Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Backdoor / Downloader.cracks

Started by EQ!!! , Oct 21 2010 10:33 AM

  • This topic is locked This topic is locked

#16
ali.B
Posted 01 November 2010 - 02:41 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Open OTL again, under the customs scans/fixes box paste the following:

C:\Windows\Temp\*.*


then click the Quick scan button.

post the log it produces.
  • 0

Advertisements

#17
EQ!!!
Posted 01 November 2010 - 04:49 PM

EQ!!!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL log (and extras log):

OTL logfile created on: 11/1/2010 5:24:44 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 4069 4069 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 58.67 Gb Free Space | 78.72% Space Free | Partition Type: NTFS

Computer Name: SLOCKHART | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/01 17:22:14 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/11 12:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/10/06 17:24:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/06 17:24:36 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/06 17:24:08 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/06 17:24:08 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/07 03:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/15 16:55:26 | 000,335,872 | ---- | M] (Trend Micro Inc.) -- C:\OfficeScan NT\PccNTMon.exe
PRC - [2005/03/15 16:53:10 | 000,229,456 | ---- | M] (Trend Micro Inc.) -- C:\OfficeScan NT\OfcPfwSvc.exe
PRC - [2005/03/15 16:46:20 | 000,487,424 | ---- | M] (Trend Micro Inc.) -- C:\OfficeScan NT\ntrtscan.exe
PRC - [2005/03/15 16:46:10 | 000,589,912 | ---- | M] (Trend Micro Inc.) -- C:\OfficeScan NT\tmlisten.exe
PRC - [2003/04/30 10:04:00 | 000,331,776 | ---- | M] (Cyber Power System Inc.) -- C:\PowerPanel\upssrv.exe
PRC - [2003/04/30 10:04:00 | 000,114,688 | ---- | M] (Cyber Power System Inc.) -- C:\PowerPanel\upsio.exe


========== Modules (SafeList) ==========

MOD - [2010/11/01 17:22:14 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2005/03/15 16:53:10 | 000,229,456 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\OfficeScan NT\OfcPfwSvc.exe -- (OfcPfwSvc)
SRV - [2005/03/15 16:46:20 | 000,487,424 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\OfficeScan NT\ntrtscan.exe -- (ntrtscan)
SRV - [2005/03/15 16:46:10 | 000,589,912 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\OfficeScan NT\tmlisten.exe -- (tmlisten)
SRV - [2003/04/30 10:04:00 | 000,331,776 | ---- | M] (Cyber Power System Inc.) [Auto | Running] -- C:\PowerPanel\upssrv.exe -- (CyberPowerUPS)


