcpNameServer = 24.201.245.77 24.200.243.189 24.200.241.37
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\rnwsfksi\atoipncy.exe) -C:\Program Files\rnwsfksi\atoipncy.exe ()
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\deedee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\deedee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/08 23:58:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/11 15:27:57 | 000,183,328 | ---- | C] (Vano Freelancer) -- C:\Program Files\setup.exe
[2011/10/10 19:17:18 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\deedee\Desktop\aswMBR.exe
[2011/10/10 17:00:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/09 22:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\Desktop\Fash illy
[2011/10/09 20:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\Desktop\Fierce
[2011/10/09 18:48:48 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\deedee\Desktop\OTL.exe
[2011/10/08 11:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/10/07 15:29:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\My Documents\New Folder
[2011/10/05 02:41:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\deedee\Recent
[2011/10/04 21:31:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/10/04 21:28:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\Application Data\Avira
[2011/10/04 21:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/04 21:27:47 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/10/04 21:27:44 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/10/04 21:27:44 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/10/04 21:27:43 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/10/04 21:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/04 21:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/10/04 20:33:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/04 18:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/10/04 18:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/10/03 19:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\rnwsfksi
[2011/10/03 19:26:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\Application Data\Help
[2011/09/29 18:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\Desktop\self pix 2011
[2011/09/28 18:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\Local Settings\Application Data\Babylon
[2011/09/28 18:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\Application Data\Babylon
[2011/09/28 18:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/09/28 17:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deedee\Desktop\Montreal Artwork
[2010/09/17 18:42:28 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll
[2010/09/17 18:42:28 | 000,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll
[2010/09/17 18:42:28 | 000,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll
[2010/09/17 18:42:28 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll
[2010/09/17 18:42:28 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll
[2010/09/17 18:42:28 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll
[2010/09/17 18:42:28 | 000,311,296 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihcp.dll
[2010/09/17 18:42:28 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll
[2010/09/17 18:42:28 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll
[2010/09/17 18:42:27 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll
[2010/09/17 18:42:27 | 000,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll
[2010/09/17 18:42:27 | 000,517,040 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicoms.exe
[2010/09/17 18:42:27 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll
[2010/09/17 18:42:27 | 000,340,912 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicfg.exe
[2010/09/17 18:42:27 | 000,320,432 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiih.exe

========== Files - Modified Within 30 Days ==========

[2011/10/11 15:28:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/11 15:27:57 | 000,183,328 | ---- | M] (Vano Freelancer) -- C:\Program Files\setup.exe
[2011/10/11 15:27:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/11 15:27:15 | 2146,484,224 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/11 15:08:46 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/10/11 01:02:51 | 000,039,845 | ---- | M] () -- C:\Documents and Settings\deedee\Desktop\Michael Christie_frn.rtf
[2011/10/10 23:55:19 | 000,109,902 | ---- | M] () -- C:\Documents and Settings\deedee\Desktop\800px-KB_Canadian_Multilingual_Standard_comment-en.svg.png
[2011/10/10 19:51:51 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\deedee\Desktop\MBR.dat
[2011/10/10 19:17:21 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\deedee\Desktop\aswMBR.exe
[2011/10/09 18:48:51 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\deedee\Desktop\OTL.exe
[2011/10/08 11:59:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/05 02:56:39 | 000,072,704 | ---- | M] () -- C:\Documents and Settings\deedee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/05 00:41:00 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\deedee\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/05 00:41:00 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/04 21:28:11 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/04 21:26:39 | 082,885,256 | ---- | M] () -- C:\Documents and Settings\deedee\My Documents\avira_free_antivirus_en.exe
[2011/10/04 18:48:40 | 000,004,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/09/29 16:21:17 | 000,037,515 | ---- | M] () -- C:\Documents and Settings\deedee\Desktop\M2011_eng.rtf
[2011/09/29 14:48:10 | 000,039,176 | ---- | M] () -- C:\Documents and Settings\deedee\Desktop\MC_eng.rtf
[2011/09/24 19:47:16 | 000,000,629 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

