31 replies to this topic

[LaughingDog]

I am getting the same error messages as shown in post #21. I have followed exactly the instructions in posts 23 and 29. In addition, I have tried using CCleaner's registry cleaner, I have manually cleaned the registry myself, I have disabled all antivirus (Avira premium), and have tried all of the above in safe mode as well. I had one install in which MBAM did not immediately error, but it did as soon as it updated. I have scanned the machine with Avira, Bitdefender, MBAM, AdAware and Spybot. I removed all antivirus and re-installed. Same error on loading MBAM. Only Avira and MBAM are active. All other antivirus and antimalware are passive. I am using Windows XP Professional SP2. Please help.

[AdvancedSetup]

Please take a look at the following posts and see if they help you to resolve this or not.

Potential Malware infection issues to review to get MBAM running

• MB won't run(Fix) - Total-Security (FakeAlert)
  
• MBAM wont run (Fix) - av360 (Fakealert)
  
• MBAM wont install or will not run. - CLB Rootkit driver=TDSS/Seneka/GAOPDX/UAC

If that does not help then please run the following.

[indent]Please visit this webpage for instructions for downloading ComboFix to your DESKTOP : how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
NOTE!!: You must save and run ComboFix.exe on your DESKTOP and not from any other folder.
Also, DO NOT click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe


Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Click Yes to allow ComboFix to continue scanning for malware.
  
• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

[/indent]

[LaughingDog]

Sorry about wrong forum. I was hoping there would be a simple answer like the others. Here are the combofix and hijackthis logs:

ComboFix 09-06-08.03 - not found 06/10/2009 3:23.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2045.1656 [GMT -7:00]
Running from: C:\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.

((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.

2009-06-10 07:29 . 2009-06-10 07:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-10 07:29 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 07:29 . 2009-06-10 07:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 07:29 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-09 14:50 . 2009-06-09 14:50 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-09 14:50 . 2009-06-09 14:50 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-09 14:50 . 2009-06-09 14:50 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-09 14:50 . 2009-06-09 14:50 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-09 14:50 . 2009-06-09 14:50 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-09 14:50 . 2009-06-09 14:50 294240 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-09 14:50 . 2009-06-09 14:50 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-09 14:49 . 2009-06-09 14:49 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-09 14:49 . 2009-06-09 14:49 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-09 14:49 . 2009-06-09 14:49 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-09 14:49 . 2009-06-09 14:49 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-09 14:49 . 2009-06-09 14:49 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-09 14:49 . 2009-06-09 14:49 540536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-09 14:49 . 2009-06-09 14:49 559464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-09 14:49 . 2009-06-09 14:49 2352456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-09 14:49 . 2009-06-09 14:49 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-09 14:49 . 2009-06-09 14:49 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-09 14:49 . 2009-06-09 14:49 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-09 14:39 . 2009-06-09 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-09 14:38 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-09 14:38 . 2009-06-09 14:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-09 14:37 . 2009-06-09 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-09 14:37 . 2009-06-09 14:37 -------- d-----w- c:\program files\Lavasoft
2009-06-09 14:32 . 2009-06-09 14:32 -------- d-----w- c:\documents and settings\not found\Application Data\Avira
2009-06-09 14:28 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-09 14:28 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-09 14:28 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-09 14:27 . 2009-06-09 14:27 -------- d-----w- c:\program files\Avira
2009-06-09 06:06 . 2009-06-09 08:30 -------- d-----w- c:\program files\Panda Security
2009-06-09 05:59 . 2009-06-09 05:59 3020459 ----a-r- C:\ComboFix.exe
2009-06-09 05:24 . 2009-06-09 05:24 -------- d-----w- c:\documents and settings\not found\DoctorWeb
2009-05-30 01:42 . 2009-06-09 03:39 -------- d-----w- c:\program files\GTASACenter
2009-05-30 01:38 . 1998-04-24 07:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2009-05-29 23:06 . 2001-08-17 20:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-05-29 23:06 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-05-23 21:20 . 2009-03-24 23:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 10:22 . 2008-06-30 05:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-10 10:21 . 2006-10-14 05:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-10 10:20 . 2009-03-04 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-10 09:03 . 2009-02-10 21:29 -------- d-----w- c:\documents and settings\not found\Application Data\Malwarebytes
2009-06-10 08:58 . 2008-06-30 05:26 -------- d-----w- c:\program files\SpywareBlaster
2009-06-10 07:50 . 2006-10-30 06:23 -------- d-----w- c:\program files\Assorted
2009-06-09 14:33 . 2009-02-10 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-29 23:17 . 2006-10-13 03:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-25 05:08 . 2006-10-14 05:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-10 17:44 . 2009-05-10 17:22 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-10 17:15 . 2007-05-15 23:24 -------- d-----w- c:\program files\DivX
2009-05-10 17:10 . 2009-05-10 17:10 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-04-12 07:31 . 2009-04-02 02:53 360 ----a-w- C:\drmHeader.bin
2009-04-02 13:21 . 2009-05-10 17:22 84480 ----a-w- c:\windows\system32\ff_vfw.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-09_13.16.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 09:19 . 2007-11-07 09:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 13:07 . 2008-07-29 13:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
- 2008-07-29 14:07 . 2008-07-29 14:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 13:07 . 2008-07-29 13:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
- 2008-07-29 14:07 . 2008-07-29 14:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-06-10 10:08 . 2009-06-10 10:08 16384 c:\windows\Temp\Perflib_Perfdata_7c8.dat
+ 2009-06-09 14:50 . 2009-06-09 14:49 64160 c:\windows\system32\DRVSTORE\lbd_4C6E0193F967021F4DECA024CA3950BECD8BF864\Lbd.sys
+ 2009-06-09 14:39 . 2009-03-09 19:06 64160 c:\windows\system32\DRVSTORE\lbd_1D149FE61E2CD0936E43877117FE3EF0674B9944\Lbd.sys
+ 2007-04-19 22:35 . 2009-05-11 17:12 28520 c:\windows\system32\drivers\ssmdrv.sys
- 2007-04-19 22:35 . 2009-06-09 09:54 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2006-10-13 03:03 . 2009-06-09 14:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-10-13 03:03 . 2009-03-04 19:24 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-10-13 03:03 . 2009-03-04 19:24 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-10-13 03:03 . 2009-06-09 14:42 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-30 03:47 . 2009-06-09 14:42 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-30 03:47 . 2009-03-04 19:24 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-07-29 16:05 . 2008-07-29 16:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 10:54 . 2008-07-29 10:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
- 2008-07-29 11:54 . 2008-07-29 11:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
- 2008-07-29 16:05 . 2008-07-29 16:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ipTray.exe"="c:\program files\Intel\IDU\iptray.exe" [2005-04-30 1267200]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"awTray.exe"="c:\program files\Intel\IDU\awtray.exe" [2005-03-11 1910784]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-09 518488]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-05-26 414480]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
PlexTools Professional.lnk - c:\program files\Plextor\PlexTool.exe [2006-6-23 6647808]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/9/2009 7:39 AM 64160]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [6/9/2009 7:27 AM 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/9/2009 7:27 AM 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [6/9/2009 7:27 AM 434945]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/10/2009 12:29 AM 19096]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/10/2009 12:29 AM 194832]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1005904]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.altavista.com/
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 03:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2912)
c:\windows\system32\ieframe.dll
.
Completion time: 2009-06-10 3:30
ComboFix-quarantined-files.txt 2009-06-10 10:30
ComboFix2.txt 2009-06-10 10:00
ComboFix3.txt 2009-06-09 13:20

Pre-Run: 66,152,726,528 bytes free
Post-Run: 66,140,164,096 bytes free

183







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:36:48 AM, on 6/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\Program Files\Intel\IDU\awtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Intel\IDU\IDUServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [awTray.exe] "C:\Program Files\Intel\IDU\awtray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: PlexTools Professional.lnk = C:\Program Files\Plextor\PlexTool.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Intel® Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 4307 bytes




Thanks.