========== Driver Services (SafeList) ==========

DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 13:40:25 | 000,027,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2007/06/28 23:43:00 | 006,807,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/11/09 20:34:34 | 000,190,480 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\OfficeScan NT\tmxpflt.sys -- (TmFilter)
DRV - [2005/11/09 20:34:32 | 000,031,248 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\OfficeScan NT\tmpreflt.sys -- (TmPreFilter)
DRV - [2005/11/09 20:07:30 | 001,022,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\OfficeScan NT\vsapint.sys -- (VSApiNt)
DRV - [2004/01/10 02:17:02 | 000,601,100 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/12/12 02:54:14 | 000,391,424 | R--- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/10/14 15:10:00 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel ®
DRV - [2003/03/06 14:48:08 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [1999/03/08 07:15:00 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/06/05 18:59:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/10/25 08:27:44 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/07/25 22:41:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\OfficeScan NT\pccntmon.exe (Trend Micro Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O15 - HKLM\..Trusted Domains: travelers.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: travelers.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: travelerspc.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: travelerspc.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: kaspersky.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sagitta-online.com ([wp3] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sagitta-online.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: thehartford.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: travelers.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: travelers.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: travelerspc.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: travelerspc.com ([]https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://aiu.webex.co...ort/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/16 06:02:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/01 17:22:00 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/29 18:58:59 | 082,131,600 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\SETUP_9.0.0.722_30.10.2010_02-06.EXE
[2010/10/29 00:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/28 11:20:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/27 21:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\JavaRa
[2010/10/27 11:47:20 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010/10/13 21:53:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2010/10/13 21:52:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/13 21:52:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/10/13 21:50:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/13 21:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2010/10/13 21:37:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/07 20:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/01 17:22:14 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/11/01 10:53:28 | 098,152,969 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/11/01 10:48:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/01 10:46:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/01 10:46:16 | 2129,444,864 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/31 20:39:45 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SystemLook.exe
[2010/10/29 18:59:04 | 082,131,600 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\SETUP_9.0.0.722_30.10.2010_02-06.EXE
[2010/10/29 18:52:49 | 000,013,776 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Save these instructions so you can have access to them while in Safe Mode.docx
[2010/10/29 18:51:56 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2007.lnk
[2010/10/29 11:08:33 | 000,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/28 11:02:12 | 000,012,720 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GeeksToGo - ESET Online Scanner instructions.docx
[2010/10/27 21:52:20 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\JavaRa.zip
[2010/10/27 17:24:33 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2007.lnk
[2010/10/27 13:43:50 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MARKETS.xls
[2010/10/27 12:01:13 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/27 11:55:45 | 000,027,447 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GeeksToGo - Malware Bites.docx
[2010/10/27 11:47:28 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010/10/27 11:43:12 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/10/26 18:32:45 | 000,275,968 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Expiration List.xls
[2010/10/26 12:23:54 | 000,097,686 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Disable.docx
[2010/10/26 12:08:18 | 003,886,890 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFixCALEUOWT.exe
[2010/10/25 11:02:15 | 000,035,614 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Trojan Backdoor GeeksToGo fix.docx
[2010/10/14 11:33:29 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/13 23:59:41 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/12 12:17:19 | 000,188,864 | ---- | M] () -- C:\WINDOWS\hpwins22.dat
[2010/10/07 20:14:56 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/05 14:59:18 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\P & S.xls
[2010/10/04 16:23:00 | 000,009,222 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Stem Innov. Prem.xlsx
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/01 10:53:28 | 098,152,969 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/10/31 20:39:44 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SystemLook.exe
[2010/10/29 22:46:19 | 2129,444,864 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/29 18:52:49 | 000,013,776 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Save these instructions so you can have access to them while in Safe Mode.docx
[2010/10/28 11:02:12 | 000,012,720 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GeeksToGo - ESET Online Scanner instructions.docx
[2010/10/27 21:52:19 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\JavaRa.zip
[2010/10/27 11:55:44 | 000,027,447 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GeeksToGo - Malware Bites.docx
[2010/10/26 12:19:03 | 000,097,686 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Disable.docx
[2010/10/26 12:08:08 | 003,886,890 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFixCALEUOWT.exe
[2010/10/25 11:02:14 | 000,035,614 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Trojan Backdoor GeeksToGo fix.docx
[2010/10/13 21:51:51 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/10/12 12:07:54 | 000,188,864 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
[2010/10/12 12:07:54 | 000,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat
[2010/10/12 11:41:26 | 000,011,667 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Hold Harmless.pdf
[2010/10/12 11:00:33 | 000,002,515 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2007.lnk
[2010/10/07 20:14:56 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/04 15:34:11 | 000,009,222 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Stem Innov. Prem.xlsx
[2010/10/04 15:31:51 | 000,002,473 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2007.lnk
[2010/08/25 16:21:54 | 000,000,097 | ---- | C] () -- C:\WINDOWS\PRORATA.INI
[2010/07/30 16:18:28 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/31 13:08:42 | 000,000,892 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2008/06/18 12:38:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/06/18 10:16:26 | 000,000,608 | ---- | C] () -- C:\WINDOWS\KM4030NS.INI
[2008/06/17 16:53:19 | 000,000,147 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/07/28 12:30:09 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/07/28 12:30:07 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/07/28 12:30:07 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/06/28 23:43:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/28 23:43:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/06/28 23:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/28 23:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/28 23:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/05/07 10:01:15 | 000,002,727 | ---- | C] () -- C:\WINDOWS\nsflist.ini
[2007/04/23 15:40:29 | 000,000,412 | ---- | C] () -- C:\WINDOWS\AddrEdit.ini
[2007/04/23 15:26:28 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007/04/23 15:26:28 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007/04/23 15:26:19 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007/04/23 15:26:18 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007/04/23 15:26:15 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2006/11/30 10:36:51 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2006/05/19 10:21:13 | 000,006,009 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/05/19 10:21:13 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/02/13 18:41:36 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/02/13 18:24:35 | 000,037,497 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/02/13 15:54:23 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2006/01/05 12:21:00 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2005/12/27 13:55:30 | 000,001,623 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2005/02/22 17:13:11 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2005/02/22 17:09:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Trm.dll
[2005/02/22 17:05:08 | 000,000,091 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2005/02/22 17:04:03 | 000,147,506 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2005/02/22 17:04:03 | 000,050,364 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2005/02/22 16:14:57 | 000,003,772 | ---- | C] () -- C:\WINDOWS\SFS.INI
[2005/02/22 15:55:14 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nscatch.ini
[2005/02/22 15:34:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/02/22 15:13:00 | 000,000,623 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/22 15:04:56 | 000,007,234 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2005/02/17 01:14:44 | 000,004,488 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/02/16 06:12:27 | 000,155,648 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/02/16 06:11:42 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/08/04 07:00:00 | 000,027,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\fdc.sys
[2001/10/19 13:24:06 | 000,056,202 | ---- | C] () -- C:\WINDOWS\OFCSCAN.INI
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/03/09 19:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1998/01/13 07:52:30 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[1997/11/13 19:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1997/02/01 19:23:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\loss613.ini
[1997/02/01 19:23:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\loss09.ini
[1996/07/08 19:23:00 | 000,000,038 | ---- | C] () -- C:\WINDOWS\loidp13.ini
[1994/07/24 19:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/06 19:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini

========== LOP Check ==========

[2010/10/13 21:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2009/03/11 18:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FM Global
[2007/01/22 16:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICAClient
[2010/01/31 13:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Image Zone Express
[2006/02/13 15:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\pdf995
[2010/10/21 10:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/10/13 21:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/13 21:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/09/13 14:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2010/10/13 21:52:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/13 21:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

========== Purity Check ==========



========== Custom Scans ==========


< C:\Windows\Temp\*.* >
[2010/11/01 12:27:03 | 000,003,692 | ---- | M] () -- C:\WINDOWS\temp\hppldcoi.log
[2010/11/01 17:22:23 | 000,805,273 | ---- | M] () -- C:\WINDOWS\temp\hpqddsvc.log
[2010/10/27 11:35:10 | 000,001,381 | ---- | M] () -- C:\WINDOWS\temp\HPSLPdSVC000.log
[2010/10/27 14:21:44 | 000,001,381 | ---- | M] () -- C:\WINDOWS\temp\HPSLPdSVC001.log
[2010/10/27 17:39:09 | 000,000,919 | ---- | M] () -- C:\WINDOWS\temp\HPSLPdSVC002.log
[2010/10/27 17:39:43 | 000,001,381 | ---- | M] () -- C:\WINDOWS\temp\HPSLPdSVC003.log
[2010/10/28 10:50:21 | 000,001,381 | ---- | M] () -- C:\WINDOWS\temp\HPSLPdSVC004.log
[2010/10/29 09:38:55 | 000,001,380 | ---- | M] () -- C:\WINDOWS\temp\HPSLPdSVC005.log
[2010/10/29 11:10:18 | 000,001,381 | ---- | M] () -- C:\WINDOWS\temp\HPSLPdSVC006.log
[2010/10/29 22:48:22 | 000,001,381 | ---- | M] () -- C:\WINDOWS\temp\HPSLPdSVC007.log
[2010/10/30 11:15:35 | 000,001,381 | ---- | M] () -- C:\WINDOWS\temp\HPSLPdSVC008.log
[2010/10/30 11:15:36 | 000,000,951 | ---- | M] () -- C:\WINDOWS\temp\HPSLPdSVC009.log
[2010/11/01 12:27:07 | 000,001,381 | ---- | M] () -- C:\WINDOWS\temp\HPSLPdSVC010.log
[2010/10/27 11:33:48 | 000,003,011 | ---- | M] () -- C:\WINDOWS\temp\HPSLPSVC0000.log
[2010/10/27 14:19:44 | 000,004,160 | ---- | M] () -- C:\WINDOWS\temp\HPSLPSVC0001.log
[2010/10/28 10:48:54 | 000,003,140 | ---- | M] () -- C:\WINDOWS\temp\HPSLPSVC0002.log
[2010/10/29 09:37:32 | 000,003,011 | ---- | M] () -- C:\WINDOWS\temp\HPSLPSVC0003.log
[2010/10/29 11:08:58 | 000,003,011 | ---- | M] () -- C:\WINDOWS\temp\HPSLPSVC0004.log
[2010/10/29 22:46:45 | 000,003,011 | ---- | M] () -- C:\WINDOWS\temp\HPSLPSVC0005.log
[2010/10/30 11:14:26 | 000,003,011 | ---- | M] () -- C:\WINDOWS\temp\HPSLPSVC0006.log
[2010/11/01 10:46:43 | 000,002,737 | ---- | M] () -- C:\WINDOWS\temp\HPSLPSVC0007.log
[2010/10/26 11:46:23 | 000,003,141 | ---- | M] () -- C:\WINDOWS\temp\HPSLPSVC0099.log
[2010/11/01 10:46:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\temp\Perflib_Perfdata_7d8.dat
[2010/11/01 10:48:10 | 000,000,483 | ---- | M] () -- C:\WINDOWS\temp\WGAErrLog.txt