========== Files Created - No Company Name ==========

[2011/10/11 00:18:59 | 000,039,845 | ---- | C] () -- C:\Documents and Settings\deedee\Desktop\Michael Christie_frn.rtf
[2011/10/10 23:55:19 | 000,109,902 | ---- | C] () -- C:\Documents and Settings\deedee\Desktop\800px-KB_Canadian_Multilingual_Standard_comment-en.svg.png
[2011/10/10 19:51:51 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\deedee\Desktop\MBR.dat
[2011/10/05 00:41:00 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\deedee\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/05 00:41:00 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/05 00:41:00 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/04 21:28:11 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/04 21:25:58 | 082,885,256 | ---- | C] () -- C:\Documents and Settings\deedee\My Documents\avira_free_antivirus_en.exe
[2011/10/04 18:45:47 | 000,004,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/09/29 16:21:17 | 000,037,515 | ---- | C] () -- C:\Documents and Settings\deedee\Desktop\M2011_eng.rtf
[2011/09/29 14:48:10 | 000,039,176 | ---- | C] () -- C:\Documents and Settings\deedee\Desktop\MC_eng.rtf
[2011/09/24 19:47:56 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/24 19:47:16 | 000,000,629 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/09/07 18:40:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/07/12 07:40:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/25 14:19:39 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\deedee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/17 18:46:53 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll
[2010/09/17 18:46:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdicoin.dll
[2010/09/17 18:46:21 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdidrs.dll
[2010/09/17 18:46:21 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdicnv4.dll
[2010/09/17 18:46:21 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdicaps.dll
[2010/09/17 18:42:28 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxdiinst.dll
[2010/09/17 18:42:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll
[2010/08/09 22:16:24 | 000,000,250 | ---- | C] () -- C:\WINDOWS\RealFlight.INI
[2010/08/09 21:12:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/09 00:00:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/08 23:54:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/08 19:46:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/08 19:44:56 | 000,117,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/04/07 22:16:43 | 000,684,004 | -H-- | C] () -- C:\Documents and Settings\deedee\Application Data\logs.dat
[2004/08/03 19:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 11:00:00 | 000,432,944 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 11:00:00 | 000,067,860 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/08/09 21:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/09/28 18:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/10/04 20:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/10/20 14:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TOSHIBA
[2011/04/03 01:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/09/28 18:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deedee\Application Data\Babylon
[2010/11/23 21:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deedee\Application Data\Lexmark Productivity Studio
[2011/04/05 22:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deedee\Application Data\PhotoFiltre
[2011/10/10 16:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deedee\Application Data\uTorrent

========== Purity Check ==========

< End of report >

---------------------------------------------------MBRCheck---------------------------------------------