[AdvancedSetup]

STEP 01
Please disable your Ad-Watch program from Ad-Aware before you continue as it blocks changes made by other programs.
DO NOT continue until you've disabled it.

STEP 02
Download but do not yet run ComboFix
If you have a previous version of Combofix.exe, delete it and download a fresh copy.
Download it to your DESKTOP - it MUST run from the Desktop
download.bleepingcomputer.com/sUBs/ComboFix.exe
subs.geekstogo.com/ComboFix.exe

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines

KILLALL::
AtJob::
Driver::
PciCon
File::
d:\pcicon.sys

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

• Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  
• Disconnect from the Internet.
  
• Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  
• A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
  
• It may identify that Recovery Console is not installed. Please accept when asked if you wish it to be installed.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

STEP 03
Run Eset NOD32 Online AntiVirus

Note: You will need to use Internet Explorer for this scan.

• Disable your current Anti-Virus
  
• Disable your current Anti-Virus
  
• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the activex control to install
  
• Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  
• Click Start
  
• Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  
• Click Scan
  
• Wait for the scan to finish
  
• Re-enable your Anvirisus software.
  
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

STEP 04
[indent]Download DDS and save it to your desktop
http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:

• DDS.txt
  
• Attach.txt

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt

[/indent]

[LaughingDog]

Thanks for your help. Here is more info:

Step one - AdAware was already disabled, so I removed it to make sure it wasn't interfering. Disabled Avira, Spybot resident, Winpatrol.

Step two - Downloaded a new copy of Combofix and saved to desktop. Copied code to notepad, saved and dragged to Combofix. Allowed to run and saved log file. Antivirus was disabled.

Step three - Downloaded and ran Eset NOD32, saved log file. Antivirus was disabled.

Step four - Downloaded and ran DDS. Antivirus was disabled.

A couple of notes - The user name is "not found" and the machine name is "error". This was intentional. I hope this has not caused any confusion.

I noticed this in the first Combofix scan:

------- Supplementary Scan -------
.
uStart Page = hxxp://www.altavista.com/
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll


and this in the second Combofix scan:

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Avira\AntiVir Desktop\avsda.dll

I don't know why it scanned it the first time and deleted it the second, but removing it disables the Avira Mailguard. I uploaded the file to Jotti and it came back clean.

Here are the logfiles:


ComboFix 09-06-09.06 - not found 06/10/2009 4:32.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2045.1670 [GMT -7:00]
Running from: c:\documents and settings\not found\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\not found\Desktop\CFscript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

FILE ::
"d:\pcicon.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Avira\AntiVir Desktop\avsda.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PCICON
-------\Service_PciCon


((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.

2009-06-10 07:29 . 2009-06-10 07:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-10 07:29 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 07:29 . 2009-06-10 07:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 07:29 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-09 14:37 . 2009-06-10 11:18 -------- d-----w- c:\program files\Lavasoft
2009-06-09 14:37 . 2009-06-09 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-09 14:32 . 2009-06-09 14:32 -------- d-----w- c:\documents and settings\not found\Application Data\Avira
2009-06-09 14:28 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-09 14:28 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-09 14:28 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-09 14:27 . 2009-06-09 14:27 -------- d-----w- c:\program files\Avira
2009-06-09 05:24 . 2009-06-09 05:24 -------- d-----w- c:\documents and settings\not found\DoctorWeb
2009-05-30 01:38 . 1998-04-24 07:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2009-05-29 23:06 . 2001-08-17 20:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-05-29 23:06 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-05-23 21:20 . 2009-03-24 23:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 11:27 . 2006-10-14 05:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-10 10:39 . 2008-06-30 05:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-10 10:37 . 2006-10-30 06:23 -------- d-----w- c:\program files\Assorted
2009-06-10 10:20 . 2009-03-04 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-10 09:03 . 2009-02-10 21:29 -------- d-----w- c:\documents and settings\not found\Application Data\Malwarebytes
2009-06-09 14:33 . 2009-02-10 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-29 23:17 . 2006-10-13 03:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-25 05:08 . 2006-10-14 05:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-10 17:44 . 2009-05-10 17:22 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-10 17:15 . 2007-05-15 23:24 -------- d-----w- c:\program files\DivX
2009-05-10 17:10 . 2009-05-10 17:10 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-04-12 07:31 . 2009-04-02 02:53 360 ----a-w- C:\drmHeader.bin
2009-04-02 13:21 . 2009-05-10 17:22 84480 ----a-w- c:\windows\system32\ff_vfw.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-06-10_10.28.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-10 11:39 . 2009-06-10 11:39 16384 c:\windows\temp\Perflib_Perfdata_190.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ipTray.exe"="c:\program files\Intel\IDU\iptray.exe" [2005-04-30 1267200]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"awTray.exe"="c:\program files\Intel\IDU\awtray.exe" [2005-03-11 1910784]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-05-26 414480]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
PlexTools Professional.lnk - c:\program files\Plextor\PlexTool.exe [2006-6-23 6647808]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/9/2009 7:27 AM 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [6/9/2009 7:27 AM 434945]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/10/2009 12:29 AM 19096]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [6/9/2009 7:27 AM 194817]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/10/2009 12:29 AM 194832]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.altavista.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 04:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1812)
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Executive Software\Diskeeper\DkService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
.
**************************************************************************
.
Completion time: 2009-06-10 4:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-10 11:44
ComboFix2.txt 2009-06-10 10:00
ComboFix3.txt 2009-06-09 13:20

Pre-Run: 66,289,106,944 bytes free
Post-Run: 66,277,298,176 bytes free

120





ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=7.00.5730.13 (longhorn(wmbla).070711-1130)
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=f5ffc1779c673b4394e479b2518ff5d6
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-06-10 02:33:31
# local_time=2009-06-10 07:33:31 (-0800, Pacific Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1797 37 75 100 172940156250
# scanned=375205
# found=0
# cleaned=0
# scan_time=5494