< End of report >

OTL Extras logfile created on: 11/1/2010 5:24:44 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 4069 4069 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 58.67 Gb Free Space | 78.72% Space Free | Partition Type: NTFS

Computer Name: SLOCKHART | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0323CB96-221A-4042-84A3-93EDE47099FC}" = AVG 2011
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{113EECD6-9A04-11D4-811D-00805F923B86}" = Lotus NotesSQL 3.01 driver
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{1A258E63-8DF5-4ADB-9832-38A0121D65EB}" = AVG 2011
"{1A49557E-F715-4D1E-9A95-F2B521E61EFC}" = Best's Key Rating Guide - P/C, US & Canada, Version 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 17
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{536D6172-7453-7569-7465-392E38300409}" = Lotus SmartSuite - English
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{624E7452-BA43-4f55-B9D5-FC75EEA0808B}" = Officejet Pro 8500 A909 Series
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{68E1BAC6-F79F-43C4-AF03-A89F53F748D3}" = Microsoft XML Parser
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CA61E2D8-A0FF-4dc9-926E-BABA6FEDAEE3}" = 8500A909n
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{D48AD533-BAD5-469B-A9AA-272C6D80E70B}" = MPM
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG" = AVG 2011
"Belarc Advisor 2.0" = Belarc Advisor 6.1
"Cisco Connect" = Cisco Connect
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"CyberPower PowerPanel" = PowerPanel
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FACSys Desktop Client" = FACSys Desktop Client
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"IDCardGenerate" = IDCardGenerate
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeScanNT" = Trend Micro OfficeScan Client
"Pdf995" = Pdf995
"PROSet" = Intel® PRO Network Adapters and Drivers
"Sundial PC TimeClock Lite" = Sundial PC TimeClock Lite
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/2/2010 2:10:08 PM | Computer Name = SLOCKHART | Source = Microsoft Office 12 | ID = 5000
Description = EventType office12setup, P1 {90120000-0030-0000-0000-0000000ff1ce},
P2 12.0.4518.1014, P3 publishproduct, P4 1603, P5 0x1712, P6 error 1712.one or
more of the files required to restore your computer to its previous state could
not be found. , P7 x, P8 NIL, P9 NIL, P10 NIL.

Error - 9/4/2010 11:49:40 AM | Computer Name = SLOCKHART | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17080, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/4/2010 11:49:44 AM | Computer Name = SLOCKHART | Source = Application Hang | ID = 1001
Description = Fault bucket 1987266601.

Error - 9/24/2010 4:50:16 PM | Computer Name = SLOCKHART | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17080, faulting
module mshtml.dll, version 7.0.6000.17080, fault address 0x0017cd90.

Error - 9/25/2010 4:34:58 PM | Computer Name = SLOCKHART | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17080, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/25/2010 4:35:01 PM | Computer Name = SLOCKHART | Source = Application Hang | ID = 1001
Description = Fault bucket 1987266601.

Error - 10/17/2010 2:49:18 PM | Computer Name = SLOCKHART | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 10/19/2010 11:30:42 AM | Computer Name = SLOCKHART | Source = Application Error | ID = 1000
Description = Faulting application YCE3F7.EXE, version 0.0.0.0, faulting module
YCE3F7.EXE, version 0.0.0.0, fault address 0x0000dc84.

Error - 10/19/2010 11:37:44 AM | Computer Name = SLOCKHART | Source = Application Error | ID = 1000
Description = Faulting application HO2018.EXE, version 0.0.0.0, faulting module
HO2018.EXE, version 0.0.0.0, fault address 0x0000dc84.