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 130):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 PCIIde.sys
0xF7707000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF798B000 intelide.sys
0xF74D9000 pcmcia.sys
0xF7627000 MountMgr.sys
0xF74BA000 ftdisk.sys
0xF798D000 dmload.sys
0xF7494000 dmio.sys
0xF78A3000 ACPIEC.sys
0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF747C000 atapi.sys
0xF7647000 disk.sys
0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF745C000 fltmgr.sys
0xF744A000 sr.sys
0xF7433000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7406000 NDIS.sys
0xF787D000 Mup.sys
0xF7667000 agp440.sys
0xF7507000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA7D8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB9DA6000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB9D92000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF77B7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9D6E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77BF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9D5B000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
0xF74F7000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB9D00000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xBA780000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB9CEC000 \SystemRoot\system32\DRIVERS\parport.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\nscirda.sys
0xBA7D4000 \SystemRoot\system32\DRIVERS\irenum.sys
0xBA770000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA760000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA750000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9CC9000 \SystemRoot\system32\DRIVERS\ks.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB9C85000 \SystemRoot\system32\drivers\camchal.sys
0xB9C3D000 \SystemRoot\system32\drivers\camcaud.sys
0xB9C19000 \SystemRoot\system32\drivers\portcls.sys
0xBA740000 \SystemRoot\system32\drivers\drmk.sys
0xB9BF0000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xB9AE1000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xB9A48000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF77E7000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA7C8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA6D9000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA730000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA7C0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9A31000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA720000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA710000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB9980000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA700000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7807000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9900000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA6F0000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7999000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB985D000 \SystemRoot\system32\DRIVERS\update.sys
0xBA7A4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7687000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7697000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF799F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF79A7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA41E000 \SystemRoot\System32\Drivers\Null.SYS
0xF79A9000 \SystemRoot\System32\Drivers\Beep.SYS
0xF773F000 \SystemRoot\System32\drivers\vga.sys
0xF79AB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79AD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7747000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF774F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA407000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB86A2000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB8649000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB8621000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB85FB000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB85D9000 \SystemRoot\System32\drivers\afd.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7757000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB85AE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB8516000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF76F7000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7587000 \SystemRoot\system32\DRIVERS\avkmgr.sys
0xB8429000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7567000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB8411000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79B9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB98F8000 \SystemRoot\System32\drivers\Dxapi.sys
0xF775F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA054000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF3AB000 \SystemRoot\System32\ATMFD.DLL
0xB65CC000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB6566000 \SystemRoot\system32\DRIVERS\irda.sys
0xB6621000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB631D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB6218000 \SystemRoot\system32\drivers\wdmaud.sys
0xB99C1000 \SystemRoot\system32\drivers\sysaudio.sys
0xF79CF000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB52C9000 \SystemRoot\system32\DRIVERS\srv.sys
0xB53F9000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB9958000 \SystemRoot\system32\DRIVERS\strmdisp.sys
0xB4D88000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7797000 \??\C:\WINDOWS\TEMP\himpskxl.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 37):
0 System Idle Process
4 System
696 C:\WINDOWS\system32\smss.exe
748 C:\WINDOWS\system32\csrss.exe
776 C:\WINDOWS\system32\winlogon.exe
820 C:\WINDOWS\system32\services.exe
856 C:\WINDOWS\system32\lsass.exe
1016 C:\WINDOWS\system32\svchost.exe
1084 C:\WINDOWS\system32\svchost.exe
1124 C:\WINDOWS\system32\svchost.exe
1256 C:\WINDOWS\system32\svchost.exe
1288 C:\WINDOWS\system32\svchost.exe
1664 C:\WINDOWS\system32\spoolsv.exe
1700 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1760 C:\WINDOWS\system32\svchost.exe
428 C:\WINDOWS\explorer.exe
668 C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
676 C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
740 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
860 C:\Program Files\iTunes\iTunesHelper.exe
1040 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1428 C:\WINDOWS\system32\ctfmon.exe
1928 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1932 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1960 C:\Program Files\Bonjour\mDNSResponder.exe
1984 C:\WINDOWS\system32\svchost.exe
888 C:\Program Files\Internet Explorer\iexplore.exe
1776 C:\WINDOWS\system32\lxdicoms.exe
1036 C:\WINDOWS\system32\nvsvc32.exe
2144 C:\WINDOWS\system32\svchost.exe
3504 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
604 C:\Program Files\iPod\bin\iPodService.exe
2680 C:\WINDOWS\system32\alg.exe
3904 C:\WINDOWS\system32\wuauclt.exe
2604 C:\Program Files\Mozilla Firefox\firefox.exe
2928 C:\Program Files\Mozilla Firefox\plugin-container.exe
3208 C:\Documents and Settings\deedee\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: IC25N060ATMR04-0, Rev: MO3OAD5A

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E2E0ECF1B7B08B3E65E2D1E12224B6D7B6E87FF8

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

-Mickelle

#6
Essexboy

Posted 11 October 2011 - 01:50 PM

GeekU Moderator

Retired Staff
69,964 posts

Aye I can see it again - OK bigger hammer time I feel. Allow Combofix to install the recovery console

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#7
mickelle

Posted 11 October 2011 - 04:00 PM

Member

Topic Starter
Member
29 posts

OK so heres the combofix log.. The comp seemed to reboot properly when combofix restarted it. I guess i'll know soon if the problem is still there. Cheers!

ComboFix 11-10-11.03 - deedee 28/10/2011 17:34:57.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1325 [GMT -4:00]
Running from: c:\documents and settings\deedee\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\deedee\Application Data\Help\ceptr.tll
c:\documents and settings\deedee\Application Data\Help\comm.tll
c:\documents and settings\deedee\Application Data\Help\coredb\storage
c:\documents and settings\deedee\Application Data\logs.dat
c:\documents and settings\deedee\Local Settings\Application Data\buoaqmku.log
c:\documents and settings\deedee\Local Settings\Application Data\wyfaaqtu.log
c:\documents and settings\rob\WINDOWS
c:\program files\Setup.exe
C:\Recycle.Bin
c:\recycle.bin\A9DFBCE0F6AACCC
c:\recycle.bin\B6232F3A324.exe
c:\windows\system32\d3d9caps.dat
.
Infected copy of c:\windows\system32\user32.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\user32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
-------\Service_Micorsoft Windows Service
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-10 21:00 . 2011-10-10 21:00 -------- d-----w- C:\_OTL
2011-10-08 15:59 . 2011-10-08 15:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-10-05 01:31 . 2011-10-28 20:43 -------- d-----w- c:\windows\system32\NtmsData
2011-10-05 01:28 . 2011-10-05 01:28 -------- d-----w- c:\documents and settings\deedee\Application Data\Avira
2011-10-05 01:27 . 2011-09-18 12:39 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-05 01:27 . 2011-09-16 03:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-05 01:27 . 2011-09-16 03:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-05 01:27 . 2011-10-05 01:27 -------- d-----w- c:\program files\Avira
2011-10-05 01:27 . 2011-10-05 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-10-04 22:30 . 2011-10-05 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-10-04 22:30 . 2011-10-04 22:30 -------- d-----w- c:\program files\Common Files\iS3
2011-10-03 23:26 . 2011-10-28 21:43 -------- d-----w- c:\program files\rnwsfksi
2011-09-28 22:46 . 2011-09-28 22:46 -------- d-----w- c:\documents and settings\deedee\Local Settings\Application Data\Babylon
2011-09-28 22:46 . 2011-09-28 22:46 -------- d-----w- c:\documents and settings\deedee\Application Data\Babylon
2011-09-28 22:46 . 2011-09-28 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2004-08-03 22:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-29 06:53 . 2011-10-05 04:40 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-03-12 3067904]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
atoipncy.exe [2011-10-28 79258]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\rnwsfksi\atoipncy.exe"
.
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\rob\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\WINDOWS\\system32\\lxdicoms.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"c:\\WINDOWS\\system32\\lxdicfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [04/10/2011 9:27 PM 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [04/10/2011 9:27 PM 86224]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [17/09/2010 6:46 PM 99248]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 24.201.245.77 24.200.243.189 24.200.241.37
FF - ProfilePath - c:\documents and settings\deedee\Application Data\Mozilla\Firefox\Profiles\ntrh1pz3.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - www.google.ca
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKCU-Run-4Y3Y0C3AWF7XXW5WMAYSKP - c:\recycle.bin\B6232F3A324.exe
Notify-TPSvc - TPSvc.dll
AddRemove-RealFlight2 - D:\CPanel.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-28 17:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4024)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\lxdicoms.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\setup.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-10-28 17:53:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-28 21:53
.
Pre-Run: 20,859,383,808 bytes free
Post-Run: 20,578,107,392 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 23B5DE8038098D0EE6D65AC1D22763A3

#8
Essexboy

Posted 12 October 2011 - 11:17 AM

GeekU Moderator

Retired Staff
69,964 posts

OK we now need to repair your safe boot options. I will follow that with a sweep for orphans. Once you have completed this can you let me know of any remaining problems

Download the attached zip file to your desktop and extract the reg file
Right click the reg file and select Merge
Accept the warnings and you are done

[attachment=52924:SafeBoot-for-Windows-XP-SP3.zip]

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

#9
mickelle

Posted 12 October 2011 - 09:41 PM

Member

Topic Starter
Member
29 posts

OK thanks did what you asked ... I was just wondering why Avira keeps on finding infections on the reboot. Is it possible that it finds different ones than MBAM ? thanks.

Mickelle

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7933

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/10/2011 11:28:11 PM
mbam-log-2011-10-12 (23-28-11).txt

Scan type: Quick scan
Objects scanned: 171065
Time elapsed: 6 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\recycle.bin (Trojan.Spyeyes) -> Delete on reboot.

Files Infected:
c:\WINDOWS\temp\1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\recycle.bin\b6232f3a324.exe (Trojan.Spyeyes) -> Quarantined and deleted successfully.
c:\recycle.bin\a9dfbce0f6aaccc (Trojan.Spyeyes) -> Quarantined and deleted successfully.

#10
Essexboy

Posted 13 October 2011 - 11:51 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you post what Avira is finding please, i.e. file name and location

I would like one further run with combofix, when combofix runs it will ask to update, allow it to do so

So next run combofix and post the resultant log plus the findings from Avira

#11
mickelle

Posted 16 October 2011 - 01:44 PM

Member

Topic Starter
Member
29 posts

Hey how are ya? Ok so this file kept coming up quite a bit c:/program files/rnwsfksi/atoipncy.exe but apparently cant be fixed.
It also attacks the system folder a lot.

AVIRA :::

Avira Free Antivirus
Report file date: October 13, 2011 19:23

Scanning for 3384742 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : deedee
Computer name : OLDSCHOOL

Version information:
BUILD.DAT : 12.0.0.851 41826 Bytes 10/5/2011 21:41:00
AVSCAN.EXE : 12.1.0.17 490448 Bytes 9/23/2011 22:04:46
AVSCAN.DLL : 12.1.0.17 54224 Bytes 9/23/2011 17:34:56
LUKE.DLL : 12.1.0.17 68304 Bytes 9/23/2011 16:55:16
AVSCPLR.DLL : 12.1.0.19 99536 Bytes 9/23/2011 16:02:36
AVREG.DLL : 12.1.0.20 227024 Bytes 9/23/2011 15:54:30
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 15:07:39
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 21:08:51
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 16:00:55
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 16:18:22
VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 18:12:53
VBASE006.VDF : 7.11.13.60 6411776 Bytes 8/16/2011 13:26:09
VBASE007.VDF : 7.11.15.106 2389504 Bytes 10/5/2011 19:40:12
VBASE008.VDF : 7.11.15.107 2048 Bytes 10/5/2011 19:40:12
VBASE009.VDF : 7.11.15.108 2048 Bytes 10/5/2011 19:40:12
VBASE010.VDF : 7.11.15.109 2048 Bytes 10/5/2011 19:40:12
VBASE011.VDF : 7.11.15.110 2048 Bytes 10/5/2011 19:40:12
VBASE012.VDF : 7.11.15.111 2048 Bytes 10/5/2011 19:40:13
VBASE013.VDF : 7.11.15.144 161792 Bytes 10/7/2011 19:40:14
VBASE014.VDF : 7.11.15.177 130048 Bytes 10/10/2011 14:52:41
VBASE015.VDF : 7.11.15.213 113664 Bytes 10/11/2011 19:46:24
VBASE016.VDF : 7.11.15.214 2048 Bytes 10/11/2011 19:46:24
VBASE017.VDF : 7.11.15.215 2048 Bytes 10/11/2011 19:46:24
VBASE018.VDF : 7.11.15.216 2048 Bytes 10/11/2011 19:46:25
VBASE019.VDF : 7.11.15.217 2048 Bytes 10/11/2011 19:46:25
VBASE020.VDF : 7.11.15.218 2048 Bytes 10/11/2011 19:46:25
VBASE021.VDF : 7.11.15.219 2048 Bytes 10/11/2011 19:46:25
VBASE022.VDF : 7.11.15.220 2048 Bytes 10/11/2011 19:46:25
VBASE023.VDF : 7.11.15.221 2048 Bytes 10/11/2011 19:46:25
VBASE024.VDF : 7.11.15.222 2048 Bytes 10/11/2011 19:46:25
VBASE025.VDF : 7.11.15.223 2048 Bytes 10/11/2011 19:46:26
VBASE026.VDF : 7.11.15.224 2048 Bytes 10/11/2011 19:46:26
VBASE027.VDF : 7.11.15.225 2048 Bytes 10/11/2011 19:46:26
VBASE028.VDF : 7.11.15.226 2048 Bytes 10/11/2011 19:46:26
VBASE029.VDF : 7.11.15.227 2048 Bytes 10/11/2011 19:46:26
VBASE030.VDF : 7.11.15.228 2048 Bytes 10/11/2011 19:46:26
VBASE031.VDF : 7.11.15.232 21504 Bytes 10/11/2011 19:46:27
Engineversion : 8.2.6.80
AEVDF.DLL : 8.1.2.1 106868 Bytes 9/2/2011 03:46:02
AESCRIPT.DLL : 8.1.3.81 467322 Bytes 10/5/2011 01:29:24
AESCN.DLL : 8.1.7.2 127349 Bytes 9/2/2011 03:46:02
AESBX.DLL : 8.2.1.34 323957 Bytes 9/2/2011 03:46:02
AERDL.DLL : 8.1.9.15 639348 Bytes 9/9/2011 03:16:06
AEPACK.DLL : 8.2.10.11 684408 Bytes 9/22/2011 20:18:45
AEOFFICE.DLL : 8.1.2.15 201083 Bytes 9/16/2011 05:17:25
AEHEUR.DLL : 8.1.2.177 3744120 Bytes 10/7/2011 19:40:32
AEHELP.DLL : 8.1.17.7 254327 Bytes 9/2/2011 03:46:01
AEGEN.DLL : 8.1.5.9 401780 Bytes 9/2/2011 03:46:01
AEEMU.DLL : 8.1.3.0 393589 Bytes 9/2/2011 03:46:01
AECORE.DLL : 8.1.23.0 196983 Bytes 9/2/2011 03:46:01
AEBB.DLL : 8.1.1.0 53618 Bytes 9/2/2011 03:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 9/23/2011 16:13:18
AVPREF.DLL : 12.1.0.17 51920 Bytes 9/23/2011 15:53:57
AVREP.DLL : 12.1.0.17 179408 Bytes 9/23/2011 15:55:01
AVARKT.DLL : 12.1.0.17 223184 Bytes 9/23/2011 15:25:26
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 9/23/2011 15:34:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 9/16/2011 06:05:58
AVSMTP.DLL : 12.1.0.17 62928 Bytes 9/23/2011 16:03:47
NETNT.DLL : 12.1.0.17 17104 Bytes 9/23/2011 16:58:06
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 9/23/2011 17:37:25
RCTEXT.DLL : 12.1.0.16 96208 Bytes 9/23/2011 17:37:24

Configuration settings for the scan:
Jobname.............................: BootSectorTest
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES\4dd0424d.avp
Logging.............................: default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: October 13, 2011 19:23

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'x86.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
Scan process 'lxdicoms.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'mbamgui.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'lxdiamon.exe' - '1' Module(s) have been scanned
Scan process 'lxdimon.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting to scan executable files (registry).
C:\Program Files\rnwsfksi\atoipncy.exe
[DETECTION] Is the TR/Drop.Agent.iop.1 Trojan
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\atoipncy.exe
[DETECTION] Is the TR/Drop.Agent.iop.1 Trojan

The registry was scanned ( '2568' files ).

Beginning disinfection:
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\atoipncy.exe
[DETECTION] Is the TR/Drop.Agent.iop.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4b24df63.qua'.
The registration entry <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit> could not be repaired.
C:\Program Files\rnwsfksi\atoipncy.exe
[DETECTION] Is the TR/Drop.Agent.iop.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '53b3f0c5.qua'.
[WARNING] The registration entry <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit> could not be repaired.
[NOTE] For the final repair, a restart of the computer is instigated.

MBAM ::::

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7933

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/10/2011 11:28:11 PM
mbam-log-2011-10-12 (23-28-11).txt

Scan type: Quick scan
Objects scanned: 171065
Time elapsed: 6 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\recycle.bin (Trojan.Spyeyes) -> Delete on reboot.

Files Infected:
c:\WINDOWS\temp\1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\recycle.bin\b6232f3a324.exe (Trojan.Spyeyes) -> Quarantined and deleted successfully.
c:\recycle.bin\a9dfbce0f6aaccc (Trojan.Spyeyes) -> Quarantined and deleted successfully.

#12
Essexboy

Posted 16 October 2011 - 01:49 PM

GeekU Moderator

Retired Staff
69,964 posts

If combofix does not get it I will fix it manually, so after combofix has completed could you run a fresh OTL scan please

#13
Essexboy

Posted 20 October 2011 - 01:00 PM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.