DDS (Ver_09-05-14.01) - NTFSx86
Run by not found at 7:38:34.03 on Wed 06/10/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2045.1563 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\IDU\iptray.exe
C:\Program Files\Intel\IDU\awtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plextor\PlexTool.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Intel\IDU\IDUServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\not found\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.altavista.com/
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ipTray.exe] "c:\program files\intel\idu\iptray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [awTray.exe] "c:\program files\intel\idu\awtray.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\plexto~1.lnk - c:\program files\plextor\PlexTool.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-9 11608]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2003-12-19 6656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-9 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-9 185089]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-6-9 434945]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-23 55640]
R2 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2006-10-12 11018]
R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2006-10-12 8704]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-6-10 19096]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2009-6-9 194817]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-6-10 194832]

=============== Created Last 30 ================

2009-06-10 04:58 <DIR> --d----- c:\program files\ESET
2009-06-10 00:29 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 00:29 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-10 00:29 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-09 07:37 <DIR> --d----- c:\program files\Lavasoft
2009-06-09 07:32 <DIR> --d----- c:\docume~1\notfou~1\applic~1\Avira
2009-06-09 07:27 <DIR> --d----- c:\program files\Avira
2009-06-09 06:10 <DIR> a-dshr-- C:\cmdcons
2009-06-09 06:08 161,792 a------- c:\windows\SWREG.exe
2009-06-09 06:08 155,136 a------- c:\windows\PEV.exe
2009-06-09 06:08 98,816 a------- c:\windows\sed.exe
2009-06-08 22:24 <DIR> --d----- c:\documents and settings\not found\DoctorWeb
2009-05-29 18:38 368,912 a------- c:\windows\system32\vbar332.dll
2009-05-29 18:38 152,848 a------- c:\windows\system32\COMDLG32.OCX
2009-05-29 16:06 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-05-29 16:06 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-05-23 14:20 55,640 a------- c:\windows\system32\drivers\avgntflt.sys

==================== Find3M ====================

2009-04-12 00:31 360 a------- C:\drmHeader.bin
2009-04-02 06:21 84,480 a------- c:\windows\system32\ff_vfw.dll

============= FINISH: 7:38:52.46 ===============



Sorry this took so long, but it took over two hours for the Eset scan to finish. Let me know if I have left anything out.

Attached Files

•  Attach.zip   2.52K   37 downloads

[LaughingDog]

By the way - Avira, Spybot, AdAware, Winpatrol and Spywareblaster all run and update. There is nothing blocking them. Just FYI if it matters.

[AdvancedSetup]

The removal of c:\program files\Avira\AntiVir Desktop\avsda.dll may have been a false positive from Combofix. You can restore it.

Notice all the DCOM startup errors in your log. That could very well be the cause why MBAM is having issues. Please try the following tool and see if that corrects the issue.
Please disable all Security tools and disconnect from the Internet before running it. This includes Spybot (appears you have 2 versions installed, should maybe uninstall all and reinstall latest if you want it when we're done) Avira, WinPatrol, etc...


Please visit this link and download the tool from Microsoft and run it: How do I restore security settings to the default settings?




When completed reboot the computer and then follow these directions.


1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. http://www.malwareby.../mbam-clean.exe
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwareby.../mbam-setup.exe

Note: You will need to reactivate the program using the license you were sent

Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.

Restart the computer again and verify that MBAM is in the task tray

[LaughingDog]

Thanks again for responding...
The DCOM errors were from a failed external harddrive that has now been removed from the system. The AC adapter was bad. The drive has not been functional for a long while and has not had any files on it, so I don't believe it has contributed to the issue.
You are correct that there were two versions of Spybot. Both have been removed. I only used it as a hosts monitor anyways and Winpatrol does that as well.
I reset the security settings as per your instructions and removed-cleaned-reloaded MBAM. Same effect. If MBAM is installed, but not registered it will load on boot and give a code 2 error. If it is registered, as soon as protection is enabled it will give a code 1073 error. After reboot following code 1073 error the MBAM unexpected termination error displays. If you then try to enable protection again you receive the code 1073 error and the message that protection is already running.
By the way - I tried the remove/clean/reload several times using Ccleaner and Avira's registry cleaner in between and it had no effect. I also tried another r/c/r cycle after restoring the removed Mailguard component. Avira is once again fully functional, but MBAM refuses to run properly. What's next?
Also - what hours are you typically online? I am not always at the computer, but I will make myself available during your hours to cut down on lag time.

[AdvancedSetup]

I'm on at most hours, but many tasks I have to do.

1073 means the service already exists.

For now please do not try to use the Registered version until we can get to the bottom of this. I have to run off for a bit but should be back in a couple hours.

[LaughingDog]

Just one more data point - for what it's worth - when I get the MBAMService unexpected termination message it says to view the event log, but the termination does not show up in the event log. Scans will generate a log, but the failure to load does not. I am refraining from using the program as requested, but remembered this from a previous install.

[AdvancedSetup]

STEP 01
[indent]Click on START - RUN and type in SIGVERIF and click OK
This is a Microsoft File Signature Verification program that will check some file status for us.

• Click on the START button and let it run.
  
• It will popup a box when it's done to show the status, you can close that box.
  
• Close the File Signature Verification application.
  
• Find and attach the file C:\WINDOWS\SIGVERIF.TXT to your reply.
  
• DO NOT post the log directly into your reply, attach the file please.

[/indent]

STEP 02

Please create a BOOTLOG

• Delete the following file if it exists. C:\Windows\ntbtlog.txt
  
• Restart the computer and press F8 when Windows start booting. This will bring up the startup options.
  
• Select "Enable Boot Logging" option and press enter.
  
• Windows prompts you to select a Windows Installation (even if there is only one windows installation)
  
• This boots windows normally and creates a boot log named ntbtlog.txt and saves it to C:\Windows
   
  If you're already running inside Windows you can enable it the following way.
   
  
• Click on START - RUN and type in MSCONFIG go to the BOOT.INI tab and place a check mark by /BOOTLOG
  
• Click on OK and you will be prompted to RESTART Windows. Please do restart now.
  
• After Windows restarts open the file C:\Windows\ntbtlog.txt with Notepad
  
• From the Edit menu choose Select All then Edit, COPY and post that back on your next reply.
  
• NOTE: If the file is over about 150 lines or so then DELETE the C:\Windows\ntbtlog.txt file and restart the computer and post the NEW one it creates.
  
• NOTE: Vista users can type in the Search and it will show on the menu, then Right click and choose Run as Adminsitrator
  
• The tab is called BOOT on Vista. Then choose Boot log

STEP 03
Please try this scanner - if it won't run or crashes then try the one in STEP 04
Please download the following scanning tool. GMER
[indent]

• Download the randomly named EXE and copy the file to your Desktop. Remember what its name is.
  
• Double click on random named exe file and run it.
  
• It may take a minute to load and become available.
  
• Do not make any changes. Click on the SCAN button and DO NOT use the computer while it's scanning.
  
• Once the scan is done click on the SAVE button and browse to your Desktop and save the file as GMER.LOG
  
• Zip up the GMER.LOG file and save it as gmerlog.zip and attach it to your reply post.
  
• DO NOT directly post this log into a reply. You MUST attach it as a .ZIP file.
  
• Click OK and quit the GMER program.

How To Use Compressed (Zipped) Folders in Windows XP
Compress and uncompress files (zip files) in Vista
[/indent]

STEP 04
If the scanner in STEP 03 does not work then try this one.
RootRepeal - Rootkit Detector
[indent]

Close ALL applications and as many items in the task tray that will stop and exit.

• Please download the following tool: RootRepeal - Rootkit Detector
  
• Direct download link is here: RootRepeal.rar
  
• If you don't already have a program to open a .RAR compressed file you can download a trial version from here: WinRAR
  
• Extract the program file to a new folder such as C:\RootRepeal
  
• Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button
  
• Select ALL of the checkboxes and then click OK and it will start scanning your system.
  
• If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  
• When done, click on Save Report
  
• Save it to the same location where you ran it from, such as C:\RootRepeal
  
• Save it as your_name_rootrepeal.txt - where your_name is your forum name
  
• This makes it more easy to track who the log belongs to.
  
• Then open that log and select all and copy/paste it back on your next reply please.
  
• Quit the RootRepeal program.

[/indent]

[LaughingDog]

Thanks again for your help and your patience.
I have read your instructions and will be following them, but I have run into some issues on this end. It may be up to 48 hours before I can get back to the forum to post. Please don't see the lack of posting as lack of interest. I will post results as soon as I can.
Thanks.

[AdvancedSetup]

Okay, thank you for the follow-up post.

[LaughingDog]

Thanks again for your help and patience.
Let me describe what has happened recently and you can decide if you still want to help me.
Upon finding out I was having a "computer problem", my oldest decided that knowing how to mod games qualified him to troubleshoot software issues. While I was out, this is what was done (as far as I know):
Windows was updated - several updates were downloaded and installed.
Internet Explorer was updated from version 7 to version 8.
Sun Java was loaded so that a Kaspersky scan could be done.
The Kaspesky scanner was downloaded, but was stopped before the definitions file could be downloaded. (I stopped it.)
Also apparently several files of unknown content were removed from the system that were described as "leftover from games and stuff".
I am beginning to suspect that something he downloaded for one of his games may have something to do with whatever issue I am currently having.
There will be no further activity on this computer until the MBAM issue is resolved. I will be the only person using this computer until we are finished. I apologize for this and fully understand if you no longer wish to be involved. If you are still willing to help, here are the files as requested:

Bootlog:

Loaded driver \??\C:\WINDOWS\system32\drivers\rootrepeal.sys
Service Pack 2 6 13 2009 16:59:57.375
Loaded driver \WINDOWS\system32\ntkrnlpa.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\System32\DRIVERS\1394BUS.SYS
Loaded driver pciide.sys
Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver dmload.sys
Loaded driver dmio.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver sr.sys
Loaded driver PxHelp20.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver Mup.sys
Loaded driver \SystemRoot\System32\DRIVERS\SMBios.sys
Loaded driver \SystemRoot\System32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\System32\DRIVERS\nv4_mini.sys
Loaded driver \SystemRoot\System32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\System32\DRIVERS\e1e5132.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\System32\DRIVERS\nic1394.sys
Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys
Loaded driver \SystemRoot\System32\DRIVERS\parport.sys
Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\serial.sys
Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\System32\Drivers\UBHelper.SYS
Loaded driver \SystemRoot\System32\Drivers\Cdr4_xp.SYS
Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\System32\DRIVERS\NTIDrvr.sys
Loaded driver \SystemRoot\System32\Drivers\Cdralw2k.SYS
Loaded driver \SystemRoot\System32\Drivers\pwd_2k.SYS
Loaded driver \SystemRoot\System32\DRIVERS\intelsmb.sys
Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\System32\DRIVERS\psched.sys
Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\System32\DRIVERS\rdpdr.sys
Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\update.sys
Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\Drivers\dvd_2K.SYS
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\sthda.sys
Loaded driver \SystemRoot\system32\drivers\sfng32.sys
Did not load driver \SystemRoot\system32\drivers\sfng32.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Cdr4_xp.SYS
Loaded driver \SystemRoot\System32\Drivers\Cdralw2k.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\cdudf_xp.SYS
Loaded driver \SystemRoot\System32\Drivers\DVDVRRdr_xp.SYS
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\System32\Drivers\UDFReadr.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\ws2ifsl.sys
Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys
Loaded driver \SystemRoot\System32\DRIVERS\arp1394.sys
Did not load driver \SystemRoot\System32\DRIVERS\processr.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\Drivers\Cinemsup.SYS
Loaded driver \SystemRoot\System32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\avipbb.sys
Loaded driver \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\avgntflt.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndisuio.sys
Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS
Did not load driver \SystemRoot\system32\DRIVERS\avgntflt.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Loaded driver \??\C:\WINDOWS\System32\drivers\OsaFsLoc.sys
Loaded driver \??\C:\WINDOWS\System32\drivers\osaio.sys
Loaded driver \??\C:\WINDOWS\System32\drivers\SIODRV.SYS
Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS


Rootrepeal log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Time: 2009/06/13 16:39
Program Version: Version 1.3.0.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB5A6F000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBADD6000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB43EE000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\Prefetch\ROOTREPEAL.EXE-2E6822FD.pf
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xbaffb246

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xbaffb23c

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xbaffb24b

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xbaffb255

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xbaffb25a

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xbaffb228

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xbaffb22d

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xbaffb264

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xbaffb25f

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xbaffb250

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xbaffb237

==EOF==



I tried running the GMER twice. Both times it ran about 6 hours and then the system rebooted and there was no trace it had been running.
I had to zip the sigverif file since it was 728KB unzipped.

Thanks again and if the recent activity disqualifies me I understand. I know it certainly complicates things.

Attached Files

•  SIGVERIF.zip   30.5K   13 downloads

[AdvancedSetup]

No problem. We'll need to get a handle on what is currently installed, etc. The Sigverif file looked good for the most part.

STEP 01
Important!
[indent]All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.

I also need for you to download this program OTL.exe to your desktop.

[indent]

• Close all applications and windows so that you have nothing open and are at your Desktop
  
• Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.
  
• Place a checkmark in the "Scan All Users" checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)
  
• Click the Run Scan button
  
• NOTE: Please be patient and let the scan run without using the computer
  
• When the scan is complete, a text file (OTListIt.Txt) will open in Notepad (if not, it can be found on your Desktop)
  
• In Notepad, click Edit, Select all then Edit, Copy
  
• Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.
  
• Submit your reply and close the Notepad window with OTList.txt
  
• Also OTListIt's Extras.txt log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window
  
• In Notepad, click Edit, Select all then Edit, Copy
  
• Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.
  
• NOTE: If the files (OTListIt.txt, Extras.txt) do not appear in your taskbar, just open the files in notepad from your desktop.[/indent]

[/indent]
[indent]Please allow me time to analyze your post. If you don't see a reply from me after 48 hours, feel free to PM me.[/indent]

STEP 02
Click on START - RUN and copy/paste the contents of the code box below into the run box and hit OK

CMD /C DRIVERQUERY /FO TABLE /SI >C:\DriversSigned.txt

Click on START - RUN and copy/paste the contents of the code box below into the run box and hit OK

CMD /C driverquery.exe /FO TABLE /v>C:\DriversGeneral.txt

Then ATTACH the files C:\DriversSigned.txt and C:\DriversGeneral.txt to your next reply please.

STEP 03
This tool will list all the items in the Add/Remove along with the uninstall strings.
It will save a text file log in C:\AS_XYZ
Download addremove.exe
Please ATTACH the file DO NOT post it direclty into the post.

STEP 04
Please download Lop S&D
Double-click on Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt), typcially C:\lopR.txt

STEP 04

• Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
  
• Restart your computer (very important).
  
• Download and run this utility.
  
• It will ask to restart your computer (please allow it to).
  
• After the computer restarts, DOWNLOAD but DO NOT install the latest version from here
  Note: If you're using a PAID version of Malwareybtes, you will need to reactivate the program using the license you were sent via e-mail.

Alternate Installer:

• This is NOT for use by everyone and should ONLY be used by this user that appears to have a CLEAN system but is still having issues installing MBAM.
  
• It should only be run on English Windows XP 32 Bit.
  
• If it does work and you can now scan, then please do a Quick Scan. DO NOT check for updates as it will attempt to install the latest version which we don't want yet

[indent]Please download and run this alternative installer making sure you close all other applications as it will restart the computer when it's finished.
Download here: fixmbam.exe

Post back ALL logs and let me know if the Alternate Installer for MBAM was able to install and run.
[/indent]

[LaughingDog]

Once again - thanks for the help.
Success! I followed all the steps and got a clean, functional, registered version of MBAM. I have not updated it yet per your instructions. I ran the LoPSD twice since I had Avira running during the first scan. The most recent scan is attached. I am going to have to break this up into more than one post, but all the requested logfiles will be sent.

OTL logfile:

OTL logfile created on: 6/14/2009 3:31:33 AM - Run 3
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\not found\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 79.86% Memory free
3.85 Gb Paging File | 3.57 Gb Available in Paging File | 92.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 233.75 Gb Total Space | 75.05 Gb Free Space | 32.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERROR
Current User Name: not found
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/04/29 20:06:50 | 01,267,200 | ---- | M] (OSA Technologies Inc., An Avocent Company) -- C:\Program Files\Intel\IDU\iptray.exe
PRC - [2005/03/11 02:35:06 | 01,910,784 | ---- | M] (OSA Technologies Inc., An Avocent Company) -- C:\Program Files\Intel\IDU\awtray.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2006/06/23 16:17:06 | 06,647,808 | ---- | M] (Plextor SA/NV) -- C:\Program Files\Plextor\PlexTool.exe
PRC - [2009/05/11 10:15:50 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2005/04/26 17:02:56 | 00,622,700 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe
PRC - [2005/04/29 20:07:00 | 01,302,016 | ---- | M] (OSA Technologies, Inc.) -- C:\Program Files\Intel\IDU\IDUServ.exe
PRC - [2009/06/11 09:16:31 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/10/07 14:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/10/22 20:47:00 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2009/05/11 10:31:46 | 00,194,817 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2009/05/12 14:46:39 | 00,434,945 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2009/06/14 03:02:17 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\not found\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/05/11 10:31:46 | 00,194,817 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService [Auto | Running])
SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/05/11 10:15:50 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2009/05/12 14:46:39 | 00,434,945 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService [Auto | Running])
SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/04/26 17:02:56 | 00,622,700 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
SRV - [2006/10/20 22:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/04 00:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/10/30 04:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2005/04/29 20:07:00 | 01,302,016 | ---- | M] (OSA Technologies, Inc.) -- C:\Program Files\Intel\IDU\IDUServ.exe -- (iHCService [Auto | Running])
SRV - [2009/06/11 09:16:31 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/10/30 04:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/10/07 14:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2005/10/22 20:47:00 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/03/24 16:08:22 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2008/11/21 14:47:48 | 00,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2008/11/21 14:47:48 | 00,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2005/07/11 08:53:02 | 00,291,456 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [System | Running])
DRV - [2003/12/19 03:00:00 | 00,006,656 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup [System | Running])
DRV - [2005/07/11 08:43:16 | 00,141,184 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp [System | Running])
DRV - [2005/07/11 08:52:30 | 00,024,320 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K [On_Demand | Running])
DRV - [2005/09/14 18:24:08 | 00,179,200 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2004/08/12 17:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/09/20 09:22:37 | 00,009,344 | R--- | M] (Hewlett Packard) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK [On_Demand | Stopped])
DRV - [2005/10/21 19:58:52 | 00,049,920 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2005/10/21 19:58:58 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2005/10/28 10:01:28 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/07/11 08:38:34 | 00,023,808 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K [On_Demand | Stopped])
DRV - [2006/10/12 20:30:31 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
DRV - [2008/10/07 14:33:00 | 06,133,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2005/03/28 12:34:00 | 00,011,018 | R--- | M] (OSA Technologies) -- C:\WINDOWS\System32\drivers\OsaFsLoc.sys -- (OsaFsLoc [Auto | Running])
DRV - [2005/03/04 15:07:00 | 00,008,704 | R--- | M] (Avocent/OSA Technologies Inc.) -- C:\WINDOWS\System32\drivers\osaio.sys -- (osaio [Auto | Running])
DRV - [2003/03/31 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/07/11 08:26:42 | 00,117,760 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k [System | Running])
DRV - [2008/11/21 14:47:48 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2003/03/31 05:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/09/26 15:46:48 | 00,041,728 | ---- | M] (Sonic Focus, Inc) -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32 [On_Demand | Running])
DRV - [2006/10/12 20:28:50 | 00,007,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\SIODRV.SYS -- (SIODRV [Auto | Running])
DRV - [2003/11/03 15:09:00 | 00,036,484 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\SMBios.sys -- (SMBios [On_Demand | Running])
DRV - [2005/03/15 14:34:00 | 00,021,248 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\intelsmb.sys -- (smbusp [On_Demand | Running])
DRV - [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2009/05/11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [On_Demand | Stopped])
DRV - [2005/09/27 11:50:00 | 01,021,832 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2004/12/17 17:14:44 | 00,013,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper [System | Running])
DRV - [2005/07/11 08:39:38 | 00,202,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr [System | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1960408961-2000478354-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1960408961-2000478354-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1960408961-2000478354-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1960408961-2000478354-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
IE - HKU\S-1-5-21-1960408961-2000478354-682003330-1003\S-1-5-21-1960408961-2000478354-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [awTray.exe] "C:\Program Files\Intel\IDU\awtray.exe" (OSA Technologies Inc., An Avocent Company)
O4 - HKLM..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe" (OSA Technologies Inc., An Avocent Company)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot (BillP Studios)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PlexTools Professional.lnk = C:\Program Files\Plextor\PlexTool.exe (Plextor SA/NV)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-2000478354-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-2000478354-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1960408961-2000478354-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1960408961-2000478354-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1960408961-2000478354-682003330-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKLM\..Trusted Domains: 51 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1960408961-2000478354-682003330-1003\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1244751187843 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1244773962953 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - - File not found
O20 - Winlogon\Notify\Schedule: DllName - - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - - File not found
O20 - Winlogon\Notify\SensLogn: DllName - - File not found
O20 - Winlogon\Notify\termsrv: DllName - - File not found
O20 - Winlogon\Notify\wlballoon: DllName - - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/12 20:01:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/14 03:26:51 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2009/06/14 03:06:12 | 06,321,655 | ---- | C] () -- C:\Documents and Settings\not found\Desktop\fixmbam.exe
[2009/06/14 03:04:05 | 00,530,106 | ---- | C] () -- C:\Documents and Settings\not found\Desktop\LopSD.exe
[2009/06/14 03:03:43 | 00,244,796 | ---- | C] () -- C:\Documents and Settings\not found\Desktop\addremove.exe
[2009/06/14 03:02:16 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\not found\Desktop\OTL.exe
[2009/06/13 16:39:24 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\not found\Desktop\settings.dat
[2009/06/13 04:07:46 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/06/12 12:06:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\not found\Local Settings\temp
[2009/06/12 11:21:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/06/12 11:10:51 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/06/12 11:10:51 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/06/12 11:10:51 | 00,155,136 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/06/12 11:10:51 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/06/12 11:10:51 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/06/12 11:10:51 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/06/12 11:10:51 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/06/12 11:10:51 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/06/12 10:57:23 | 03,022,300 | R--- | C] () -- C:\Documents and Settings\not found\Desktop\ComboFix.exe
[2009/06/12 05:24:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/06/11 21:53:49 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/06/11 21:12:50 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/06/11 20:23:40 | 00,458,240 | ---- | C] ( ) -- C:\Documents and Settings\not found\Desktop\RootRepeal.exe
[2009/06/11 20:17:14 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\not found\Desktop\v5vxoqo8.exe
[2009/06/11 20:07:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/06/11 19:17:27 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/06/11 19:12:42 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctf.dll
[2009/06/11 15:12:14 | 00,473,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/06/11 15:12:14 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/06/11 15:12:14 | 00,283,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/06/11 15:12:14 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/06/11 15:12:14 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/06/11 15:12:14 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009/06/11 15:12:13 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/06/11 15:12:13 | 00,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/06/11 15:12:13 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/06/11 14:39:50 | 01,193,414 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/06/11 14:39:50 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/06/11 14:38:34 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/06/11 14:13:13 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/06/11 13:15:49 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2009/06/11 09:18:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/06/11 09:16:28 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/06/10 19:15:08 | 03,153,920 | ---- | C] () -- C:\secsetup.sdb
[2009/06/10 04:58:25 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/06/09 07:37:59 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/06/09 07:32:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\not found\Application Data\Avira
[2009/06/09 07:28:11 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/06/09 07:28:00 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/06/09 07:28:00 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/06/09 07:28:00 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/06/09 07:27:57 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/06/09 06:10:32 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/06/09 06:10:28 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/06/09 06:10:25 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/06/09 06:07:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/29 18:38:59 | 00,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll
[2009/05/29 18:38:59 | 00,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2009/05/29 16:06:15 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys
[2009/05/29 16:06:15 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2009/05/24 22:08:38 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/05/23 14:20:32 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/05/10 10:22:33 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/05/10 10:22:31 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/10 10:22:30 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/10 10:22:28 | 00,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/05/10 10:22:28 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/12/22 03:27:19 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/11/21 14:47:52 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/21 14:45:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/04/19 17:24:48 | 00,001,026 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2008/04/08 13:00:52 | 00,000,321 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/04/08 13:00:30 | 00,001,317 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2007/12/02 01:39:28 | 00,000,026 | ---- | C] () -- C:\WINDOWS\WAR2R.INI
[2007/10/06 13:55:19 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/25 00:20:40 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\WIN.INI
[2007/01/25 00:20:40 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\SYSTEM.INI
[2007/01/25 00:20:40 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2007/01/25 00:14:02 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/29 00:13:06 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/11/08 15:38:15 | 00,008,496 | ---- | C] () -- C:\WINDOWS\lviewpro.ini
[2006/10/12 20:34:09 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/10/12 20:34:09 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/10/12 20:34:09 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/10/12 20:34:09 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/10/12 20:34:09 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/10/12 20:34:09 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/10/12 20:30:31 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006/10/12 20:24:39 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/03/09 22:38:40 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/09 22:38:40 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/03/09 22:38:40 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/03/09 22:38:36 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/09 22:38:36 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/09 22:38:36 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/09/08 19:16:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/01 15:30:20 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/12/17 17:14:44 | 00,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2003/12/19 03:00:00 | 00,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/03/31 05:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/03/31 05:00:00 | 00,000,583 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/03/31 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1999/01/22 11:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/06/14 03:28:49 | 00,193,743 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/06/14 03:28:41 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/14 03:28:41 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\not found\Local Settings\desktop.ini
[2009/06/14 03:28:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/14 03:28:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/14 03:06:12 | 06,321,655 | ---- | M] () -- C:\Documents and Settings\not found\Desktop\fixmbam.exe
[2009/06/14 03:04:06 | 00,530,106 | ---- | M] () -- C:\Documents and Settings\not found\Desktop\LopSD.exe
[2009/06/14 03:03:43 | 00,244,796 | ---- | M] () -- C:\Documents and Settings\not found\Desktop\addremove.exe
[2009/06/14 03:02:17 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\not found\Desktop\OTL.exe
[2009/06/13 16:39:24 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\not found\Desktop\settings.dat
[2009/06/13 16:30:27 | 00,000,583 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/06/13 16:30:27 | 00,000,290 | RHS- | M] () -- C:\boot.ini
[2009/06/13 16:30:27 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/06/12 10:57:23 | 03,022,300 | R--- | M] () -- C:\Documents and Settings\not found\Desktop\ComboFix.exe
[2009/06/11 22:02:01 | 00,516,250 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/11 22:02:01 | 00,436,360 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/11 22:02:01 | 00,070,124 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/11 21:57:15 | 00,204,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/11 20:17:19 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\not found\Desktop\v5vxoqo8.exe
[2009/06/11 19:20:52 | 00,000,080 | -HS- | M] () -- C:\Documents and Settings\not found\My Documents\desktop.ini
[2009/06/11 09:49:25 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/06/10 19:15:09 | 03,153,920 | ---- | M] () -- C:\secsetup.sdb
[2009/06/10 02:05:26 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\not found\Desktop\CCleaner.lnk
[2009/06/09 07:28:12 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/06/08 08:10:10 | 00,155,136 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/06/01 09:51:14 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/31 17:39:43 | 00,458,240 | ---- | M] ( ) -- C:\Documents and Settings\not found\Desktop\RootRepeal.exe
[2009/05/28 00:44:58 | 00,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2009/05/24 22:08:38 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >



OTL Extras logfile:

OTL Extras logfile created on: 6/14/2009 3:31:33 AM - Run 3
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\not found\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 79.86% Memory free
3.85 Gb Paging File | 3.57 Gb Available in Paging File | 92.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 233.75 Gb Total Space | 75.05 Gb Free Space | 32.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERROR
Current User Name: not found
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = NetscapeMarkup] -- C:\Program Files\Netscape\Navigator\Program\netscape.exe (Netscape Communications Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- %windir%\system32\drivers\svchost.exe:*:Enabled:svchost

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{26792CA7-D87A-4DBE-896B-C2F66B344511}" = Sonic CinePlayer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{3872D54E-84A0-4C04-9BDB-684D01840CA6}" = Diskeeper Lite
"{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}" = Intel Audio Studio 2.0
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{410D4391-66A5-48E4-AD3A-D13E0648C425}" = PlexTools Professional V2.35
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{606E5C0D-6039-42A7-988E-9D51DE773AFF}" = hppFonts
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{747D1B34-A1FC-4EF3-A6AE-E86F39CEFDE5}" = Roxio Easy Media Creator 7 Basic DVD Edition
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A48E4951-D8E9-4FDF-82EF-46FB1C953F3E}" = Intel Audio Studio 2.0
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DE1FD294-CF2A-4936-92F4-B1B778371627}" = Intel® Desktop Utilities
"{E6C48B74-26ED-4EF8-A04C-42AFDE5E1CA3}" = Intel® PRO Network Connections
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"7-Zip" = 7-Zip 4.65
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Applian FLV Player2.0.24" = Applian FLV Player
"Avira AntiVir Desktop" = Avira AntiVir Premium
"CCleaner" = CCleaner (remove only)
"ESET Online Scanner" = ESET Online Scanner v3
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{DE1FD294-CF2A-4936-92F4-B1B778371627}" = Intel® Desktop Utilities
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.8.0 (Full)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"NetscapeNavigatorV3.01" = Netscape Navigator Gold
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"PlexUtil" = PlexUtilities 1.1.3
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"ST4UNST #1" = Visual Basic 4 Runtime Files
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinPatrol" = WinPatrol 2008
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/10/2009 8:43:20 AM | Computer Name = ERROR | Source = MBAMService | ID = 131073
Description =

Error - 6/10/2009 12:25:51 PM | Computer Name = ERROR | Source = MBAMService | ID = 131073
Description =

Error - 6/10/2009 1:57:07 PM | Computer Name = ERROR | Source = MBAMService | ID = 131073
Description =

Error - 6/10/2009 9:34:22 PM | Computer Name = ERROR | Source = MBAMService | ID = 131073
Description =

Error - 6/10/2009 9:41:48 PM | Computer Name = ERROR | Source = MBAMService | ID = 131073
Description =

Error - 6/10/2009 9:54:36 PM | Computer Name = ERROR | Source = MBAMService | ID = 131073
Description =

Error - 6/10/2009 10:50:51 PM | Computer Name = ERROR | Source = MBAMService | ID = 131073
Description =

Error - 6/11/2009 5:24:49 AM | Computer Name = ERROR | Source = MBAMService | ID = 131073
Description =

Error - 6/11/2009 12:49:51 PM | Computer Name = ERROR | Source = MBAMService | ID = 131073
Description =

Error - 6/11/2009 3:13:54 PM | Computer Name = ERROR | Source = MBAMService | ID = 131073
Description =

[ System Events ]
Error - 6/13/2009 7:28:31 PM | Computer Name = ERROR | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 6/13/2009 7:28:47 PM | Computer Name = ERROR | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 6/13/2009 8:00:48 PM | Computer Name = ERROR | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 6/13/2009 8:01:04 PM | Computer Name = ERROR | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 6/14/2009 5:06:11 AM | Computer Name = ERROR | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 6/14/2009 5:06:26 AM | Computer Name = ERROR | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 6/14/2009 6:15:40 AM | Computer Name = ERROR | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 6/14/2009 6:15:56 AM | Computer Name = ERROR | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 6/14/2009 6:29:09 AM | Computer Name = ERROR | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 6/14/2009 6:29:22 AM | Computer Name = ERROR | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd


< End of report >

Attached Files

•  DriversSigned.txt   9.06K   28 downloads
•  DriversGeneral.txt   35.27K   22 downloads

[LaughingDog]

Logfiles part 2:

LoPSD logfile:


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel® Pentium® D CPU 3.20GHz )
BIOS : Default System BIOS
USER : not found ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.30 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:233 Go (Free:75 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Sun 06/14/2009| 3:45 )

--------------------\\ Listing folders in APPLIC~1

[03/05/2009|09:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Adobe
[03/05/2009|09:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Macromedia
[06/10/2009|12:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[06/12/2009|11:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> WinPatrol

[05/24/2009|10:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[06/10/2009|03:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avira
[02/05/2009|12:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[09/19/2008|03:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[01/25/2007|12:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio
[06/10/2009|03:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[11/15/2007|10:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[10/12/2006|08:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[09/21/2008|03:37] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[09/23/2008|01:40] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> WinPatrol

[10/12/2006|08:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[05/24/2009|10:09] C:\DOCUME~1\NOTFOU~1\APPLIC~1\<DIR> Adobe
[07/19/2007|02:43] C:\DOCUME~1\NOTFOU~1\APPLIC~1\<DIR> AdobeUM
[06/09/2009|07:32] C:\DOCUME~1\NOTFOU~1\APPLIC~1\<DIR> Avira
[02/20/2009|05:37] C:\DOCUME~1\NOTFOU~1\APPLIC~1\<DIR> DivX
[12/06/2006|08:53] C:\DOCUME~1\NOTFOU~1\APPLIC~1\<DIR> Help
[10/12/2006|08:05] C:\DOCUME~1\NOTFOU~1\APPLIC~1\<DIR> Identities
[10/28/2006|09:37] C:\DOCUME~1\NOTFOU~1\APPLIC~1\<DIR> InterVideo
[01/25/2007|12:15] C:\DOCUME~1\NOTFOU~1\APPLIC~1\<DIR> Leadertech
[10/27/2006|12:13] C:\DOCUME~1\NOTFOU~1\APPLIC~1\<DIR> Macromedia
[09/01/2008|12:35] C:\DOCUME~1\NOTFOU~1\APPLIC~1\<DIR> Media Player Classic
[12/23/2007|11:05] C:\DOCUME~1\NOTFOU~1\APPLIC~1\<DIR> Microsoft
[10/06/2007|01:52] C:\DOCUME~1\NOTFOU~1\APPLIC~1\<DIR> Microsoft Web Folders
[01/19/2007|10:42] C:\DOCUME~1\NOTFOU~1\APPLIC~1\<DIR> ParetoLogic
[09/01/2008|08:17] C:\DOCUME~1\NOTFOU~1\APPLIC~1\<DIR> Roxio
[01/25/2007|12:16] C:\DOCUME~1\NOTFOU~1\APPLIC~1\<DIR> Sonic
[02/05/2007|10:52] C:\DOCUME~1\NOTFOU~1\APPLIC~1\<DIR> Sun
[10/25/2006|01:56] C:\DOCUME~1\NOTFOU~1\APPLIC~1\<DIR> WinPatrol
[05/25/2008|05:57] C:\DOCUME~1\NOTFOU~1\APPLIC~1\<DIR> WinRAR

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[06/14/2009 03:28 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[03/31/2003 05:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[03/27/2009|12:23] C:\Program Files\<DIR> 7-Zip
[05/25/2009|12:15] C:\Program Files\<DIR> Adobe
[03/28/2009|10:49] C:\Program Files\<DIR> Aria2
[06/11/2009|09:05] C:\Program Files\<DIR> Assorted
[06/09/2009|07:27] C:\Program Files\<DIR> Avira
[02/01/2009|01:00] C:\Program Files\<DIR> Bethesda Softworks
[10/25/2006|01:56] C:\Program Files\<DIR> BillP Studios
[01/01/2009|09:23] C:\Program Files\<DIR> CCleaner
[06/12/2009|12:00] C:\Program Files\<DIR> Common Files
[02/11/2009|12:40] C:\Program Files\<DIR> Dial-a-fix-v0.60.0.24
[05/10/2009|10:15] C:\Program Files\<DIR> DivX
[06/10/2009|04:58] C:\Program Files\<DIR> ESET
[10/12/2006|08:30] C:\Program Files\<DIR> Executive Software
[03/26/2008|01:30] C:\Program Files\<DIR> FLV Player
[02/11/2009|03:23] C:\Program Files\<DIR> gmer
[05/29/2009|04:17] C:\Program Files\<DIR> InstallShield Installation Information
[10/12/2006|08:29] C:\Program Files\<DIR> Intel
[10/12/2006|08:19] C:\Program Files\<DIR> Intel Audio Studio
[06/11/2009|07:20] C:\Program Files\<DIR> Internet Explorer
[12/20/2008|05:59] C:\Program Files\<DIR> InterVideo
[06/11/2009|09:16] C:\Program Files\<DIR> Java
[05/10/2009|10:44] C:\Program Files\<DIR> K-Lite Codec Pack
[06/10/2009|04:18] C:\Program Files\<DIR> Lavasoft
[10/06/2007|01:52] C:\Program Files\<DIR> microsoft frontpage
[10/06/2007|01:52] C:\Program Files\<DIR> Microsoft Office
[10/06/2007|01:54] C:\Program Files\<DIR> Microsoft Visual Studio
[11/15/2007|10:45] C:\Program Files\<DIR> Movie Maker
[01/31/2009|11:24] C:\Program Files\<DIR> MSBuild
[10/12/2006|07:58] C:\Program Files\<DIR> MSN Gaming Zone
[10/12/2006|08:16] C:\Program Files\<DIR> MSXML 4.0
[06/11/2009|09:53] C:\Program Files\<DIR> MSXML 6.0
[11/15/2007|10:43] C:\Program Files\<DIR> NetMeeting
[12/10/2008|10:27] C:\Program Files\<DIR> Netscape
[10/12/2006|08:30] C:\Program Files\<DIR> NewTech Infosystems
[11/15/2007|11:22] C:\Program Files\<DIR> Outlook Express
[12/20/2008|08:23] C:\Program Files\<DIR> Plextor
[01/31/2009|11:21] C:\Program Files\<DIR> Reference Assemblies
[03/26/2008|11:59] C:\Program Files\<DIR> Riva
[01/25/2007|12:07] C:\Program Files\<DIR> Roxio
[10/12/2006|08:18] C:\Program Files\<DIR> SigmaTel
[01/25/2007|12:13] C:\Program Files\<DIR> Sonic
[11/23/2007|12:25] C:\Program Files\<DIR> Trend Micro
[10/12/2006|08:05] C:\Program Files\<DIR> Uninstall Information
[11/15/2007|10:45] C:\Program Files\<DIR> Windows Media Player
[11/15/2007|10:43] C:\Program Files\<DIR> Windows NT
[10/12/2006|07:58] C:\Program Files\<DIR> WindowsUpdate
[05/25/2008|05:55] C:\Program Files\<DIR> WinRAR
[10/12/2006|08:01] C:\Program Files\<DIR> xerox

--------------------\\ Listing Folders in C:\Program Files\Common Files

[05/24/2009|10:08] C:\Program Files\Common Files\<DIR> Adobe
[10/06/2007|01:54] C:\Program Files\Common Files\<DIR> Designer
[05/10/2009|10:10] C:\Program Files\Common Files\<DIR> DivX Shared
[02/24/2007|01:56] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[10/12/2006|08:34] C:\Program Files\Common Files\<DIR> InstallShield
[06/12/2009|12:27] C:\Program Files\Common Files\<DIR> Microsoft Shared
[10/12/2006|07:59] C:\Program Files\Common Files\<DIR> MSSoap
[10/12/2006|08:30] C:\Program Files\Common Files\<DIR> NewTech Infosystems
[10/12/2006|12:53] C:\Program Files\Common Files\<DIR> ODBC
[01/25/2007|12:08] C:\Program Files\Common Files\<DIR> Roxio Shared
[10/12/2006|07:59] C:\Program Files\Common Files\<DIR> Services
[01/25/2007|12:13] C:\Program Files\Common Files\<DIR> Sonic Shared
[10/12/2006|12:53] C:\Program Files\Common Files\<DIR> SpeechEngines
[02/08/2007|06:01] C:\Program Files\Common Files\<DIR> SWF Studio
[11/15/2007|11:22] C:\Program Files\Common Files\<DIR> System

--------------------\\ Process

( 35 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 03:46:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:2][D:0]-> C:\DOCUME~1\NOTFOU~1\Cookies
[F:2][D:0]-> C:\DOCUME~1\NOTFOU~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sun 06/14/2009| 3:41 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Sun 06/14/2009| 3:46 - Option : [1]

--------------------\\ Scan completed at 3:46:31


MBAM logfile:

Malwarebytes' Anti-Malware 1.34
Database version: 1844
Windows 5.1.2600 Service Pack 2

6/14/2009 4:22:18 AM
mbam-log-2009-06-14 (04-22-18).txt

Scan type: Quick Scan
Objects scanned: 67270
Time elapsed: 2 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



So far everything looks good. I have rebooted a couple of times with no errors, but have not updated yet. Please let me know if there are fyrther steps I need to complete.

Thanks again.

Attached Files

•  AS_ADDREMOVE100.TXT   14.69K   30 downloads

[AdvancedSetup]

Okay, please DISABLE your Avira AV and download this Service Pack 3 for Windows and install it.

Windows XP Service Pack 3 Network Installation Package for IT Professionals and Developers

After Service Pack 3 is installed enable your Avira AV and go back to the Windows Update site and get all the Critical Updates. When that's done let me know please.

[AdvancedSetup]

Please post a status update on this.

Thanks.

[LaughingDog]

Sorry - I got sidetracked with work today. I will do the update in the next hour or so and will post results.