Error - 10/19/2010 11:42:27 AM | Computer Name = SLOCKHART | Source = Application Error | ID = 1001
Description = Fault bucket 2069566999.

[ System Events ]
Error - 10/29/2010 8:05:24 PM | Computer Name = SLOCKHART | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 10/29/2010 8:07:11 PM | Computer Name = SLOCKHART | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 10/29/2010 11:34:51 PM | Computer Name = SLOCKHART | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/29/2010 11:34:53 PM | Computer Name = SLOCKHART | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/29/2010 11:34:54 PM | Computer Name = SLOCKHART | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/29/2010 11:43:43 PM | Computer Name = SLOCKHART | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/29/2010 11:45:01 PM | Computer Name = SLOCKHART | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 10/29/2010 11:45:01 PM | Computer Name = SLOCKHART | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 10/29/2010 11:45:08 PM | Computer Name = SLOCKHART | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 10/29/2010 11:45:21 PM | Computer Name = SLOCKHART | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >
  • 0

#18
ali.B
Posted 01 November 2010 - 11:19 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Download Dr.Web CureIt to the desktop.
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.
  • 0

#19
EQ!!!
Posted 04 November 2010 - 10:56 PM

EQ!!!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here is the Dr. Web CureIt log:

ComboFixCALEUOWT.exe\32788R22FWJFW\Create.cmd;C:\Documents and Settings\Administrator\Desktop\ComboFixCALEUOWT.exe;Probably BATCH.Virus;;
ComboFixCALEUOWT.exe;C:\Documents and Settings\Administrator\Desktop;Archive contains infected objects;Moved.;
ltibsn10.ocx;C:\lotus\compnent;Trojan.Fakealert.12583;Deleted.;
A0001281.exe\32788R22FWJFW\Create.cmd;C:\System Volume Information\_restore{E31A0210-2621-47DA-8584-7559788C0581}\RP4\A0001281.exe;Probably BATCH.Virus;;
A0001281.exe;C:\System Volume Information\_restore{E31A0210-2621-47DA-8584-7559788C0581}\RP4;Archive contains infected objects;Moved.;
A0001282.ocx;C:\System Volume Information\_restore{E31A0210-2621-47DA-8584-7559788C0581}\RP4;Trojan.Fakealert.12583;Deleted.;


Which scan do you want me to run with OTL?
  • 0

#20
ali.B
Posted 05 November 2010 - 05:05 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

do you still get those warning on startup ? if so please can you upload a screenshot of it.
  • 0

#21
EQ!!!
Posted 05 November 2010 - 09:46 PM

EQ!!!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Yes, still getting it.
I saved a printscreen to a Word doc on my desktop, but can't get it to upload ("Error No file was selected for upload"). It won't copy/paste either.
  • 0

#22
ali.B
Posted 06 November 2010 - 02:20 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

could you try uploading it to a site? for example http://uploading.com/
  • 0

#23
EQ!!!
Posted 06 November 2010 - 09:53 AM

EQ!!!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I uploaded it to Uploading.com. Here's the link (I'm not sure how this works...?)

http://uploading.com...Screen.docx,3.0 MB,,Nov 6, 2010
  • 0

#24
ali.B
Posted 08 November 2010 - 01:52 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

does the warning always display the same file name or it is changing?
  • 0

#25
EQ!!!
Posted 08 November 2010 - 03:30 PM

EQ!!!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
It's always an .EXE file extension and always found in the C:\Windows\Temp folder, but the file name changes every time.
  • 0

Advertisements

#26
ali.B
Posted 11 November 2010 - 02:08 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Go to http://www.avg.com/w.../download-tools , downoad AVG remover to help you completely remove AVG.

then go again to http://free.avg.com/...asic-protection and download a new copy of AVG and reinstall it.

let me know if you still get warnings.
  • 0

#27
ali.B
Posted 15 November 2010 - 03:54 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#28
ali.B
Posted 23 November 2010 - 10:56 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
topic reopened per user request
  • 0

#29
EQ!!!
Posted 23 November 2010 - 11:33 AM

EQ!!!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I removed and re-installed AVG, but I'm still getting the same warning every time it boots.
Do you think it is a "fake" warning, since the scans never seem to find anything?
  • 0

#30
ali.B
Posted 24 November 2010 - 12:10 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
i highly doubt you have anything on your system , it's clean.

i could recommend you to use the free version of Avira instead of AVG.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP